Is it sound to field-project into a Cell or UnsafeCell?

[joshlf]

Given a &Cell<T> or &UnsafeCell<T>, is it sound to produce a &Cell<F> or &UnsafeCell<F> to a field within the original (assuming that lifetimes are respected etc etc)? E.g.:

pub fn project(cell: &Cell<(u8, u16)>) -> &Cell<u16> {
    let cell_raw: *const _ = cell;
    let inner_raw: *const (u8, u16) = cell_raw.cast();
    let field_raw = core::mem::addr_of!(inner_raw.1);
    unsafe { &*field_raw }
}

[RalfJung]

This is intended to be sound for tuples and structs, yes. We have a function safely exposing this for slices, but Rust cannot express this for tuples or structs.

It is clearly not sound for enums.

[RalfJung]

That said, there is rust-lang/rust#80778, so currently this might actually not be sound.

EDIT: Ah no structs and tuples are still fine. It's arrays where there is a problem.

[joshlf]

Thanks for the breadcrumbs!

[joshlf]

Given a &Cell<T> or &UnsafeCell<T>, is it sound to produce a &Cell<F> or &UnsafeCell<F> to a field within the original (assuming that lifetimes are respected etc etc)? E.g.:

pub fn project(cell: &Cell<(u8, u16)>) -> &Cell<u16> {
    let cell_raw: *const _ = cell;
    let inner_raw: *const (u8, u16) = cell_raw.cast();
    let field_raw = core::mem::addr_of!(inner_raw.1);
    unsafe { &*field_raw }
}

Now that rust-lang/rust#114795 has landed, is this guaranteed to be sound?

[RalfJung]

That is definitely my intention, yes. But ultimately this needs a T-libs-abi guarantee.