On Sun, Apr 27, 2025 at 08:41:02AM +0000, Benno Lossin wrote:
> On Sat Apr 26, 2025 at 11:24 PM CEST, Danilo Krummrich wrote:
> > On Sat, Apr 26, 2025 at 08:28:30PM +0000, Benno Lossin wrote:
> >> On Sat Apr 26, 2025 at 3:30 PM CEST, Danilo Krummrich wrote:
> >> > + pub fn access_with<'s, 'd: 's>(&'s self, dev: &'d Device<Bound>) -> Result<&'s T> {
> >>
> >> I don't think that we need the `'d` lifetime here (if not, we should
> >> remove it).
> >
> > If the returned reference out-lives dev it can become invalid, since it means
> > that the device could subsequently be unbound. Hence, I think we indeed need to
> > require that the returned reference cannot out-live dev.
>
> I meant the following signature:
>
> pub fn access_with<'a>(&'a self, dev: &'a Device<Bound>) -> Result<&'a T>
>
> You don't need to specify the additional `'d` one, since lifetimes allow
> subtyping [1]. So if I have a `&'s self` and a `&'d Device<Bound>` and
> `'d: 's`, then I can supply those arguments to my suggested function and
> the compiler will shorten `'d` to be `'s` or whatever is correct in the
> context.
>
> [1]: https://doc.rust-lang.org/nomicon/subtyping.html#subtyping
Makes sense, and I don't mind changing it, but I still think the orignal version
makes the actual requirement more obvious to the reader, i.e. dev must live *at
least* as long as self, but not dev must live *exactly* as long as self.
