On Tue May 19, 2026 at 6:52 AM CEST, Eliot Courtney wrote: > Is this really sound without a covariance proof? For example, with this > version you could stash a Cell<Option<&'bound pci::Device<Bound>> (even > with Gary's suggested Core<'_> change) and then observe that reference > on Drop of Data, which seems unsound to me.
The Core<'_> change seems unrelated, Core is not Sync, so you can't store it in the first place. Otherwise, I don't see how one can exploit this. The formal invariance of Cell<Option<&'bound pci::Device<Bound>> is not practically exploitable because the framework controls what lifetimes are available and everything reachable through 'bound outlives the data; something that is shorter lived than 'bound can't be stored either. Bringing back ForLt for this reason seems undesirable, as it has a real design cost.
