Avoid lifetimebound for 'this'

danakj · danakj · commit 53ae8e577896 · 2023-03-12T22:44:12.000-04:00
Unless the return is a reference to a T that is _always_ owned by the
class, it causes false positives.

We already address avoiding returning references to temporaries through
deleting operator&amp;&amp; in this case.
diff --git a/PRINCIPLES.md b/PRINCIPLES.md
@@ -103,14 +103,23 @@ This library is an experiment and not intended for use. See the
          lvalue-reference-qualified (with `&` or `const&`). If they are
          `const&`-qualified, then `=delete` the `&&` override to avoid rvalues
          returning references to what they own.
+          * If the inner type is _always_ owned, the method can be annotated
+            with `sus_lifetimebound`, but avoid it when the inner type may be a
+            pointer/reference. We rely on deleting the `&&` override to avoid
+            references to temporaries.
        * When the inner type is a **single** template variable, disallow const
          on the inner type. The const on the Owning type will apply transitively
          to the owned inner type.
     * For Reference types:
-       * Methods that return a `const&` are `const&` qualified without deleting
+       * Methods that return a `const&` are `const&` qualified _without_ deleting
          the `&&` override. Mutable methods, including those that return a `&`
          are unqualified or `&&-qualified` (non-const, but not `&`-qualified in
          order to allow rvalues).
+          * Avoid `sus_lifetimebound` on methods that return references, as it
+            ties the lifetime to the method's class, but the class also only
+            holds a reference.
+       * Annotate constructor and method parameters with `sus_lifetimebound`
+         when the reference will be stored in the class.
        * When the inner type is a template variable, allow const on the inner
          type. The const on the Owning type is unable to be transferred to the
          inner type, i.e. a const `ref<T>` can be copied or moved to a non-const
diff --git a/subspace/choice/choice.h b/subspace/choice/choice.h
@@ -352,7 +352,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   /// passed as the template parameter.
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
-  constexpr inline decltype(auto) as() const& noexcept sus_lifetimebound {
+  constexpr inline decltype(auto) as() const& noexcept {
     ::sus::check(index_ == index<V>);
     return __private::find_choice_storage<index<V>>(storage_).as();
   }
@@ -376,7 +376,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   /// passed as the template parameter.
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
-  constexpr inline decltype(auto) as_mut() & noexcept sus_lifetimebound {
+  constexpr inline decltype(auto) as_mut() & noexcept {
     ::sus::check(index_ == index<V>);
     return __private::find_choice_storage_mut<index<V>>(storage_).as_mut();
   }
@@ -411,8 +411,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   /// active member.
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
-  constexpr inline Option<AccessTypeOfTagConst<V>> get() const& noexcept
-      sus_lifetimebound {
+  constexpr inline Option<AccessTypeOfTagConst<V>> get() const& noexcept {
     if (index_ != index<V>) return ::sus::none();
     return ::sus::some(__private::find_choice_storage<index<V>>(storage_).as());
   }
@@ -432,8 +431,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   /// active member.
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
-  constexpr inline Option<AccessTypeOfTagMut<V>> get_mut() & noexcept
-      sus_lifetimebound {
+  constexpr inline Option<AccessTypeOfTagMut<V>> get_mut() & noexcept {
     if (index_ != index<V>) return ::sus::none();
     return ::sus::some(
         __private::find_choice_storage_mut<index<V>>(storage_).as_mut());
@@ -469,7 +467,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
   constexpr inline decltype(auto) get_unchecked(
-      ::sus::marker::UnsafeFnMarker) const& noexcept sus_lifetimebound {
+      ::sus::marker::UnsafeFnMarker) const& noexcept {
     return __private::find_choice_storage<index<V>>(storage_).as();
   }
   // If the storage is a value type, it can't be accessed by reference in an
@@ -494,7 +492,7 @@ class Choice<__private::TypeList<Ts...>, Tags...> final {
   template <TagsType V>
     requires(__private::ValueIsNotVoid<StorageTypeOfTag<V>>)
   constexpr inline decltype(auto) get_unchecked_mut(
-      ::sus::marker::UnsafeFnMarker) & noexcept sus_lifetimebound {
+      ::sus::marker::UnsafeFnMarker) & noexcept {
     return __private::find_choice_storage_mut<index<V>>(storage_).as_mut();
   }
 
