invalid_reference_casting false positive: dynamically sized types

[dtolnay]

fn main() {
    let x: Box<dyn Send> = Box::new(0i32);
    let z = unsafe { &*(&*x as *const dyn Send as *const i32) };
    println!("{}", z);
}

I believe this code is well defined.

It runs successfully in Miri with RUSTFLAGS='-Zcrate-attr=allow(invalid_reference_casting)' cargo +nightly miri run.

However, since #118983 (nightly-2024-02-14), the following deny-by-default lint is triggered in cargo check:

$ cargo +nightly-2024-02-14 check

error: casting references to a bigger memory layout than the backing allocation is undefined behavior, even if the reference is unused
 --> src/main.rs:3:22
  |
3 |     let z = unsafe { &*(&*x as *const dyn Send as *const i32) };
  |                      ^^^^--^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  |                          |
  |                          backing allocation comes from here
  |
  = note: casting from `dyn Send` (0 bytes) to `i32` (4 bytes)
  = note: `#[deny(invalid_reference_casting)]` on by default

Rustc thinks the dyn Send is 0 bytes, whereas for the purpose of the memory model as I understand it, it has a runtime size that is bigger than 0 bytes.

[Urgau]

Rustc thinks the dyn Send is 0 bytes, whereas for the purpose of the memory model as I understand it, it has a runtime size that is bigger than 0 bytes.

The 0 bytes here is the size reported at compile time, which obviously doesn't make sense with DST, the lint implementation should be gated on the types being sized. (to be honest, I completely forgot about this).

There should probably be an if !inner_start_ty.is_sized(cx.tcx, cx.param_env) { return None; } somewhere after this

rust/compiler/rustc_lint/src/reference_casting.rs

Lines 193 to 195 in cc1c099

	let ty::Ref(_, inner_start_ty, _) = start_ty.kind() else {
	return None;
	};

[ogoffart]

My code is also regressing in this:

pub struct Opaque(());
pub unsafe fn foo(opaque: *const Opaque) {
   let foo = &*((&*opaque) as *const Opaque as *const u8);
}

Gives the error on nightly

error: casting references to a bigger memory layout than the backing allocation is undefined behavior, even if the reference is unused
 --> src/lib.rs:4:14
  |
4 |    let foo = &*((&*opaque) as *const Opaque as *const u8);
  |              ^^^^^-------^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  |                   |
  |                   backing allocation comes from here
  |
  = note: casting from `Opaque` (0 bytes) to `u8` (1 bytes)
  = note: `#[deny(invalid_reference_casting)]` on by default

This doesn't involve DST though. But the pattern is the same as we just go through a &* which shouldn't count as a dereference.

[Urgau]

@ogoffart Your sample code is as far as I can tell UB and Miri seems to agree with the lint.

error: Undefined Behavior: out-of-bounds pointer use: alloc865 has size 0, so pointer to 1 byte starting at offset 0 is out-of-bounds
 --> src/main.rs:5:15
  |
5 |    let _foo = &*((&*opaque) as *const Opaque as *const u8);
  |               ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ out-of-bounds pointer use: alloc865 has size 0, so pointer to 1 byte starting at offset 0 is out-of-bounds
  |
  = help: this indicates a bug in the program: it performed an invalid operation, and caused Undefined Behavior
  = help: see https://doc.rust-lang.org/nightly/reference/behavior-considered-undefined.html for further information

Note, removing the inner dereference let _foo = &*(opaque as *const u8); still triggers the lint and is also UB; because as noted casting references to a bigger memory layout than the backing allocation is undefined behavior.

_{If you want to continue this conversation, let's create a new issue as to not diverge this specific issue.}

[apiraino]

WG-prioritization assigning priority (Zulip discussion).

@rustbot label -I-prioritize +P-high