Skip to content

repr(ordered_fields) #3845

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
RustyYato wants to merge 47 commits into
base: master
Choose a base branch
from
Open

repr(ordered_fields) #3845

Changes from 11 commits
Commits
Show all changes
47 commits
Select commit Hold shift + click to select a range
e0cdce8
Create 0000-repr-ordered-fields.md
RustyYato Aug 1, 2025
0637bbf
Add a link to the zullip thread
RustyYato Aug 1, 2025
7e4b0c8
Update RFC with PR number
RustyYato Aug 5, 2025
61ce0f2
Grammer fixes
RustyYato Aug 5, 2025
4fa572e
Update Motivation to include the exact issue from MSVC
RustyYato Aug 5, 2025
755644c
Rework reference level section
RustyYato Aug 5, 2025
0d0a79b
Add description for union layout
RustyYato Aug 5, 2025
4f4bf18
Tabs -> Spaces
RustyYato Aug 5, 2025
063af08
Apply suggestions from code review
RustyYato Aug 5, 2025
0c0e429
discriminant -> tag
RustyYato Aug 5, 2025
9e316ff
Qualify alignment assumptions
RustyYato Aug 5, 2025
a1700b6
oops, fix typo
RustyYato Aug 6, 2025
d75a497
add `repr(declaration_order)` as a potential spelling
RustyYato Aug 6, 2025
6526f5a
Switch enum tag type to defer to `repr(C)` tag type
RustyYato Aug 6, 2025
ed96c1b
Rework edition_2024_repr_c warning from future compat to edition warning
RustyYato Aug 7, 2025
01cfb40
Add lints to summary section
RustyYato Aug 7, 2025
f11567c
edition migraiton lint -> edition compatibility lint
RustyYato Aug 7, 2025
b17f192
fix code example of layout algorithm for enums
RustyYato Aug 7, 2025
488068e
Add reference to MSVC bug in motivation
RustyYato Aug 11, 2025
93f53a5
Add the suspicious_repr_c lint
RustyYato Aug 11, 2025
a2737d5
specify precedence of `suspicious_repr_c` lint
RustyYato Aug 11, 2025
bb8a392
minor grammer/punctuation fixes
RustyYato Aug 11, 2025
612b99e
Fix MSVC bug description
RustyYato Aug 11, 2025
283df46
Update text/3845-repr-ordered-fields.md
RustyYato Aug 18, 2025
8fe1576
Update from reviews
RustyYato Aug 18, 2025
489b31a
fix typo
RustyYato Aug 18, 2025
a5fb9bc
Fix typo
RustyYato Aug 18, 2025
88f631e
Add AIX to motivation
RustyYato Aug 20, 2025
dee831d
Add some description for why it's a problem to conflate the two roles…
RustyYato Aug 21, 2025
f007f6f
wording improvements for the motivation
RustyYato Aug 21, 2025
703dcb9
fix typo
RustyYato Aug 21, 2025
2e36454
Apply suggestions from code review
RustyYato Sep 3, 2025
472cae7
Minor rewordings
RustyYato Sep 3, 2025
6c48b17
Add sections to motivation and expand AIX to it's own section
RustyYato Sep 3, 2025
2043a02
try fix intradoc link?
RustyYato Sep 3, 2025
4c81c7c
Minor rewording of motivation section
RustyYato Sep 3, 2025
92eb763
Add unresolved question for `repr(C)` where corrosponding C type does…
RustyYato Sep 3, 2025
9fb58ad
fix link
RustyYato Sep 3, 2025
6a16195
`align` -> `__alignof__` on AIX
RustyYato Sep 3, 2025
e7bd72a
Apply suggestions from code review
RustyYato Sep 3, 2025
7d7b01a
update motivation section for AIX
RustyYato Sep 3, 2025
81a1a42
Update AIX section and minor rewording throughout
RustyYato Sep 5, 2025
98be259
some clarifications about the spec
RustyYato Jan 27, 2026
3f41cb3
Apply suggestions from code review
RustyYato Jan 27, 2026
87801ba
Apply suggestion from code review
RustyYato Jan 27, 2026
da8b018
edit motivation section
RalfJung Jan 31, 2026
843a37e
Merge pull request #1 from RalfJung/repr_ordered_fields
RustyYato Feb 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
326 changes: 326 additions & 0 deletions text/3845-repr-ordered-fields.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,326 @@
- Feature Name: `repr_ordered_fields`
- Start Date: 2025-08-05
- RFC PR: [rust-lang/rfcs#3845](https://github.com/rust-lang/rfcs/pull/3845)
- Rust Issue: [rust-lang/rust#0000](https://github.com/rust-lang/rust/issues/0000)

# Summary
[summary]: #summary

Introduce a new `repr` (let's call it `repr(ordered_fields)`, but that can be bikeshedded if this RFC is accepted) that can be applied to `struct`, `enum`, and `union` types, which guarantees a simple and predictable layout. Then provide an initial migration plan to switch users from `repr(C)` to `repr(ordered_fields)`.

