I have a value and I want to store that value and a reference to something inside that value in my own type:
struct Thing {
count: u32,
}
struct Combined<'a>(Thing, &'a u32);
fn make_combined<'a>() -> Combined<'a> {
let thing = Thing { count: 42 };
Combined(thing, &thing.count)
}
Sometimes, I have a value and I want to store that value and a reference to that value in the same structure:
struct Combined<'a>(Thing, &'a Thing);
fn make_combined<'a>() -> Combined<'a> {
let thing = Thing::new();
Combined(thing, &thing)
}
Sometimes, I'm not even taking a reference of the value and I get the same error:
struct Combined<'a>(Parent, Child<'a>);
fn make_combined<'a>() -> Combined<'a> {
let parent = Parent::new();
let child = parent.child();
Combined(parent, child)
}
In each of these cases, I get an error that one of the values "does not live long enough". What does this error mean?
A slightly different issue which causes very similar compiler messages is object lifetime dependency, rather than storing an explicit reference. An example of that is the ssh2 library. When developing something bigger than a test project, it is tempting to try to put the
Session
andChannel
obtained from that session alongside each other into a struct, hiding the implementation details from the user. However, note that theChannel
definition has the'sess
lifetime in its type annotation, whileSession
doesn't.This causes similar compiler errors related to lifetimes.
One way to solve it in a very simple way is to declare the
Session
outside in the caller, and then for annotate the reference within the struct with a lifetime, similar to the answer in this Rust User's Forum post talking about the same issue while encapsulating SFTP. This will not look elegant and may not always apply - because now you have two entities to deal with, rather than one that you wanted!Turns out the rental crate or the owning_ref crate from the other answer are the solutions for this issue too. Let's consider the owning_ref, which has the special object for this exact purpose:
OwningHandle
. To avoid the underlying object moving, we allocate it on the heap using aBox
, which gives us the following possible solution:The result of this code is that we can not use the
Session
anymore, but it is stored alongside with theChannel
which we will be using. Because theOwningHandle
object dereferences toBox
, which dereferences toChannel
, when storing it in a struct, we name it as such. NOTE: This is just my understanding. I have a suspicion this may not be correct, since it appears to be quite close to discussion ofOwningHandle
unsafety.One curious detail here is that the
Session
logically has a similar relationship withTcpStream
asChannel
has toSession
, yet its ownership is not taken and there are no type annotations around doing so. Instead, it is up to the user to take care of this, as the documentation of handshake method says:So with the
TcpStream
usage, is completely up to the programmer to ensure the correctness of the code. With theOwningHandle
, the attention to where the "dangerous magic" happens is drawn using theunsafe {}
block.A further and a more high-level discussion of this issue is in this Rust User's Forum thread - which includes a different example and its solution using the rental crate, which does not contain unsafe blocks.
Let's look at a simple implementation of this:
This will fail with the error:
To completely understand this error, you have to think about how the values are represented in memory and what happens when you move those values. Let's annotate
Combined::new
with some hypothetical memory addresses that show where values are located:What should happen to
child
? If the value was just moved likeparent
was, then it would refer to memory that no longer is guaranteed to have a valid value in it. Any other piece of code is allowed to store values at memory address 0x1000. Accessing that memory assuming it was an integer could lead to crashes and/or security bugs, and is one of the main categories of errors that Rust prevents.This is exactly the problem that lifetimes prevent. A lifetime is a bit of metadata that allows you and the compiler to know how long a value will be valid at its current memory location. That's an important distinction, as it's a common mistake Rust newcomers make. Rust lifetimes are not the time period between when an object is created and when it is destroyed!
As an analogy, think of it this way: During a person's life, they will reside in many different locations, each with a distinct address. A Rust lifetime is concerned with the address you currently reside at, not about whenever you will die in the future (although dying also changes your address). Every time you move it's relevant because your address is no longer valid.
It's also important to note that lifetimes do not change your code; your code controls the lifetimes, your lifetimes don't control the code. The pithy saying is "lifetimes are descriptive, not prescriptive".
Let's annotate
Combined::new
with some line numbers which we will use to highlight lifetimes:The concrete lifetime of
parent
is from 1 to 4, inclusive (which I'll represent as[1,4]
). The concrete lifetime ofchild
is[2,4]
, and the concrete lifetime of the return value is[4,5]
. It's possible to have concrete lifetimes that start at zero - that would represent the lifetime of a parameter to a function or something that existed outside of the block.Note that the lifetime of
child
itself is[2,4]
, but that it refers to a value with a lifetime of[1,4]
. This is fine as long as the referring value becomes invalid before the referred-to value does. The problem occurs when we try to returnchild
from the block. This would "over-extend" the lifetime beyond its natural length.This new knowledge should explain the first two examples. The third one requires looking at the implementation of
Parent::child
. Chances are, it will look something like this:This uses lifetime elision to avoid writing explicit generic lifetime parameters. It is equivalent to:
In both cases, the method says that a
Child
structure will be returned that has been parameterized with the concrete lifetime ofself
. Said another way, theChild
instance contains a reference to theParent
that created it, and thus cannot live longer than thatParent
instance.This also lets us recognize that something is really wrong with our creation function:
Although you are more likely to see this written in a different form:
In both cases, there is no lifetime parameter being provided via an argument. This means that the lifetime that
Combined
will be parameterized with isn't constrained by anything - it can be whatever the caller wants it to be. This is nonsensical, because the caller could specify the'static
lifetime and there's no way to meet that condition.How do I fix it?
The easiest and most recommended solution is to not attempt to put these items in the same structure together. By doing this, your structure nesting will mimic the lifetimes of your code. Place types that own data into a structure together and then provide methods that allow you to get references or objects containing references as needed.
There is a special case where the lifetime tracking is overzealous: when you have something placed on the heap. This occurs when you use a
Box<T>
, for example. In this case, the structure that is moved contains a pointer into the heap. The pointed-at value will remain stable, but the address of the pointer itself will move. In practice, this doesn't matter, as you always follow the pointer.The rental crate or the owning_ref crate are ways of representing this case, but they require that the base address never move. This rules out mutating vectors, which may cause a reallocation and a move of the heap-allocated values.
More information
While it is theoretically possible to do this, doing so would introduce a large amount of complexity and overhead. Every time that the object is moved, the compiler would need to insert code to "fix up" the reference. This would mean that copying a struct is no longer a very cheap operation that just moves some bits around. It could even mean that code like this is expensive, depending on how good a hypothetical optimizer would be:
Instead of forcing this to happen for every move, the programmer gets to choose when this will happen by creating methods that will take the appropriate references only when you call them.
There's one specific case where you can create a type with a reference to itself. You need to use something like
Option
to make it in two steps though:This does work, in some sense, but the created value is highly restricted - it can never be moved. Notably, this means it cannot be returned from a function or passed by-value to anything. A constructor function shows the same problem with the lifetimes as above: