I've found the short circuit in my brain: the problem is that an (in hindsight embarrassingly obvious) invariant of `&'a T` is that it's outlived by whatever it's pointing at, which is what has the lifetime (at least) 'a. So if 'unsafe is the empty lifetime, then `&'unsafe T` is an oxymoron: it can't exist. What I was consistently confusing it with (I think I might've relied on different interpretations in different places) is the idea of a pointer which lives however long, but can only *be dereferenced* within the given lifetime. I wonder if the latter is theoretically feasible at all?
In any case, I think this also shows that the ban on `&'a &'b T` where 'a outlives 'b is principled, and follows from simple transitivity: if the given `&'b T` has lifetime at least 'a, and is outlived by the given T with lifetime at least 'b, it follows that 'b must be greater than 'a. Pseudo-formally: 1. 'a >= lifetime(given &'a &'b T) 2. lifetime(given &'b T) >= 'a 3. 'b >= lifetime(given &'b T) 4. lifetime(given T) >= 'b ----- 'b >= 'a (from 2. and 3.) On Sat, Jul 27, 2013 at 4:51 PM, Gábor Lehel <[email protected]> wrote: > > Summary: > > I think we could replace `*` pointers with a combination of guaranteeing > the null pointer optimization for `Option` (kinda like TCO) and introducing > a new special lifetime `'unsafe`. This would retain the desirable > properties of the current system, while being superior in other ways, such > as orthogonality. Whether and how to waive aliasing and mutability related > invariants separately from the others might need more thinking, but is > independent. > > Thoughts? > > -- > Your ship was destroyed in a monadic eruption. > -- Your ship was destroyed in a monadic eruption.
_______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