# Motivation
[motivation]: #motivation

Currently `repr(C)` serves two roles
1. Provide a consistent, cross-platform, predictable layout for a given type
2. Match the target C compiler's struct/union layout algorithm and ABI
Copy link
Member

@scottmcm scottmcm Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Big fan of doing this split, especially for structs. (It's less obvious what choices to make for other things, IMHO, but at least for structs this is something I've wanted for ages, so that for example Layout::extend can talk about it instead of C.)

Pondering the bikeshed: declaration_order or something could also be used to directly say what you're getting.

(This could be contrasted with other potential reprs that I wouldn't expect this RFC to add, but could consider as future work, like a deterministic_by_size_and_alignment where some restricted set of optimizations are allowed but you can be sure that usize and NonNull<String> can be mixed between different types while still getting the "same" field offsets, for example.)

Copy link
Author

@RustyYato RustyYato Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is also useful for unions, so we don't need to rely on repr(C) to ensure that all fields of a union are at offset 0.

This could be contrasted with other potential reprs that I wouldn't expect this RFC to add...

This also works as an argument against names like repr(consistent), since there are multiple consistent and useful repr, making it not descriptive enough.

Copy link
Member

@scottmcm scottmcm Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do think that declaration_order or ordered_fields is a bit weird on a union, because of course they're not really in any "order".

It makes me ponder whether we should just have repr(offset_zero) for unions to be explicit about it, or something.

(Which makes me think of other things like addressing rust-lang/unsafe-code-guidelines#494 by having a different constructs for "bag of maybeuninit stuff that overlap" vs "distinct options with an active-variant rule for enum-but-without-stored-discriminant". But those are definitely not this RFC.)

Copy link
Author

@RustyYato RustyYato Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't mind spelling it as repr(offset_zero) for unions if that helps get this RFC accepted 😄. However, I have a sneaking suspicion that this isn't the contentious part of this RFC.
I know the name isn't optimal (intentionally). This can be hashed out after the RFC is accepted (or even give a different name for all of struct, union, and enum).
The most important bit for me is just that we do the split (for all of struct, union, and enum, to be consistent).


But in some cases, these two cases are in tension due to platform weirdness (even on major platforms like Windows MSVC)
* https://github.com/rust-lang/unsafe-code-guidelines/issues/521
* https://github.com/rust-lang/rust/issues/81996

Providing any fix for case 2 would subtly break any users of case 1, which makes this difficult to fix within a single edition.

As an example of this tension: on Windows MSVC, `repr(C)` doesn't always match what MSVC does for ZST structs (see this [issue](https://github.com/rust-lang/rust/issues/81996) for more details)

```rust
// should have size 8, but has size 0
#[repr(C)]
struct SomeFFI([i64; 0]);
```

Of course, making `SomeFFI` size 8 doesn't work for anyone using `repr(C)` for case 1. They want it to be size 0 (as it currently is).
Copy link
Member

@RalfJung RalfJung Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
Of course, making `SomeFFI` size 8 doesn't work for anyone using `repr(C)` for case 1. They want it to be size 0 (as it currently is).
Of course, making `SomeFFI` size 8 doesn't work for anyone using `repr(C)` for case 1. They want it to be size 0 (as it currently is).
Fixing the layout of this struct will also most likely let us remove a long-standing hack from our implementation of the MSVC ABI:
unlike all other ABIs, we do *not* entirely skip ZST with that ABI but instead mark them to be passed by-ptr.
This is needed to correctly pass types like `SomeFFI`.
If we fix our layout computation to match that of MSVC, we no longer need this special case in the ABI logic.

Copy link
Member

@RalfJung RalfJung Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Turns out this was not entirely right, see rust-lang/unsafe-code-guidelines#552 (comment). So probably best to remove this paragraph again.

Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That issue should presumably be addressed in this RFC, no? repr(C) 1-ZSTs need to be passed by pointer, but does that apply to repr(ordered_fields) as well?

Copy link
Member

@RalfJung RalfJung Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The main problem is that we have already specified that all 1-ZST have the same ABI. We need to figure out how to clean that up but I don't think this RFC needs to do that.

Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This RFC currently specifies that new repr(C) matches C. That requires breaking the “all 1-ZST have the same ABI” rule. So the RFC either needs to specify that it’s actually “repr(C) matches C except for 1-ZSTs”, or it needs to specify that we are breaking the rule. Can’t have it both ways

Copy link
Author

@RustyYato RustyYato Sep 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I did see that you claimed this before in rust-lang/unsafe-code-guidelines#552. I'm not sure what this is referencing.

