Memory Safety without Lifetime Parameters
This proposal describes the implementation of a memory-safe reference type that does not use lifetime annotations. The goal of the proposal is to:
“Safe C++”[safecpp] introduced a comprehensive design for compile-time memory safety in C++. The borrow checking model in Safe C++ requires lifetime parameters, a feature that increases expressiveness but complicates the language’s type system. This proposal describes an alternative style of borrow checking, guaranteeing lifetime safety without the involvement of lifetime annotations.
In Safe C++, occurrences of the borrow type T^ in function declarations and in data members require specialization with lifetime arguments. Lifetime arguments name lifetime-parameters declared as part of the function declaration. Borrow types without lifetime arguments have unbound lifetimes and borrows with lifetime arguments have bound lifetimes. These are treated as different entities by the language’s type system, and there are subtle rules on how bound lifetimes decay to unbound lifetimes and how unbound lifetimes become bound. Lifetime annotations greatly improve the capability of safe references, but extend an already complicated type system.
The above code declares functions f1, f2 and f3 with lifetime-parameter-lists. Borrows in function return types must be constrained by the lifetimes of one or more function parameters. Failure to match lifetime arguments between function parameters and return types will cause a borrow checker failure. f1 fails to borrow check because the returned parameter y does not outlive the lifetime /a on the return type.
