lint: treat unsafe binders in improper_ctypes instead of ICE

this replaces an ICE in improper_ctypes with a proper diagnostic and ensures
consistent handling of unsafe binders in FFI contexts.

  updated the diagnostic to display the full unsafe<a> &a() type
  added a fluent error message for this case
  adjusted UI test output for consistency

Author: SATVIKsynopsis

compiler/rustc_lint/messages.ftl

@@ -360,7 +360,6 @@ lint_implicit_unsafe_autorefs = implicit autoref creates a reference to the dere
 lint_improper_ctypes = `extern` {$desc} uses type `{$ty}`, which is not FFI-safe
     .label = not FFI-safe
     .note = the type is defined here
-
 lint_improper_ctypes_array_help = consider passing a pointer to the array
 
 lint_improper_ctypes_array_reason = passing raw arrays by value is not FFI-safe
@@ -416,6 +415,8 @@ lint_improper_ctypes_union_layout_help = consider adding a `#[repr(C)]` or `#[re
 lint_improper_ctypes_union_layout_reason = this union has unspecified layout
 lint_improper_ctypes_union_non_exhaustive = this union is non-exhaustive
 
+lint_improper_ctypes_unsafe_binder = unsafe binders are incompatible with foreign function interfaces
+
 lint_int_to_ptr_transmutes = transmuting an integer to a pointer creates a pointer without provenance
     .note = this is dangerous because dereferencing the resulting pointer is undefined behavior
     .note_exposed_provenance = exposed provenance semantics can be used to create a pointer based on some previously exposed provenance

compiler/rustc_lint/src/types/improper_ctypes.rs

@@ -669,7 +669,9 @@ impl<'a, 'tcx> ImproperCTypesVisitor<'a, 'tcx> {
                 FfiSafe
             }
 
-            ty::UnsafeBinder(_) => todo!("FIXME(unsafe_binder)"),
+            ty::UnsafeBinder(_binder) => {
+                FfiUnsafe { ty, reason: fluent::lint_improper_ctypes_unsafe_binder, help: None }
+            }
 
             ty::Param(..)
             | ty::Alias(ty::Projection | ty::Inherent | ty::Free, ..)
@@ -1016,7 +1018,6 @@ impl<'tcx> LateLintPass<'tcx> for ImproperCTypesLint {
             | hir::ItemKind::ExternCrate(..) => {}
         }
     }
-
     fn check_field_def(&mut self, cx: &LateContext<'tcx>, field: &'tcx hir::FieldDef<'tcx>) {
         self.check_type_for_external_abi_fnptr(
             cx,

tests/ui/lint/improper-ctypes/unsafe-binder-basic.rs

@@ -0,0 +1,10 @@
+#![feature(unsafe_binders)]
+#![expect(incomplete_features)]
+#![deny(improper_ctypes)]
+
+extern "C" {
+    fn exit_2(x: unsafe<'a> &'a ());
+    //~^ ERROR `extern` block uses type `unsafe<'a> &'a ()`, which is not FFI-safe
+}
+
+fn main() {}

tests/ui/lint/improper-ctypes/unsafe-binder-basic.stderr

@@ -0,0 +1,15 @@
+error: `extern` block uses type `unsafe<'a> &'a ()`, which is not FFI-safe
+  --> $DIR/unsafe-binder-basic.rs:6:18
+   |
+LL |     fn exit_2(x: unsafe<'a> &'a ());
+   |                  ^^^^^^^^^^^^^^^^^ not FFI-safe
+   |
+   = note: unsafe binders are incompatible with foreign function interfaces
+note: the lint level is defined here
+  --> $DIR/unsafe-binder-basic.rs:3:9
+   |
+LL | #![deny(improper_ctypes)]
+   |         ^^^^^^^^^^^^^^^
+
+error: aborting due to 1 previous error
+