If this is referencing the current implementation where 1-ZSTs are explicitly skipped in the ABI. I'm not seeing any documentation guaranteeing this behavior, so it should be fine to change this.

If this is referencing this: https://internals.rust-lang.org/t/creating-1-zsts-guaranteed-to-have-same-extern-c-abi-as/19399/18
Where you said:

To make repr(transparent) work, we need all 1-ZST to have the same ABI, no matter their repr.

This seems rather subtle, and it should be explicitly documented somewhere (perhaps the Rust reference on type layouts/abi).

And if this is indeed your reasoning, then we could (in future editions) ensure that #[repr(C)] 1-ZSTs are only allowed in a #[repr(transparent)] type Foo if all other types in Foo are normal non-#[repr(C)] 1-ZSTs. (i.e. treat #[repr(C)] types as if they are not 1-ZSTs for #[repr(transparent)]).

Copy link
Member

@RalfJung RalfJung Sep 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes it is a subtle indirect consequence, as explained at the top of rust-lang/unsafe-code-guidelines#552:

Note that the reason for this rule of any two 1-ZST being ABI compatible is that for types like #[repr(transparent)] ZST([u8; 0]; ()), we promise that the type is ABI-compatible with the field that is being transparently wrapped, and that could be either field. So the only way to always deliver on our repr(transparent) ABI-compatibility promise is to make all 1-ZST ABI-compatible.

If ABI(ZST) == ABI( () ) and ABI(ZST) == ABI([u8; 0]) it follows that ABI( () ) == ABI([u8; 0]).

then we could (in future editions) ensure that #[repr(C)] 1-ZSTs are only allowed in a #[repr(transparent)] type Foo if all other types in Foo are normal non-#[repr(C)] 1-ZSTs. (i.e. treat #[repr(C)] types as if they are not 1-ZSTs for #[repr(transparent)]).

Yes we could. Though ABI is a cross-edition concern so it'd only help marginally to do this on new editions only.

But we could try to crater whether just doing a transition for this is realistic...

Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Sep 29, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Though ABI is a cross-edition concern so it'd only help marginally to do this on new editions only.

I assume it would be based on the edition where the repr(C) 1-ZST is defined? I.e., same as everything else in this RFC. Note that, if you have:

// on new edition with new `repr(C)`
#[repr(C)]
struct NoFields {}

#[repr(transparent)]
struct Foo(u32, NoFields);

NoFields won’t be a ZST at all on windows-msvc, so it’s not really much more problematic to say Foo doesn’t compile on windows-gnu either.

Copy link
Member

@RalfJung RalfJung Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume it would be based on the edition where the repr(C) 1-ZST is defined?

Usually it'd be based on the edition of the crate that the repr(transparent) type is defined in.
Otherwise, bumping the edition of the crate that has the empty C struct could lead to downstream build failures.

NoFields won’t be a ZST at all on windows-msvc

Yeah, also see rust-lang/unsafe-code-guidelines#552 (comment).

Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bumping the edition of the crate that has the empty C struct could lead to downstream build failures.

Well, yes, the whole point of this RFC is that changing the meaning of repr(C) is a breaking change that must be done over an edition.


# Guide-level explanation
[guide-level-explanation]: #guide-level-explanation

`repr(ordered_fields)` is a new representation that can be applied to `struct`, `enum`, and `union` to give them a consistent, cross-platform, and predictable in-memory layout.

`repr(C)` in edition <= 2024 is an alias for `repr(ordered_fields)` and in all other editions, it matches the default C compiler for the given target for structs, unions, and field-less enums. Enums with fields will be laid out as if they are a union of structs with the corresponding fields.

Using `repr(C)` in editions <= 2024 triggers a lint to use `repr(ordered_fields)` as a future compatibility lint with a machine-applicable fix. If you are using `repr(C)` for FFI, then you may silence this lint. If you are using `repr(C)` for anything else, please switch over to `repr(ordered_fields)` so updating to future editions doesn't change the meaning of your code.
Copy link
Member

@Mark-Simulacrum Mark-Simulacrum Aug 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is too noisy. Most code out there using repr(C) is probably fine - IIUC, if you're not targeting Windows or AIX, maybe definitely fine? - and having a bunch of allow(...) across a bunch of projects seems unfortunate.

Maybe we can either (a) only enable the lint for migration, i.e., the next edition's cargo fix would add allows for you or (b) we find some new name... C2 for the existing repr(C) usage to avoid allows. But (b) also seems too noisy to me.

Copy link

@clarfonthey clarfonthey Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it could just be an optional edition compatibility lint, so if someone enables e.g. rust_20xx_compatibility it shows up but otherwise not.

