Add lint against integer to pointer transmutes #144531
Merged
+490
−68
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rustbot
added
S-waiting-on-review
|
The Miri subtree was changed cc @rust-lang/miri |
rustbot
added
I-lang-nominated
This is confusing since exposed provenance is not previously mentioned in the error message.
The error should probably make it clear that int-to-ptr transmute also create a pointer without provenance. |
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
int_to_ptr_transmutes
branch
from
b8f46d7 to
950af22
Compare
|
I have adjusted the diagnostics to make it clear that int-to-ptr transmute also create a pointer without transmute and added a note about exposed provenance (since suggestions always go at the end). |
traviscross
reviewed
Jul 27, 2025
Urgau
force-pushed
the
int_to_ptr_transmutes
branch
from
950af22 to
66d7c24
Compare
traviscross
reviewed
Jul 27, 2025
Comment on lines
+20
to
+42
| unsafe fn should_not_lint(a: usize) { | ||
| let _ptr = unsafe { std::mem::transmute::<usize, *const u8>(0usize) }; // linted by other lints |
There was a problem hiding this comment.
What's the other lint? I'm not immediately seeing another diagnostic in testing.
There was a problem hiding this comment.
(We have deref-nullptr, but that fires when dereferencing it.)
There was a problem hiding this comment.
For references, we lint on transmutes with the 0 literal with the invalid_value lint:
warning: the type `&i32` does not permit zero-initialization
--> src/lib.rs:2:39
|
2 | let _val: &'static i32 = unsafe { std::mem::transmute(0usize) };
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
| |
| this code causes undefined behavior when executed
| help: use `MaybeUninit<T>` instead, and only call `assume_init` after initialization is done
|
= note: references must be non-null
= note: `#[warn(invalid_value)]` on by default
For pointer we lint on some function with the invalid_null_arguments lint:
error: calling this function with a null pointer is undefined behavior, even if the result of the function is unused
--> /home/archie/Projects/RustProjects/rust/tests/ui/lint/invalid_null_args.rs:27:23
|
LL | let _: &[usize] = std::slice::from_raw_parts(mem::transmute(0usize), 0);
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^------^^^^^
| |
| null pointer originates from here
|
= help: for more information, visit <https://doc.rust-lang.org/std/ptr/index.html> and <https://doc.rust-lang.org/reference/behavior-considered-undefined.html>
There was a problem hiding this comment.
We could not care about the invalid_null_arguments lint and lint on transmutes to raw pointer.
For references I think we should keep it under the invalid_value lint.
There was a problem hiding this comment.
I feel like nobody will be surprised that transmuting 0 to a pointer will not give you something you can dereference...
There was a problem hiding this comment.
Even in the context of #141260? (I haven't checked carefully, it just rang a bell)
There was a problem hiding this comment.
For out-of-AM volatile accesses, provenance does not matter.
traviscross
added
P-lang-drag-1
RalfJung
reviewed
Jul 27, 2025
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
int_to_ptr_transmutes
branch
2 times, most recently
from
f29459b to
a2f8fde
Compare
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
int_to_ptr_transmutes
branch
from
a2f8fde to
eec7ccb
Compare
|
Some changes occurred in src/tools/clippy cc @rust-lang/clippy |
blyxyas
added
T-lang
This comment has been minimized.
This comment has been minimized.
