Allow hidden lifetimes in impl Trait
#57870
Conversation
This is a revert of fc3c90c, which made it an error to have a hidden lifetime inside an `impl Trait` return type even when the hidden lifetime outlived other lifetimes mentioned by name in the `impl Trait` bound.
rust-highfive
added
the
S-waiting-on-review
|
Looks good. Should we include a comment with some theoretical justification for this behaviour, as per @nikomatsakis's explanation on Zulip (implicit existential quantification over hidden lifetimes, etc.)? |
Centril
added
T-lang
|
@cramertj @nikomatsakis This seems right; but do we want to discuss this on a meeting / fcp-merge since it affects user observable type system behavior? Should also document this in the reference or some place less ephemeral than the code? EDIT: I've tentatively added needs-fcp but if for some reason you don't think so (+ add that reason) feel free to remove it. |
Centril
added
needs-fcp
|
This isn't sound: trait Swap: Sized {
fn swap(self, other: Self);
}
impl<T> Swap for &mut T {
fn swap(self, other: Self) {
std::mem::swap(self, other);
}
}
fn hide<'a, 'b, T: 'static>(x: &'a mut &'b T) -> impl Swap + 'a {
x
}
fn dangle() -> &'static [i32; 3] {
let mut res = &[4, 5, 6];
let x = [1, 2, 3];
hide(&mut res).swap(hide(&mut &x));
res
}
fn main() {
println!("{:?}", dangle()); // prints nonsense values
} |
Centril
removed
I-nominated
relnotes
|
I think we need to add the condition that the hidden lifetime outlives the lifetime mentioned in the opaque type? |
|
No, we need the currently implemented condition: |
|
@matthewjasper Huh? Isn't that exactly what I said? |
| @@ -2011,53 +2011,6 @@ a (non-transparent) struct containing a single float, while `Grams` is a | |||
| transparent wrapper around a float. This can make a difference for the ABI. | |||
| "##, | |||
|
|
|||
| E0700: r##" | |||
There was a problem hiding this comment.
I don't think we outright remove error code descriptions we don't emit anymore (at least not if they have hit stable, I'm sure).
Yep. So, my "basis" for believing that we can make something similar to (but presumably not quite the same as) this PR work is that we are able to "hide" lifetimes in a (In fact, if I recall, we do kind of compute such a region today -- that is, I think we forbid you from doing |
|
ping from triage @nikomatsakis what's the update on this? |
|
ping from triage can anyone from @rust-lang/lang review this? |
Centril
added
S-blocked
|
This is blocked on fixing the soundness hole per #57870 (comment). |
|
@Centril Is "blocked" the right word? There's nothing that needs to be fixed outside of this PR. |
|
@alexreg Idk... I debated whether to mark it as S-waiting-on-author or S-blocked... not sure it matters; but this way we won't retriage it all the time at least. |
|
s-blocked or s-waiting-for-team should be fine at this point |
|
Surely this should just be closed? The soundness issue doesn't seem fixable in a way that doesn't fundamentally change this pr. |
|
@matthewjasper Yup, this is no longer just the simple revert offered by this PR given that we have to address those soundness issues. I'll close this particular PR out and we can open a new one when we figure out the correct approach. |
This is a revert of fc3c90c, which made it an error
to have a hidden lifetime inside an
impl Traitreturntype even when the hidden lifetime outlived other lifetimes
mentioned by name in the
impl Traitbound.Partial revert of #49041.
cc @alexreg
r? @nikomatsakis