Copy link
Author

@RustyYato RustyYato Aug 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(a) only enable the lint for migration

That was the intention, hence the name edition_2024_repr_c. I'll make this more clear, that this is intended to be a migration lint.

Rustfix would update to #[repr(ordered_fields)] to preserve the current behavior. For the FFI crates, #![allow(edition_2024_repr_c)] at the top of lib.rs would suffice. If you have a mix of FFI and non-FFI uses of repr(C), then you'll have to do the work to figure out which is which, no matter what option is chosen to update repr(C) - even adding repr(C2), since then the FFI use case would need to update all their reprs to repr(C2).

Overall, I think this scheme only significantly burdens those who have a mix of FFI and non-FFI uses of repr(C). But they were going to be burdened no matter what option was chosen.

Copy link
Author

@RustyYato RustyYato Aug 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the new wording/lints too noisy still?

Copy link
Member

@joshtriplett joshtriplett Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the new wording is still too noisy. We shouldn't assume that most people using repr(C) are using it for ordering rather than FFI.

Copy link
Author

@RustyYato RustyYato Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That wasn't my intention, but I don't see another way to do all of the following in the next edition:

  • make repr(C) mean - same layout/ABI as what the standard C compiler does
  • make repr(ordered_fields) - the same algorithm that's listed for repr(C) in the Rust reference
  • ensure that everyone who upgrades to the next edition gets the layout they need (as long as they read the warnings and follow the given advice)
  • make it as painless as possible for people who don't mix FFI and stable ordering cases (which I suspect is the vast majority of people). In other words, each crate currently uses repr(C) either exclusively for FFI or exclusively for some stable layout.
  • for people who do mix FFI and stable ordering cases in one crate, at least the warning should give them all the places they need to double-check, and they can silence the warning on a case-by-case basis.

I'm open to suggestions on how to handle the diagnostics. Within these constraints, I think my solution is the only real option we have. If there are some objections to these constraints, I would like to hear those too, maybe I missed the mark with these constraints, and missed a potential solution because of it.


```
warning: use of `repr(C)` in type `Foo`
--> src/main.rs:14:10
|
14 | #[repr(C)]
| ^^^^^^^ help: consider switching to `repr(ordered_fields)`
| struct Foo {
|
= note: `#[warn(edition_2024_repr_c)]` on by default
= note: `repr(C)` is planned to change meaning in the next edition to match the target platform's layout algorithm. This may change the layout of this type on certain platforms. To keep the current layout, switch to `repr(ordered_fields)`
```

After enough time has passed, and the community has switched over:
This makes it easier to tell *why* the `repr` was applied to a given struct. If `repr(C)`, it's about FFI and interop. If `repr(ordered_fields)`, then it's for a dependable layout.
# Reference-level explanation
[reference-level-explanation]: #reference-level-explanation

## `repr(C)`

> The `C` representation is designed for one purpose: creating types that are interoperable with the C Language.
>
> This representation can be applied to structs, unions, and enums. The exception is [zero-variant enums](https://doc.rust-lang.org/stable/reference/items/enumerations.html#zero-variant-enums) for which the `C` representation is an error.
>
> - edited version of the [reference](https://doc.rust-lang.org/stable/reference/type-layout.html#the-c-representation) on `repr(C)`

The exact algorithm is deferred to whatever the default target C compiler does with default settings (or if applicable, the most commonly used settings).
Copy link
Member

@RalfJung RalfJung Sep 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What should repr(C) do when the corresponding C code is rejected by the default target C compiler?

This affects, for instance, fieldless structs, which are rejected by MSVC (but accepted by GCC). By extension it then also affects structs where all fields are PhantomData, as those should arguably be removed when translating a Rust type to a C type.

Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should specify that repr(Rust) or repr(ordered_fields) 1-ZSTs (incl. tuples) are always removed, but otherwise if there is no direct C equivalent (e.g. repr(Rust) or repr(ordered_fields) fields, or fieldless struct if not supported by the C compiler), the layout should be consistent within the same compiler version but otherwise unspecified.

Copy link
Author

@RustyYato RustyYato Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've added this as an unresolved question, so we don't lose track of this.

I agree that we should remove any repr(Rust)/repr(ordered_fields) 1-ZSTs, but if we have a type that otherwise doesn't have an equivalent supported C type, maybe we should either error or try working with the C community to close this gap (i.e. fieldless types). Either by ensuring that they never make it compile in the future and giving us free rein to give semantics, or by making the code compile with some layout/ABI and then matching it ourselves (this would be preferred).

If the type has no equivalent (i.e. some repr(Rust)/repr(ordered_fields)), then either the layout is unspecified or we could treat it some opaque blob with the same size and align, and lay it out how a C compile would lay out an struct containing an array of the same size and align. (i.e. __attribute__((aligned(ALIGN))) struct Blob { char x[SIZE] };). This seems like it would be the most consistent.

