Pre-RFC: Adjust default object bounds


Even though the motivation to fix this is well founded, I also worry about the precedent this sets.

“Rust hit 1.0, but they still land breaking changes.”

“1.0 was supposed to mean an end to breakage.”



I’m sorry, I worded that poorly, I mean you can’t just have a raw RefCell<Trait>, because it is a DST. It will either be a reference to a RefCell<T: Trait> (or a Box<RefCell<Trait>> or similar), which would be then be actual owner, or it will be Boxed itself.

At least that’s how I’m understanding how DST work at the moment.


I actually don’t see a problem with this as long as there is no actual breakage.

However ensuring this is a tricky business. Just because only N projects on crater break, doesn’t mean there aren’t P >> N projects on github, bitbucket, bazaar or on someone’s disks that do.

If we take backwards-compatibility seriously, we have to slow down to give people time to adapt. Perhaps splitting the change into multiple steps (for example with a period where elision for the specific case causes a compiler warning that elision behavior is about to change) will make the upgrade path smoother.


Here are the binary compilers that this was tested with.

They expire after 60 days and the test was reportedly done 24 days ago. For future reference this information is available in the taskcluster task definition as CRATER_RUST_INSTALLER.

We can provide an updated after Niko rebases.


I’ve just rebased my branch this morning (and it passes make check locally):


I’ll get a crater run of the new branch started.


I reluctantly feel like we can pull off this change as long as we’re proactive about communicating what’s happening.

If we do this we should tell people how to write code that works with both revisions, and ideally have the new compilers also tell people when they are writing incompatible code.

I’d also like to know what other potential breakage @nikomatsakis anticipates on the horizon so we might have some confidence that we won’t be doing another one soon.


I don’t have any plans for further “optional” breaking changes like this one. I have been working on possible approaches to correct some soundness issues (e.g., #25860, #24622) which will be breaking changes. These are approaching “proposal” state but I’m not yet ready to dive into the details.


I like this change in isolation, and I think the version-based opt in originally described in the language RFC would be the perfect way to handle it, which the added bonus of solving the deprecation-warning problem (only warn if it was deprecated in or before the specified version).

We could probably do it without that, assuming sufficient communication, but I think it would be less ideal.

EDIT: Also, is there enough time for this to be backported to 1.1? I’d be more comfortable with that than waiting until 1.2.


Here’s the crater results from @nikomatsakis’s rebased branch:

Suspiciously, there are no reported regressions. Note though that several of the 8 root regressions reported in the previous run were false positives.


If there’s no regressions then I’d say ship it.


I feel I need to reiterate that may not be representative for all rust code in the wild.

However, in this specific case, I think that any resulting breakage won’t be too bad if the error message is helpful and you folks communicate the change ‘loud’ enough.


I’m willing to consider this, but only because it satisfies our established criteria for acceptable breaking minor changes: “it must always be possible to locally fix the problem through some kind of disambiguation that could have been done in advance”. (

@brson, can you elaborate on how false positives are possible with Crater? Are false negatives just as possible?


Would this change be backported to 1.1? If we have to wait an additional six weeks to get this into 1.2 then more things could very well break before then.


The more I think about this, the more I think we need to be exceedingly careful here. The manner in which we handle this will affect the perception of the language for a very long time. We need to have something more thoughtful than just pushing out an update where code can potentially be broken, even if we can’t find any broken code in the wild.

For the people in here talking about “opt-in” attributes for behavior, I’m curious what you’re specifically referring to. For me, given the low risk of breakage from this change, I’m thinking that we’d have more of an opt-out for this particular change, where adding the attribute will get you the old behavior back. It would be the height of silliness to force every Rust crate for the rest of eternity to include a boilerplate attribute up top just for this.


@bstrie If I’m not mistaken, “opt-in” is referring to using a target version attribute to specify which version the code is targeting (the discussion has some overlap to RFC PRs #1122 and #1147).

As I’ve stated before, I’d prefer us to handle this carefully (by effectively “deprecating” the old rule, adding a warning to advise implementors how to make their intent explicit, and then in version 1.3 (or even later) add the new elision rule. If we have a target version attribute, we could even add the new elision rule in advance (like python’s from __future__ import ...).


Let me try to lay out my thinking here for what the policy should be.

To start with, I still think we should make the change proposed in this RFC. I think this change falls into a category that I have been calling (in my head) course corrections. That is, this change is not really fixing a bug in the code: the code follows the RFC. It is not a soundness concern. It’s just that the RFC’s design seems suboptimal in retrospect, basically, and it would be great if we could fix it. In particular, it’d be great if we could fix before there is a lot of code “in the wild” that depends on the current setup.

