If a Pin is changed to point to a different location, what happens?

[theemathas]

In Pin<Ptr<T>>, the documentation is unclear on what the pinning guarantee is, if the pointer were to be changed to point to a different T. This can happen in at least three different ways, depending on how you count.

1. The Ptr can implement Deref and/or DerefMut in such a way that it doesn't return the same reference. That is, calling .deref() or .deref_mut() on the same Ptr twice returns two different references.
2. Someone can transmute a &mut Pin<Ptr<T>> into &mut Ptr<T>, then modify or replace the Ptr so that it points to a different T. (Note that this is possible even with well-behaved pointers such as Pin<&mut T>.)
3. The Ptr might allow external code to (possibly unsafely) modify where the pointer is pointing to, without going through the pointer directly. (For example, Ptr<T> might contain a Rc<UnsafeCell<Box<T>>>.)

Is changing what the pointer points to unsound? And if it is sound, what memory locations are considered to be pinned, and when?

[Diggsey]

My understanding is that pinning is a property of a place (ie. the target of the pointer), so there are no constraints on what you can do with the pointer itself.

A pointer that dereferences to different places would be confusing but sound.

And if it is sound, what memory locations are considered to be pinned, and when?

Every target of the pointer which is observed to be pinned.

[theemathas]

When does the no-moving guarantee start though? The first time the deref() was called and observed to be that address? Or when the Pin was first constructed?

[RalfJung]

It's a safety invariant, so it must be upheld any time a Pin<T> crosses an abstraction boundary (like being returned from your crate to the outside world, or being passed from your crate to a function you do not control).