We've been bitten before by making choices about what the C code ought to do and had to do some painful roll-backs (like this RFC, and env::set_var). So I think being more conservative around C code is probably a good thing.

Copy link
Member

@RalfJung RalfJung Sep 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or we could treat it some opaque blob with the same size and align, and lay it out how a C compile would lay out an struct containing an array of the same size and align. (i.e. attribute((aligned(ALIGN))) struct Blob { char x[SIZE] };)

I don't think we should promise any particular layout -- by leaving it unspecified, we at least de jure can change what we do to match what C does if it ever becomes legal in C.

## `repr(ordered_fields)`

> The `ordered_fields` representation is designed for one purpose: create types that you can soundly perform operations on that rely on data layout such as reinterpreting values as a different type
>
> This representation can be applied to structs, unions, and enums.
>
> - edited version of the [reference](https://doc.rust-lang.org/stable/reference/type-layout.html#the-c-representation) on `repr(C)`
Comment on lines 170 to 176
Copy link
Contributor

@Jules-Bertholet Jules-Bertholet Aug 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think would be nice to guarantee that if a repr(ordered_fields) ADT is layout-compatible (same size, alignment, and field offsets, discounting repr(Rust) ZST fields) with a struct or union defined in C, then it is also ABI-compatible with that C struct/union, as far as possible. This would allow using repr(ordered_fields) to interoperate with C code that defines types with weird pragmas, like AIX #pragma align (natural).

Copy link
Author

@RustyYato RustyYato Aug 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is possible, and I've listed something similar as an unresolved question (should repr(ordered_fields) have a well-defined ABI?).

However, I think it would be best to punt this to a future RFC/ACP/discussion/etc. It doesn't seem to be required to split repr(C). Matching a weird pragma on a Tier 3 platform is not enough motivation to add to this RFC. (As I would like to keep this as lean as possible, only keeping the necessary portions)

Copy link
Member

@the8472 the8472 Aug 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note that we currently do have an internal linear repr which is used for Box and that does not inhibit ABI optimizations, that's necessary for box to act as a pointer type.

### struct
Structs are laid out in memory in declaration order, with padding bytes added as necessary to preserve alignment.
And their alignment is the same as their most aligned field.

```rust
// assuming that u32 is aligned to 4 bytes
// size 16, align 4
#[repr(ordered_fields)]
struct FooStruct {
a: u8,
b: u32,
c: u16,
d: u32,
}
```

Would be laid out in memory like so

```
a...bbbbcc..dddd
```
### union
Unions would be laid out with the same size as their largest field, and the same alignment as their most aligned field.

```rust
// assuming that u32 is aligned to 4 bytes
// size 4, align 4
#[repr(ordered_fields)]
union FooUnion {
a: u8,
b: u32,
c: u16,
d: u32,
}
```

`FooUnion` has the same layout as `u32`, since `u32` has both the biggest size and alignment.
### enum
The enum's tag is the smallest signed integer type which can hold all of the discriminant values (unless otherwise specified). The discriminants are assigned such that each variant without an explicit discriminant is exactly one more than the previous variant in declaration order.

If an enum doesn't have any fields, then it is represented exactly by it's discriminant.
```rust
// tag = i16
// represented as i16
#[repr(ordered_fields)]
enum FooEnum {
VarA = 1,
VarB, // discriminant = 2
VarC = 500,
VarD, // discriminant = 501
}

// tag = u16
// represented as u16
#[repr(ordered_fields, u16)]
enum FooEnumUnsigned {
VarA = 1,
VarB, // discriminant = 2
VarC = 500,
VarD, // discriminant = 501
}
```

Enums with fields will be laid out as if they were a union of structs.
Copy link
Contributor

@kpreid kpreid Aug 14, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This statement matches the algorithm currently used for "primitive representations" (repr(u8) etc), not the algorithm currently used for repr(C) or repr(C, uN). If this change is made, then anyone in need of specifically the current repr(C) enum representation cannot migrate to repr(ordered_fields).

The difference between the two algorithms (besides the integer type used for the tag) is that in repr(C), all variants have their first field at the same offset, whereas in repr(uN), each variant’s first field has only the offset required by its type’s alignment, so individual variants may be at a lower offset. The repr(C) enum acts as (and is documented as) a “tagged union” that contains an “untagged union”, whereas repr(uN) does not.

Example of the difference:

#![feature(offset_of_enum)]

#[repr(align(8))]
struct A64(u64);

#[repr(C, i32)]
enum ExampleC {
    Foo(u8),
    Bar(A64),
}
#[repr(i32)]
enum ExamplePrim {
    Foo(u8),
    Bar(A64),
}

fn main() {
    dbg!(
        std::mem::offset_of!(ExampleC, Foo.0), // prints 8
        std::mem::offset_of!(ExamplePrim, Foo.0), // prints 4
    );
}

I think that either repr(ordered_fields, uN) should instead exactly mimic repr(C, uN) in this regard, or — perhaps a better idea — there should be a separate explicitly named representation for this, since it is rare to actually need this layout, and so users merely seeking predictable layout are better served by repr(uN), but they might unthinkingly put repr(ordered_fields) on their enums along with their structs..

