Generalize the wide-pointer total-size bound#2290
Open
traviscross wants to merge 4 commits into
Open
Conversation
The pointer-to-pointer cast rules and the wide-pointer validity rule both speak of the *metadata* of a pointer, but we hadn't explicitly defined the term (even though we had defined the contents of that metadata). Let's do that and link to it.
We refer to the unsized tail of a type, but we hadn't defined it. Let's do that and link to the definition.
The validity rule for the metadata of a wide reference, `Box<T>`, or raw pointer mentions `dyn Trait` and slice but had omitted `str`. Let's fix that.
We document that, for references and `Box<T>`, pointed-to values with slice or `str` metadata must be no larger than `isize::MAX`. We hadn't required this for pointed-to values with `dyn` metadata. It's tempting to think this isn't necessary since we separately require that the metadata point to a vtable generated by the compiler, which ensures the encoded size of the erased type is OK. But the bound is on the total size of the pointed-to value, including any sized prefix of a type with an unsized tail. Since the prefix combined with the size in the vtable can push us past the limit, we need the separate restriction. Let's apply the rule to both cases and add an admonition to remind ourselves of why this is needed.
rustbot
added
the
S-waiting-on-review
This was referenced Jun 16, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We document that, for references and
Box<T>, pointed-to values with slice orstrmetadata mustbe no larger than
isize::MAX. We hadn't required this for pointed-to values withdynmetadata.It's tempting to think this isn't necessary since we separately require that the metadata point to
a vtable generated by the compiler, which ensures the encoded size of the erased type is OK.
But the bound is on the total size of the pointed-to value, including any sized prefix of a type
with an unsized tail. Since the prefix combined with the size in the vtable can push us past the
limit, we need the separate restriction.
Let's apply the rule to both cases and add an admonition to remind ourselves of why this is needed.
I'm breaking this out from #2282 so that we can merge the prerequisites before considering the new lang guarantees.
This is stacked on #2286 and #2287 and #2288 and those should be merged first.
cc @ehuss @RalfJung @Mark-Simulacrum