Urgau
force-pushed
the
int_to_ptr_transmutes
branch
from
eec7ccb to
186956d
Compare
bors
added a commit
that referenced
this pull request
Aug 24, 2025
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see #128409 and #141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes #141220
Fixes #145523
`@rustbot` labels +I-lang-nominated +T-lang
cc `@traviscross`
r? compiler
Zalathar
added a commit
to Zalathar/rust
that referenced
this pull request
Aug 24, 2025
…kh726
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see rust-lang#128409 and rust-lang#141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes rust-lang#141220
Fixes rust-lang#145523
``@rustbot`` labels +I-lang-nominated +T-lang
cc ``@traviscross``
r? compiler
Zalathar
added a commit
to Zalathar/rust
that referenced
this pull request
Aug 24, 2025
…kh726
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see rust-lang#128409 and rust-lang#141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes rust-lang#141220
Fixes rust-lang#145523
```@rustbot``` labels +I-lang-nominated +T-lang
cc ```@traviscross```
r? compiler
bors
added a commit
that referenced
this pull request
Aug 24, 2025
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see #128409 and #141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes #141220
Fixes #145523
`@rustbot` labels +I-lang-nominated +T-lang
cc `@traviscross`
r? compiler
|
Yield to enclosing rollup. @bors retry |
bors
added a commit
that referenced
this pull request
Aug 24, 2025
Rollup of 6 pull requests Successful merges: - #144531 (Add lint against integer to pointer transmutes) - #144885 (Implement some more checks in `ptr_guaranteed_cmp`. ) - #145307 (Fix `LazyLock` poison panic message) - #145554 (rustc-dev-guide subtree update) - #145798 (Use unnamed lifetime spans as primary spans for `MISMATCHED_LIFETIME_SYNTAXES`) - #145799 (std/src/lib.rs: mention "search button" instead of "search bar") r? `@ghost` `@rustbot` modify labels: rollup
bors
added a commit
that referenced
this pull request
Aug 24, 2025
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see #128409 and #141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes #141220
Fixes #145523
`@rustbot` labels +I-lang-nominated +T-lang
cc `@traviscross`
r? compiler
|
@bors retry yielding to rollup that includes this PR |
bors
added a commit
that referenced
this pull request
Aug 24, 2025
Rollup of 5 pull requests Successful merges: - #144531 (Add lint against integer to pointer transmutes) - #145307 (Fix `LazyLock` poison panic message) - #145554 (rustc-dev-guide subtree update) - #145798 (Use unnamed lifetime spans as primary spans for `MISMATCHED_LIFETIME_SYNTAXES`) - #145799 (std/src/lib.rs: mention "search button" instead of "search bar") r? `@ghost` `@rustbot` modify labels: rollup
rust-timer
added a commit
that referenced
this pull request
Aug 24, 2025
Rollup merge of #144531 - Urgau:int_to_ptr_transmutes, r=jackh726 Add lint against integer to pointer transmutes # `integer_to_ptr_transmutes` *warn-by-default* The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference. ### Example ```rust fn foo(a: usize) -> *const u8 { unsafe { std::mem::transmute::<usize, *const u8>(a) } } ``` ``` warning: transmuting an integer to a pointer creates a pointer without provenance --> a.rs:1:9 | 158 | std::mem::transmute::<usize, *const u8>(a) | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = note: this is dangerous because dereferencing the resulting pointer is undefined behavior = note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance = help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut` = help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers> = help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance> = note: `#[warn(integer_to_ptr_transmutes)]` on by default help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance | 158 - std::mem::transmute::<usize, *const u8>(a) 158 + std::ptr::with_exposed_provenance::<u8>(a) | ``` ### Explanation Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance. Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used. See [std::mem::transmute] in the reference for more details. [std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html -------- People are getting tripped up on this, see #128409 and #141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code). Fixes rust-lang/rust-clippy#13140 Fixes #141220 Fixes #145523 `@rustbot` labels +I-lang-nominated +T-lang cc `@traviscross` r? compiler