Copy link
Author

@RustyYato RustyYato Aug 15, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's a good point. I didn't realize there was that difference, thanks for bringing this up. I think repr(ordered_fields) should match what repr(C) does now, to ease migrations (even in combo with the primitive reprs). We could add lints to suggest changing to just a primitive repr if repr(ordered_fields) is used on an enum.

I think making the migration as painless as possible will make it much easier to split up repr(C) up. And we can also add guidance towards other reprs via lints.

I'm open to having the repr be named differently for the different kinds of type. (For example, repr(offset_zero) for unions was considered in another thread)


For example, this would be laid out the same as the union below
```rust
#[repr(ordered_fields)]
enum BarEnum {
VarFieldless,
VarTuple(u8, u32),
VarStruct {
a: u16,
b: u32,
},
}
```

```rust
#[repr(ordered_fields)]
union BarUnion {
var1: VarFieldless,
var2: VarTuple,
var3: VarStruct,
}

#[repr(ordered_fields)]
enum BarTag {
VarFieldless,
VarTuple,
VarStruct,
}

#[repr(ordered_fields)]
struct VarFieldless {
tag: BarTag,
}

#[repr(ordered_fields)]
struct VarTuple(BarTag, u8, u32);

#[repr(ordered_fields)]
struct VarStruct {
tag: BarTag,
a: u16,
b: u32
}
```

In Rust, the algorithm for calculating the layout is defined precisely as follows:

```rust
/// Takes in the layout of each field (in declaration order)
/// and returns the offsets of each field, and the layout of the entire struct
fn get_layout_for_struct(field_layouts: &[Layout]) -> Result<(Vec<usize>, Layout), LayoutError> {
let mut layout = Layout::new::<()>();
let mut field_offsets = Vec::new();

for &field in field_layouts {
let (next_layout, offset) = layout.extend(field)?;

field_offsets.push(offset);
layout = next_layout;
}

Ok((field_offsets, layout.pad_to_align()))
}

fn layout_max(a: Layout, b: Layout) -> Result<Layout, LayoutError> {
Layout::from_size_align(
a.size().max(b.size()),
a.align().max(b.align()),
)
}

/// Takes in the layout of each field (in declaration order)
/// and returns the layout of the entire union
/// NOTE: all fields of the union are located at offset 0
fn get_layout_for_union(field_layouts: &[Layout]) -> Result<Layout, LayoutError> {
let mut layout = Layout::new::<()>();

for &field in field_layouts {
layout = layout_max(layout, field)?;
}

Ok(layout.pad_to_align())
}

/// Takes in the layout of each variant (and their fields) (in declaration order)
/// and returns the offsets of all fields of the enum, and the layout of the entire enum
/// NOTE: the enum tag is always at offset 0
fn get_layout_for_enum(
// the discriminants may be negative for some enums
// or u128::MAX for some enums, so there is no one primitive integer type which works. So BigInteger
discriminants: &[BigInteger],
variant_layouts: &[&[Layout]]
) -> Result<(Vec<Vec<usize>>, Layout), LayoutError> {
assert_eq!(discriminants.len(), variant_layouts.len());

let mut layout = Layout::new::<()>();
let mut variant_field_offsets = Vec::new();

let mut variant_with_tag = Vec::new();
// gives the smallest integer type which can represent the variants and the specified discriminants
let tag_layout = get_layout_for_tag(discriminants);
// ensure that the tag is the first field
variant_with_tag.push(tag_layout);

for &variant in variant_layouts {
variant_with_tag.truncate(1);
// put all other fields of the variant after this one
variant_with_tag.extend_from_slice(variant);
let (mut offsets, variant_layout) = get_layout_for_struct(&variant_with_tag)?;
// remove the tag so the caller only gets the fields they provided in order
offsets.remove(0);

variant_field_offsets.push(offsets);
layout = layout_max(layout, variant_layout)?;
}

Ok((variant_field_offsets, layout))
}
```
### Migration to `repr(ordered_fields)`