Initially, I thought it would be best to address these kind of course corrections using a version-based opt-in (as RFC #1122 specified). I’ve changed my mind, and I’ll explain why later. I now think it would be best to say that course corrections are permitted in a minor release, but only if the effect is judged to be negligible. I am sure we will evolve better ways to estimate the impact of a change over time, but for the moment I would propose the following criteria:

  1. The change has minimal impact on
  2. Because doesn’t represent the entirety of Rust code, the feature must be newly stabilized in the previous release, so there is not a lot of (stable) code out there depending on the current behavior.
  3. There must be no other way to fix the problem.

I think that this proposal meets these criteria. In an ideal world, it would be the only case that will ever meet those criteria. This is because in the future I hope that we refine the process such that we catch problems like this during nightly or alpha builds. But I wouldn’t rule out that a comparable scenario will arise in the future (and our decision in that case will clearly be informed by the eventual fate of this RFC.)

Why not opt-in?

Some of you are probably wondering why I think it is better to make a breaking change here. After all, I initially advocated using a fine-grained opt-in mechanism. In that case, we can change the language, but existing code is unaffected. Huzzah, everybody wins! (Right?) But I am now growing suspicious that this “free lunch” is in fact something of a mirage. Even if no code in stops compiling, backwards incompatible changes still carry a cost, and that cost grows over time as the amount of Rust code grows:

  • When we authorize an opt-in change, even if all existing code continues to compile, it still causes bitrot in tutorials, stack overflow answers, etc. People’s memory of how the language works will also have become inaccurate, which can be confusing if you’re not following Rust developments closely.
  • It also means that people’s notion of how “Rust 1.x” behaves will be fragmented: 1.22 might be different from 1.21 in relatively minor ways, which seems confusing (it seems natural that 1.22 will have new APIs and new features, but small changes to otherwise stable designs seems less intuitive).
  • We are going to have a lot of releases. I predict that maintaining this version number on crates will be a constant annoyance. Quick: Do you want to tag your crate with Rust 1.16 or 1.17? If you choose wrong, somebody will probably complain to you because they are using Rust 1.16 and it works just fine, so you should lower your version number.
    • The caveat here is that there are good reasons to want to avoid newer APIs and maintain compatibility. I think we can handle a lot of that sort of thing via cargo and automated analysis.

Put another way, I am concerned that having the ability to “opt in” to course corrections is a problem because it encourages us to make those corrections on a regular basis. rather than just in the most dire of cases. Those corrections will seem painless at first, but in fact the solution will have hidden costs that come up later. The cure is worse than the disease.

By making course corrections the exception, and not the rule, I think we will be better off overall. Moreover, it will minimize tutorial rot and other things, because any feature that is heavily or widely used will not be eligible for being changed (whereas with opt-in, we can make changes in a much wider range of circumstances).

Major versions

Now, of course, this proposal has to fit into a larger strategy on versioning. In particular, we’ve not really addressed how to make backwards incompatible extensions. Nor have we addressed when it makes sense to issue a new “major version” of Rust (e.g., Rust 2.0), and what kinds of changes we might do as part of Rust 2.0. Here too, I’ve been evolving my thinking. Initially, I hoped to avoid a new major version as long as possible, so as to ensure that code kept compiling for as long as possible. But I now think that this is leaving an important tool in the toolbox.

Major version numbers should be our way to signal “chapters” in Rust’s history. These chapters might include backwards incompatible changes, but they do not have to, and in fact ideally they would not (because we want code to continue compiling whenever possible). Rather, Rust 2.0 can serve as a signal that a lot of great stuff has happened since Rust 1.0, so if you haven’t been paying attention, it’s time to take a look. Put another way, even if code from the early Rust 1.x days still compiles, it should feels dated when Rust 2.0 is released, because it is not taking advantage of new features and new idioms.

I think, in practice, releasing a major version of Rust will feel analagous to the infrequent releases of other programming languages, such as the change from C++11 to C++14 or Java 1.4 to Java 1.5. The main difference from how other languages do things stems from the train model. This means that we can introduce those new changes more gradually, in the 1.x line, and only declare 2.0 when the full set is available. If some of the 2.0 features are backwards incompatible, this implies that sort of feature-based opt-in during the 1.x line (analogous to Python’s from __future__ import).

The advantages I see of this model is that it:

  1. promotes regular major version releases, which give us a chance to highlight the exciting work that we’ve done (we can’t really expect Rust users in the future to be closely following the new features in every minor release, much less prospective Rust users);
  2. gives a simple mental model for versions of the language, where "Rust 2.x" code indicates major shifts;
  3. doesn’t require people to tag their code with fine-grained version numbers like 1.17, which I foresee being a constant annoyance. It might be necessary (or useful) to tag with “Rust 2.x”, but that seems much easier to understand.


Let’s also remove deprecated things from major releases as a bonus.


@brson are the binaries from that crater run available?


I decided to advance this to a full RFC: