@bors try

⌛ Trying commit d5ebeac with merge 44f3504...

☀️ Try build successful - checks-actions
Build commit: 44f3504 (44f3504e96c944ae54fc72b5f5008f53f7eda001)

@craterbot check

👌 Experiment pr-136776 created and queued.
🤖 Automatically detected try build 44f3504
🔍 You can check out the queue and this experiment's details.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

🚧 Experiment pr-136776 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

🎉 Experiment pr-136776 is completed!
📊 169 regressed and 4 fixed (580506 total)
📰 Open the full report.

⚠️ If you notice any spurious failure please add them to the denylist!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

Most of these are on github; in terms of crates.io regressions all we have is:

• may
• a bunch of crates using metrics, see e.g. this (for metrics-0.23) or this (for metrics-0.24, the latest version)

Overall, 142 regressions are caused by metrics and 14 by may; if we ca get fixed versions of those crates out that seems to mostly cover it.

EDIT: Ah, there's also cogo.

We discussed this in the lang triage call today. We wanted to think more about it, so we're leaving it nominated to discuss again.

@BoxyUwU Do you think it would be possible to implement this as an FCW? We talked about this in lang triage today and would prefer to start with that if we can. If it's not feasible, a hard error can also work (I would say though that we should upstream PRs to any crates we break).

Another small thing I noticed is that the error message links to the Nomicon section on variance, but it would be ideal to link to a tracking issue or something describing this issue in particular.

To add on to what tmandry, said, in our discussions we did feel that the approach taken in this PR is generally the right way forward, and we're happy to see this progress so as to help clear the way for arbitrary_self_types and derive_coerce_pointee.

cc @rust-lang/lang

@tmandry I do expect it to be possible to FCW this. We can likely do something hacky around to fully emulate the fix (but as a lint), but if that doesn't work out all the regression we found were relatively "simple" cases that can probably be taken advantage of (if need be) to lint a subset of the actual cases we'd break with this PR

edit: see compiler-errors' comment, I'm not so convinced this will be possible to FCW anymore and will likely investigate improving the diagnostics here. I've already filed PRs to the affected crates to migrate them over to a transmute to avoid the breakage if this lands

I was thinking earlier that it may be possible to implement a lint to detect, but it seems to me that MIR borrowck is not equipped to implement such a lint.

Specifically, it seems near impossible to answer whether a region outlives constraint (like, 'a: 'b) would not hold in a way that doesn't actually commit to that constraint, at least not without tons of false positives based on how NLL computes lower bounds for all of the regions it deals with in the MIR.

To fix this would require some significant engineering effort to refactor how NLL processes its region graph to make it easier to clone and reprocess with new constraints.

I've pushed a first attempt at some special cased diagnostics for this breakage, it links to #141402 which could probably do with some work.

Oh another update: the metrics crate which was responsible for the vast majority of regressions has been fixed and had the fix backported to older versions too. I think may was also fixed in a non-major release. So both may and metrics users broken by this should be able to cargo update to be unbroken

☔ The latest upstream changes (presumably #143036) made this pull request unmergeable. Please resolve the merge conflicts.

It seems to me that all of the things requested in #136776 (comment) have been added.

@rustbot labels +I-lang-nominated -I-lang-radar

We talked about this in the lang meeting today. Let's do it.

Note that we'll want a Reference PR for this.

This is a dual FCP with types.

@rfcbot fcp merge

Team member @traviscross has proposed to merge this. The next step is review by the rest of the tagged team members:

• @BoxyUwU
• @compiler-errors
• @jackh726
• @joshtriplett
• @lcnr
• @nikomatsakis
• @oli-obk
• @scottmcm
• @spastorino
• @tmandry
• @traviscross

Concerns:

• can we do a FCW ([WIP] Forbid object lifetime changing pointer casts #136776 (comment))
• needs FCP proposal ([WIP] Forbid object lifetime changing pointer casts #136776 (comment))

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

cc @rust-lang/lang-advisors: FCP proposed for lang, please feel free to register concerns.
See this document for info about what commands tagged team members can give me.

cc @ehuss

@rfcbot reviewed

@rfcbot concern needs FCP proposal

want to actually write up something for the types folks first before they have to look at this

Note that we'll want a Reference PR for this.

I will not have time to make such a PR myself and am not particularly interested in writing one either. it seems like the existing state of the reference does not really talk whatsoever about the restrictions on pointer casts let alone about subtle details of region constraints arising from each MIR operation.

I am surprised that this PR would require a reference PR when previous PRs in this area did not, e.g. disallowing casting *const dyn Trait to *const dyn Trait + Send (#136764) did not have a reference PR despite being much less "nuances of borrow checking".

If documentation is required to land this, then I am happy to write it.

@rfcbot concern can we do a FCW

I want to take a second look at whether a FCW would be possible

If documentation is required to land this, then I am happy to write it.

Thanks for that.

I am surprised that this PR would require a reference PR when previous PRs in this area did not, e.g. disallowing casting *const dyn Trait to *const dyn Trait + Send (#136764) did not have a reference PR despite being much less "nuances of borrow checking".

The relevant change for that went in ahead of the PR, in rust-lang/reference#1622.

• Both the same trait object metadata, modulo dropping auto traits (*dyn Debug -> *(u16, dyn Debug), *dyn Debug + Send -> *dyn Debug)
  • Note: adding auto traits is only allowed if the principal trait has the auto trait as a super trait (given trait T: Send {}, *dyn T -> *dyn T + Send is valid, but *dyn Debug -> *dyn Debug + Send is not)

You'll notice I put up #136764 the day after merging the Reference PR. I don't recall the specifics, but it probably wasn't a coincidence.

That said, I'm sure you can find cases where we let something through that should have had a Reference PR but did not. We're trying to be better about this. As you may have seen, e.g., in the PR for the release notes of Rust 1.89, in #144097 (comment), I spot-checked how we did about this for that release.

I don't see that documentation you linked anywhere in the reference. It's not in the pointer casts section and there's nothing under the big table in the type casts sections that talks about this.

I don't see that documentation you linked anywhere in the reference. It's not in the pointer casts section and there's nothing under the big table in the type casts sections that talks about this.

In rust-lang/reference#1732, it was moved to the footnote here:

https://doc.rust-lang.org/1.88.0/reference/expressions/operator-expr.html#footnote-meta-compat

Admittedly that's probably not the best place for it. (Partly it's a rendering issue; we'd prefer for footnotes on tables to appear directly below the table.)