The migration will be handled as follows:
* after `repr(ordered_fields)` is implemented
* add a future compatibility warning for `repr(C)` in all current editions
* at this point both `repr(ordered_fields)` and `repr(C)` will have identical behavior
* the warning will come with a machine-applicable fix
* Any crate which does no FFI can just apply the autofix
* Any crate which uses `repr(C)` for FFI can ignore the warning crate-wide
* Any crate which mixes both must do extra work to figure out which is which. (This is likely a tiny minority of crate)
* Once the next edition rolls around (2027?), `repr(C)` on the new edition will *not* warn. Instead the meaning will have changed to mean *only* compatibility with C. The docs should be adjusted to mention this edition wrinkle.
* The warning for previous editions will continue to be in effect
* In some future edition (2033+), when it is deemed safe enough, the future compatibility warnings may be removed in editions <= 2024
* This should have given plenty of time for anyone who was going to update their code to do so. And doesn't burden the language indefinitely
* This part isn't strictly necessary, and can be removed if needed

# Drawbacks
[drawbacks]: #drawbacks

* This will cause a large amount of churn in the Rust ecosystem
* If we don't end up switching `repr(C)` to mean the system layout/ABI, then we will have two identical reprs, which may cause confusion.
# Rationale and alternatives
Copy link
Contributor

@madsmtm madsmtm Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The issues that this fixes are with ZSTs over FFI (basically never done), an AIX bug (tier 3 target), and might help with an x86_32 MSVC bug. That seems... Kinda weak IMO, compared to like a million #[repr(C)]s out there that currently work.

Maybe instead of planning to change #[repr(C)], an alternative could be to introduce both #[repr(ordered_fields)] and #[repr(bikeshed_broken_but_actual_C_struct_repr)], and have #[repr(C)] guaranteed to be an alias of #[repr(ordered_fields)]? And then we deprecate #[repr(C)] once those two are in everyone's MSRV and such.

This would avoid the hard issues of "when do we break this" and "oops, things act differently in edition 2027". Having previously fine unsafe code become unsound over an edition is dangerous territory.

Building on top of that, another alternative would be to not deprecate at all, and instead leave #[repr(C)] as an alias of #[repr(ordered_fields)]. (#[repr(C)] is what the C standard says, it's just certain compilers that don't really follow the standard).

And then we instead introduce more specific checks like "type is #[repr(C)] + type is ZST or has 8-byte fields + type is used in FFI" -> "warn and suggest #[repr(bikeshed_broken_but_actual_C_struct_repr)]".

This would allow #[repr(C)] struct Point { x: c_int, y: c_int } and such to continue working just fine.

Copy link
Member

@RalfJung RalfJung Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's also the problem of aligned structs inside packed structs.

(#[repr(C)] is what the C standard says, it's just certain compilers that don't really follow the standard).

I don't think this is correct. The C standard says nothing about struct layout. Rust just made incorrect assumptions. We should fix that mistake instead of doubling down on it.

And then we instead introduce more specific checks like "type is #[repr(C)] + type is ZST or has 8-byte fields + type is used in FFI" -> "warn and suggest #[repr(bikeshed_broken_but_actual_C_struct_repr)]".

Lints won't work when generics are involved.

Copy link
Member

@RalfJung RalfJung Jan 30, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would avoid the hard issues of "when do we break this" and "oops, things act differently in edition 2027". Having previously fine unsafe code become unsound over an edition is dangerous territory.

So should edition migration change repr(C) in 2024 to repr(ordered_fields) in 202x to ensure the meaning is preserved?

Note that for the same reason that most repr(C) out there work, also most unsafe code working with repr(C) won't become unsound.

Or maybe yet another option: we do introduce repr(psABI) for "the (C) layout defined by the psABI of the current target". And then for all repr(C) we check whether for this type, repr(ordered_fields) and repr(psABI) agree for all targets (or just for the current target?). If yes, all is good, if not

  • on old editions: warn and continue with repr(ordered_fields)
  • on new editions: error

Note that pretty much every repr(C) struct with a generic field would trigger the warning/error.

Copy link
Contributor

@madsmtm madsmtm Jan 30, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's also the problem of aligned structs inside packed structs.

Sorry, didn't fully grok that issue, so I assigned it a lower priority in my head. I'm not certain here, but I don't think that's incompatible with the alternatives I proposed?

I don't think this is correct. The C standard says nothing about struct layout. Rust just made incorrect assumptions. We should fix that mistake instead of doubling down on it.

Perhaps. In any case, I'm not convinced that there isn't a bunch of C code that is broken by this as well because they make the same assumption Rust does, and thus the argument that these are bugs in the C compilers instead.

Lints won't work when generics are involved.

The lint would probably have to happen on the actual usage in extern "C" fns (either declarations or definitions) a la improper_ctypes*, and generics are fairly rare in those places.

Copy link
Member

@RalfJung RalfJung Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

, I'm not convinced that there isn't a bunch of C code that is broken by this as well because they make the same assumption Rust does, and thus the argument that these are bugs in the C compilers instead.

IMO it's fairly clear that such code is buggy or at least non-portable C code. I see no basis for arguing that these C compilers are wrong. They are just strange.