diff --git a/subspace/option/option.h b/subspace/option/option.h
@@ -385,14 +385,12 @@ class Option final {
   ///   reuse, making variable names bad.
   /// * It's expected due to std::optional and general container-of-one things
   ///   to provide access through operator* and operator->.
-  constexpr const std::remove_reference_t<T>& operator*() const& noexcept
-      sus_lifetimebound {
+  constexpr const std::remove_reference_t<T>& operator*() const& noexcept {
     ::sus::check(t_.state() == Some);
     return t_.val();
   }
   constexpr const std::remove_reference_t<T>* operator*() && noexcept = delete;
-  constexpr std::remove_reference_t<T>& operator*() & noexcept
-      sus_lifetimebound {
+  constexpr std::remove_reference_t<T>& operator*() & noexcept {
     ::sus::check(t_.state() == Some);
     return t_.val_mut();
   }
@@ -422,15 +420,13 @@ class Option final {
   ///   reuse, making variable names bad.
   /// * It's expected due to std::optional and general container-of-one things
   ///   to provide access through operator* and operator->.
-  constexpr const std::remove_reference_t<T>* operator->() const& noexcept
-      sus_lifetimebound {
+  constexpr const std::remove_reference_t<T>* operator->() const& noexcept {
     ::sus::check(t_.state() == Some);
     return ::sus::mem::addressof(
         static_cast<const std::remove_reference_t<T>&>(t_.val()));
   }
   constexpr const std::remove_reference_t<T>* operator->() && noexcept;
-  constexpr std::remove_reference_t<T>* operator->() & noexcept
-      sus_lifetimebound {
+  constexpr std::remove_reference_t<T>* operator->() & noexcept {
     ::sus::check(t_.state() == Some);
     return ::sus::mem::addressof(
         static_cast<std::remove_reference_t<T>&>(t_.val_mut()));
@@ -839,8 +835,7 @@ class Option final {
 
   /// Returns an Option<const T&> from this Option<T>, that either holds #None
   /// or a reference to the value in this Option.
-  constexpr Option<const std::remove_reference_t<T>&> as_ref() const& noexcept
-      sus_lifetimebound {
+  constexpr Option<const std::remove_reference_t<T>&> as_ref() const& noexcept {
     if (t_.state() == None)
       return Option<const std::remove_reference_t<T>&>::none();
     else
@@ -860,7 +855,7 @@ class Option final {
 
   /// Returns an Option<T&> from this Option<T>, that either holds #None or a
   /// reference to the value in this Option.
-  constexpr Option<T&> as_mut() & noexcept sus_lifetimebound {
+  constexpr Option<T&> as_mut() & noexcept {
     if (t_.state() == None)
       return Option<T&>::none();
     else
@@ -878,8 +873,7 @@ class Option final {
       return Option<T&>(t_.take_and_set_none());
   }
 
-  constexpr Once<const std::remove_reference_t<T>&> iter() const& noexcept
-      sus_lifetimebound {
+  constexpr Once<const std::remove_reference_t<T>&> iter() const& noexcept {
     return Once<const std::remove_reference_t<T>&>::with(as_ref());
   }
   constexpr Once<const std::remove_reference_t<T>&> iter() && noexcept
@@ -889,9 +883,7 @@ class Option final {
         ::sus::move(*this).as_ref());
   }
 
-  constexpr Once<T&> iter_mut() & noexcept sus_lifetimebound {
-    return Once<T&>::with(as_mut());
-  }
+  constexpr Once<T&> iter_mut() & noexcept { return Once<T&>::with(as_mut()); }
   constexpr Once<T&> iter_mut() && noexcept
     requires(std::is_reference_v<T>)
   {
diff --git a/subspace/result/result.h b/subspace/result/result.h
@@ -539,7 +539,7 @@ class [[nodiscard]] Result final {
                                          mref(storage_.err_));
   }
 
-  constexpr Once<const T&> iter() const& noexcept sus_lifetimebound {
+  constexpr Once<const T&> iter() const& noexcept {
     ::sus::check(state_ != __private::ResultState::IsMoved);
     if (state_ == __private::ResultState::IsOk)
       return Once<const T&>::with(Option<const T&>::some(storage_.ok_));
@@ -548,7 +548,7 @@ class [[nodiscard]] Result final {
   }
   Once<const T&> iter() const&& = delete;
 
-  constexpr Once<T&> iter_mut() & noexcept sus_lifetimebound {
+  constexpr Once<T&> iter_mut() & noexcept {
     ::sus::check(state_ != __private::ResultState::IsMoved);
     if (state_ == __private::ResultState::IsOk)
       return Once<T&>::with(Option<T&>::some(mref(storage_.ok_)));
