lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <D9HL6SERYCVX.24AUGLK06TV41@proton.me>
Date: Sun, 27 Apr 2025 17:11:12 +0000
From: Benno Lossin <benno.lossin@...ton.me>
To: Danilo Krummrich <dakr@...nel.org>
Cc: gregkh@...uxfoundation.org, rafael@...nel.org, bhelgaas@...gle.com, kwilczynski@...nel.org, zhiw@...dia.com, cjia@...dia.com, jhubbard@...dia.com, bskeggs@...dia.com, acurrid@...dia.com, joelagnelf@...dia.com, ttabi@...dia.com, acourbot@...dia.com, ojeda@...nel.org, alex.gaynor@...il.com, boqun.feng@...il.com, gary@...yguo.net, bjorn3_gh@...tonmail.com, a.hindborg@...nel.org, aliceryhl@...gle.com, tmgross@...ch.edu, linux-pci@...r.kernel.org, rust-for-linux@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] rust: devres: implement Devres::access_with()

On Sun Apr 27, 2025 at 12:10 PM CEST, Danilo Krummrich wrote:
> On Sun, Apr 27, 2025 at 08:41:02AM +0000, Benno Lossin wrote:
>> On Sat Apr 26, 2025 at 11:24 PM CEST, Danilo Krummrich wrote:
>> > On Sat, Apr 26, 2025 at 08:28:30PM +0000, Benno Lossin wrote:
>> >> On Sat Apr 26, 2025 at 3:30 PM CEST, Danilo Krummrich wrote:
>> >> > +    pub fn access_with<'s, 'd: 's>(&'s self, dev: &'d Device<Bound>) -> Result<&'s T> {
>> >> 
>> >> I don't think that we need the `'d` lifetime here (if not, we should
>> >> remove it).
>> >
>> > If the returned reference out-lives dev it can become invalid, since it means
>> > that the device could subsequently be unbound. Hence, I think we indeed need to
>> > require that the returned reference cannot out-live dev.
>> 
>> I meant the following signature:
>> 
>>     pub fn access_with<'a>(&'a self, dev: &'a Device<Bound>) -> Result<&'a T>
>> 
>> You don't need to specify the additional `'d` one, since lifetimes allow
>> subtyping [1]. So if I have a `&'s self` and a `&'d Device<Bound>` and
>> `'d: 's`, then I can supply those arguments to my suggested function and
>> the compiler will shorten `'d` to be `'s` or whatever is correct in the
>> context.
>> 
>> [1]: https://doc.rust-lang.org/nomicon/subtyping.html#subtyping
>
> Makes sense, and I don't mind changing it, but I still think the orignal version
> makes the actual requirement more obvious to the reader, i.e. dev must live *at
> least* as long as self, but not dev must live *exactly* as long as self.

I think it makes the function harder to read, since you have multiple
lifetimes around. Once one gets used to the subtyping rule, it's much
better to reduce the total amount of lifetimes. Otherwise it seems to me
as if it's more complicated.

---
Cheers,
Benno

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