|
still in queue @bors r- |
|
@bors r- retry |
bors
added
S-waiting-on-author
github-actions bot
pushed a commit
to rust-lang/rustc-dev-guide
that referenced
this pull request
Aug 25, 2025
Rollup of 5 pull requests Successful merges: - rust-lang/rust#144531 (Add lint against integer to pointer transmutes) - rust-lang/rust#145307 (Fix `LazyLock` poison panic message) - rust-lang/rust#145554 (rustc-dev-guide subtree update) - rust-lang/rust#145798 (Use unnamed lifetime spans as primary spans for `MISMATCHED_LIFETIME_SYNTAXES`) - rust-lang/rust#145799 (std/src/lib.rs: mention "search button" instead of "search bar") r? `@ghost` `@rustbot` modify labels: rollup
github-actions bot
pushed a commit
to rust-lang/miri
that referenced
this pull request
Aug 25, 2025
Rollup of 5 pull requests Successful merges: - rust-lang/rust#144531 (Add lint against integer to pointer transmutes) - rust-lang/rust#145307 (Fix `LazyLock` poison panic message) - rust-lang/rust#145554 (rustc-dev-guide subtree update) - rust-lang/rust#145798 (Use unnamed lifetime spans as primary spans for `MISMATCHED_LIFETIME_SYNTAXES`) - rust-lang/rust#145799 (std/src/lib.rs: mention "search button" instead of "search bar") r? `@ghost` `@rustbot` modify labels: rollup
github-actions bot
pushed a commit
to model-checking/verify-rust-std
that referenced
this pull request
Aug 26, 2025
…kh726
Add lint against integer to pointer transmutes
# `integer_to_ptr_transmutes`
*warn-by-default*
The `integer_to_ptr_transmutes` lint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.
### Example
```rust
fn foo(a: usize) -> *const u8 {
unsafe {
std::mem::transmute::<usize, *const u8>(a)
}
}
```
```
warning: transmuting an integer to a pointer creates a pointer without provenance
--> a.rs:1:9
|
158 | std::mem::transmute::<usize, *const u8>(a)
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: this is dangerous because dereferencing the resulting pointer is undefined behavior
= note: exposed provenance semantics can be used to create a pointer based on some previously exposed provenance
= help: if you truly mean to create a pointer without provenance, use `std::ptr::without_provenance_mut`
= help: for more information about transmute, see <https://doc.rust-lang.org/std/mem/fn.transmute.html#transmutation-between-pointers-and-integers>
= help: for more information about exposed provenance, see <https://doc.rust-lang.org/std/ptr/index.html#exposed-provenance>
= note: `#[warn(integer_to_ptr_transmutes)]` on by default
help: use `std::ptr::with_exposed_provenance` instead to use a previously exposed provenance
|
158 - std::mem::transmute::<usize, *const u8>(a)
158 + std::ptr::with_exposed_provenance::<u8>(a)
|
```
### Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively, `std::ptr::with_exposed_provenance` should be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenance `std::ptr::without_provenance_mut` should be used.
See [std::mem::transmute] in the reference for more details.
[std::mem::transmute]: https://doc.rust-lang.org/std/mem/fn.transmute.html
--------
People are getting tripped up on this, see rust-lang#128409 and rust-lang#141220. There are >90 cases like these on [GitHub search](https://github.com/search?q=lang%3Arust+%2Ftransmute%3A%3A%3Cu%5B0-9%5D*.*%2C+%5C*const%2F&type=code).
Fixes rust-lang/rust-clippy#13140
Fixes rust-lang#141220
Fixes rust-lang#145523
`@rustbot` labels +I-lang-nominated +T-lang
cc `@traviscross`
r? compiler
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
integer_to_ptr_transmuteswarn-by-default
The
integer_to_ptr_transmuteslint detects integer to pointer transmutes where the resulting pointers are undefined behavior to dereference.Example
Explanation
Any attempt to use the resulting pointers are undefined behavior as the resulting pointers won't have any provenance.
Alternatively,
std::ptr::with_exposed_provenanceshould be used, as they do not carry the provenance requirement or if the wanting to create pointers without provenancestd::ptr::without_provenance_mutshould be used.See std::mem::transmute in the reference for more details.
People are getting tripped up on this, see #128409 and #141220. There are >90 cases like these on GitHub search.
Fixes rust-lang/rust-clippy#13140
Fixes #141220
Fixes #145523
@rustbot labels +I-lang-nominated +T-lang
cc @traviscross
r? compiler