I don't have concrete examples. But I can see how to plausible construct some cases that would break (more on that below). Do they happen in practise? No clue. Could a crater run detect them? Now that is an interesting question, which I don't know.
So here are some scenarios:
- The current alignment rules for repr C are assumed to hold and used for soundness of SIMD loads.
- The layout alogithm is assumed to be stabilised (I checked the reference, and it doesn't say that it is unstable). This is then used to do zero copy shared memory IPC between a pair of rust programs. One of these is rebuilt with a newer compiler where the rules have changed, now the shared memory IPC is unsound.
- While the current two examples both decrease alignment, what about a case where alignment is instead increased (for some future case yet to be discovered)? NoUninit in bytemuck - Rust in older versions of that crate would possibly be unsound now (depending on how it is implemented). Manual implementations of that trait (as opposed to derives) would certainly have a risk of becoming unsound if the rules change and padding bytes are added.
- Creative use of unions may also be affected. You might be using repr C to convert between (properly aligned) byte buffers and another zero copy representation of data.
I think the main issues with changing the rules are:
- The current algorithm is stable. There is no easy way to tell what code may depend on it.
- It won't change on x86-64 Linux (which is what crater runs on). So crater won't find breakages.
- The platforms that would have breakages are quite frankly extremely niche, so most projects likely don't test on them either (at least not in CI). This makes it more likely to break without developers noticing.
- Spreading awareness about this change will be challenging. Most people don't read every release announcement.
Contrast that with adding a new repr:
- Change bindgen, bindgen, cxx etc to use this new repr. This will then by itself spread slowly through the ecosystem.
- That will of course not catch every case (bindgened files not updated/regenerated, dead projects hand written bindings, ...), but the platforms where it matters are again niche.
- The change will be more visible, even if you missed the original announcement, you might go "huh, what is this weird repr(bikeshed)" eventually?
Neither solution is great. Pick whichever is the lesser evil.