I was reading the lifetimes chapter of the Rust book, and I came across this example for a named/explicit lifetime:
struct Foo<'a> {
x: &'a i32,
}
fn main() {
let x; // -+ x goes into scope
// |
{ // |
let y = &5; // ---+ y goes into scope
let f = Foo { x: y }; // ---+ f goes into scope
x = &f.x; // | | error here
} // ---+ f and y go out of scope
// |
println!("{}", x); // |
} // -+ x goes out of scope
It's quite clear to me that the error being prevented by the compiler is the use-after-free of the reference assigned to x
: after the inner scope is done, f
and therefore &f.x
become invalid, and should not have been assigned to x
.
My issue is that the problem could have easily been analyzed away without using the explicit 'a
lifetime, for instance by inferring an illegal assignment of a reference to a wider scope (x = &f.x;
).
In which cases are explicit lifetimes actually needed to prevent use-after-free (or some other class?) errors?
Question&Answers:os