ZST semver footgun

danvil · November 21, 2025, 12:10am

I recently got quite stuck on a bug in my project which boils down to this example:

use std::any::Any;

#[derive(Debug)]
pub struct Foo(pub u32);

fn boxit<T: 'static>(x: T) -> Box<dyn Any> {
    Box::new(x)
}

fn unboxit<T: 'static>(b: Box<dyn Any>) -> T {
    *b.downcast::<T>().unwrap()
}

fn main() {
    let b = boxit(Foo);
    let x: Foo = unboxit(b);
    println!("{x:?}");
}

The footgun here is that once Foo was a ZST type and the program worked, but then someone added a field to it, and while the code kept compiling the semantics changed. Suddenly Foo in boxit(Foo) was a function fn() -> Foo and main panicked.

What is the right strategy to avoid this problem?

azriel91 · November 21, 2025, 12:22am

I don't think the lint exists yet, but GitHub - obi1kenobi/cargo-semver-checks: Scan your Rust crate for semver violations. would happily want to have it as a lint.

Kyllingene · November 21, 2025, 12:24am

If it's a recurring issue, you could declare your unit structs as struct Foo(). Also, I'm not sure this qualifies as a semver issue, since adding fields to a public struct like that is already a breaking change.

quinedot · November 21, 2025, 12:33am

Cross-crate the solution is

#[non_exhaustive]
struct Foo;
// + Default or w/e for construction

Unfortunately there is (to date) no way to tune non_exhaustive to be on any privacy boundary (such as a module), it's always pub(crate)-esque.

danvil · November 21, 2025, 12:42am

For the example I used pub u32 to avoid a warning about an unused variable, but the same issue arises if the field is private.

kpreid · November 21, 2025, 1:05am

the same issue arises if the field is private.

No, if the field is private, then you can't use the Foo constructor function from outside the module, and so boxit(Foo) won't compile.

Kyllingene · November 21, 2025, 2:01am

It's still a semver breakage to go from a publically-constructable unit struct to a non-constructable non-unit struct, since old code attempting to create a unit struct is now broken. It's just that in this particular case, it's a runtime instead of comptime error.

programmerjake · November 21, 2025, 5:27am

if you want to guarantee a compile-time error instead of silently changing semantics when Foo's definition changes to add fields, you can write boxit(Foo {}) instead, which will error when anyone adds fields, but will keep working whenever Foo is a struct without fields (whether it's declared struct Foo;, struct Foo();, or struct Foo {}) as long as Foo is not #[non_exhaustive].

Topic		Replies	Views
#[non_exhaustive] in library (will make things difficult). Best practice? help	27	1297	December 6, 2022
Structs with public fields are brittle	7	8188	January 12, 2023
Clippy suggests use #[non_exhaustive] instead of using private field help	6	765	April 3, 2023
Trait constant inside struct field	2	485	January 12, 2023
The non-exhaustive attr	11	227	April 28, 2025

ZST semver footgun

Related topics