raviqqe
commented
7 months ago In theory, isn't this safe because the &'a Operation<'c> is still bounded by the borrow checker to be live as long as the OperationRef<'c, 'a> would?
It makes sense that the Deref trait doesn't allow us to express that reference lifetime, but doesn't that make the Deref lifetime (the "safe" one) actually incorrect and unnecessarily strict/short?
In Rust, references correspond to pointers. So when we mark it safe, we can drop the OperationRef safely (wrongly,) which invalidates references to it.
As far as I can tell, the Operation should be bounded in lifetime by the lifetime of the value that the OperationRef was itself accessed from (in our case, a Block), and that's better described by &'a Operation<'c>.
We can't do this because the C API doesn't allow this... MlirOperation's internal representation in the C API is void*. So we can assume it to be &'a Operation<'c>. But then that might break the entire design of Operation and OperationRef in the Rust API in the future when they change the representation.
Moxinilian
We hit some interesting lifetime quirks when trying to loop through the operations in a block, so I was digging through the code for
OperationRef, and found this:https://github.com/raviqqe/melior/blob/0b2a9bd033a472c4cf750a13802ef6ae2c30c758/melior/src/ir/operation.rs#L375
My question is why this function is marked
unsafe. In theory, isn't this safe because the&'a Operation<'c>is still bounded by the borrow checker to be live as long as theOperationRef<'c, 'a>would?It makes sense that the
Dereftrait doesn't allow us to express that reference lifetime, but doesn't that make theDereflifetime (the "safe" one) actually incorrect and unnecessarily strict/short? As far as I can tell, theOperationshould be bounded in lifetime by the lifetime of the value that theOperationRefwas itself accessed from (in our case, aBlock), and that's better described by&'a Operation<'c>.