You're allowed to extend lifetimes via transmute, but unsafe code must adhere to...

LegionMammal978 · on Oct 14, 2023

> Therefore, any use of transmute that extends a lifetime is UB if it causes the reference to outlive the referent.

By itself, a transmute of a currently-live reference cannot make it outlive its referent, in the sense used by the Rustonomicon. As it says later [0], a reference is alive until the point when it is last used, and no further.

Thus, with unsafe code, the lifetime of a reference can extend past the point when it stops being alive. As a consequence, extending the lifetime can never cause UB by itself: only using the reference after it has been invalidated can cause language-level UB.

Since language-level UB is based on liveness rather than lifetime, the compiler must assume that a reference passed to a function is valid even after it returns, up until the caller invalidates the reference by performing an operation incompatible with it remaining alive.

[0] https://doc.rust-lang.org/nomicon/lifetimes.html#the-area-co...

dwattttt · on Oct 15, 2023

> only using the reference after it has been invalidated can cause language-level UB.

When a reference is 'used' is much broader than you might expect; https://github.com/rust-lang/rust/issues/52898 is a SIGILL from merely creating a null reference, never 'using' it.

skitter · on Oct 15, 2023

That's not about 'using' a reference, it's about constructing an invalid value – no different than doing transmute::<u32,char>(0x110000). See https://www.ralfj.de/blog/2020/07/15/unused-data.html for an explanation why it's UB.

dwattttt · on Oct 15, 2023

That's true, but the claim was "it's ok to extend the lifetime of a reference beyond its referent so long as you don't use it after its referent has ceased being live"; what definition of 'used' the compiler might rely on is relevant.