The lint would probably have to happen on the actual usage in extern "C" fns (either declarations or definitions) a la improper_ctypes*, and generics are fairly rare in those places.

That's best-effort since not all types that cross the ABI boundary might be visible there (passing around void* and casting later is a common idiom after all).

Copy link
Contributor

@madsmtm madsmtm Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Or maybe yet another option: we do introduce repr(psABI) [...]

I like this idea a lot more than the current RFC.

Also unsure how strict such a check should be, maybe:

  • If affected platform:
    • on old editions: warn and continue with repr(ordered_fields)
    • on new editions: error
  • If not affected platform:
    • on old editions: continue with repr(ordered_fields)
    • on new editions: warn and continue with repr(ordered_fields)

That'd probably make the change more gradual.

IMO it's fairly clear that such code is buggy or at least non-portable C code. I see no basis for arguing that these C compilers are wrong. They are just strange.

I'll trust you to know better on that subject, I haven't actually read the C standard or anything.

Copy link
Member

@programmerjake programmerjake Jan 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

imo repr(psABI) is a terrible name, since that's way more obscure than C, I wouldn't expect even decent C and Rust programmers to know what it is.

Copy link
Member

@RalfJung RalfJung Jan 31, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We only have two options:

  • Change what repr(C) means. Can be done over an edition, but will still break copying any old material.
  • Consider repr(C) "burnt" at least for all cases where the C layout is different from repr(ordered_fields), and come up with a different name, which will be terrible.

Copy link

@bluebear94 bluebear94 Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I saw someone propose repr(system) somewhere, but I don’t remember who exactly.

Copy link
Member

@RalfJung RalfJung Feb 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was meant to have a slightly different meaning, just like extern "systems" (which already exists) is not the same as extern "C".

[rationale-and-alternatives]: #rationale-and-alternatives

* `crabi`: http://github.com/rust-lang/rfcs/pull/3470
* Currently stuck in limbo since it has a much larger scope. doesn't actually serve to give a consistent cross-platform layout, since it defers to `repr(C)` (and it must, for its stated goals)
* https://internals.rust-lang.org/t/consistent-ordering-of-struct-fileds-across-all-layout-compatible-generics/23247
* This doesn't give a predictable layout that can be used to match the layouts (or prefixes) of different structs
* https://github.com/rust-lang/rfcs/pull/3718
* This one is currently stuck due to a larger scope than this RFC
* do nothing
* We keep getting bug reports on Windows (and other platforms), where `repr(C)` doesn't actually match the target C compiler, or we break a bunch of subtle unsafe code to match the target C compiler.
# Prior art
[prior-art]: #prior-art

See Rationale and Alternatives as well

* https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/expand.2Frevise.20repr.28.7BC.2Clinear.2C.2E.2E.2E.7D.29.20for.202024.20edition

# Unresolved questions
[unresolved-questions]: #unresolved-questions

* The migration plan, as a whole, needs to be ironed out
* Currently, it is just a sketch, but we need timelines, dates, and guarantees to switch `repr(C)` to match the layout algorithm of the target C compiler.
* Before this RFC is accepted, t-compiler will need to commit to fixing the layout algorithm sometime in the next edition.
* The name of the new repr `repr(ordered_fields)` is a mouthful (intentionally for this RFC), maybe we could pick a better name? This could be done after the RFC is accepted.
* `repr(linear)`
* `repr(ordered)`
* `repr(sequential)`
* `repr(consistent)`
* something else?
* Is the ABI of `repr(ordered_fields)` specified (making it safe for FFI)? Or not?
* Should unions expose some niches?
* For example, if all variants of the union are structs which have a common prefix, then any niches of that common prefix could be exposed (i.e. in the enum case, making union of structs behave more like an enum).
* This must be answered before stabilization, as it is set in stone after that
* Should this `repr` be versioned?
* This way we can evolve the repr (for example, by adding new niches)
* Should we change the meaning of `repr(C)` in editions <= 2024 after we have reached edition 2033? Yes, it's a breaking change, but at that point it will likely only be breaking code no one uses.
* Leaning towards no
* Should we warn on `repr(ordered_fields)` when explicit tag type is specified (i.e. no `repr(u8)`/`repr(i32)`)
* Since it's likely they didn't want the same tag type as `C`, and wanted the smallest possible tag type.
# Future possibilities
[future-possibilities]: #future-possibilities

* Add more reprs for each target C compiler, for example `repr(C_gcc)` or `repr(C_msvc)`, etc.
* This would allow a single Rust app to target multiple compilers robustly, and would make it easier to specify `repr(C)`
* This would also allow fixing code in older editions
* https://internals.rust-lang.org/t/consistent-ordering-of-struct-fileds-across-all-layout-compatible-generics/23247