On Sun, Apr 27, 2025 at 05:11:12PM +0000, Benno Lossin wrote:
> On Sun Apr 27, 2025 at 12:10 PM CEST, Danilo Krummrich wrote:
> > On Sun, Apr 27, 2025 at 08:41:02AM +0000, Benno Lossin wrote:
> >> On Sat Apr 26, 2025 at 11:24 PM CEST, Danilo Krummrich wrote:
> >> > On Sat, Apr 26, 2025 at 08:28:30PM +0000, Benno Lossin wrote:
> >> >> On Sat Apr 26, 2025 at 3:30 PM CEST, Danilo Krummrich wrote:
> >> >> > + pub fn access_with<'s, 'd: 's>(&'s self, dev: &'d Device<Bound>) -> Result<&'s T> {
> >> >>
> >> >> I don't think that we need the `'d` lifetime here (if not, we should
> >> >> remove it).
> >> >
> >> > If the returned reference out-lives dev it can become invalid, since it means
> >> > that the device could subsequently be unbound. Hence, I think we indeed need to
> >> > require that the returned reference cannot out-live dev.
> >>
> >> I meant the following signature:
> >>
> >> pub fn access_with<'a>(&'a self, dev: &'a Device<Bound>) -> Result<&'a T>
> >>
> >> You don't need to specify the additional `'d` one, since lifetimes allow
> >> subtyping [1]. So if I have a `&'s self` and a `&'d Device<Bound>` and
> >> `'d: 's`, then I can supply those arguments to my suggested function and
> >> the compiler will shorten `'d` to be `'s` or whatever is correct in the
> >> context.
> >>
> >> [1]: https://doc.rust-lang.org/nomicon/subtyping.html#subtyping
> >
> > Makes sense, and I don't mind changing it, but I still think the orignal version
> > makes the actual requirement more obvious to the reader, i.e. dev must live *at
> > least* as long as self, but not dev must live *exactly* as long as self.
>
> I think it makes the function harder to read, since you have multiple
> lifetimes around. Once one gets used to the subtyping rule, it's much
> better to reduce the total amount of lifetimes. Otherwise it seems to me
> as if it's more complicated.
As mentioned above, I don't mind changing it, so I'll drop the 'd lifetime.
