The implementation previously took advantage of a missing diagnostic. They
returned a borrowed Span with a dependency on a copied argument. This illegally
promotes the dependency. This is what the author intended to do (the
implementation was correct) but the compiler can't know that so the code needs
to be explicit about overriding the lifetime.
This dynamic library contains a copy of the standard library's
exported entry points for the Span and RawSpan types. This will
allow backward deployment of code that uses those new types.
Two are fixes needed in most of the `RawSpan` and `Span` initializers. For example:
```
let baseAddress = buffer.baseAddress
let span = RawSpan(_unchecked: baseAddress, byteCount: buffer.count)
// As a trivial value, 'baseAddress' does not formally depend on the
// lifetime of 'buffer'. Make the dependence explicit.
self = _overrideLifetime(span, borrowing: buffer)
```
Fix#1. baseAddress needs to be a variable
`span` has a lifetime dependence on `baseAddress` via its
initializer. Therefore, the lifetime of `baseAddress` needs to include the call
to `_overrideLifetime`. The override sets the lifetime dependency of its result,
not its argument. It's argument still needs to be non-escaping when it is passed
in.
Alternatives:
- Make the RawSpan initializer `@_unsafeNonescapableResult`.
Any occurrence of `@_unsafeNonescapableResult` actually signals a bug. We never
want to expose this annotation.
In addition to being gross, it would totally disable enforcement of the
initialized span. But we really don't want to side-step `_overrideLifetime`
where it makes sense. We want the library author to explicitly indicate that
they understand exactly which dependence is unsafe. And we do want to
eventually expose the `_overrideLifetime` API, which needs to be well
understood, supported, and tested.
- Add lifetime annotations to a bunch of `UnsafePointer`-family APIs so the
compiler can see that the resulting pointer is derived from self, where self is
an incoming `Unsafe[Buffer]Pointer`. This would create a massive lifetime
annotation burden on the `UnsafePointer`-family APIs, which don't really have
anything to do with lifetime dependence. It makes more sense for the author of
`Span`-like APIs to reason about pointer lifetimes.
Fix#2. `_overrideLifetime` changes the lifetime dependency of span to be on an
incoming argument rather than a local variable.
This makes it legal to escape the function (by assigning it to self). Remember
that self is implicitly returned, so the `@lifetime(borrow buffer)` tells the
compiler that `self` is valid within `buffer`'s borrow scope.
Without this fix, the standard library source will break with shortly upcoming
compiler toolchain.
Never explicitly copy a pointer before passing it to an argument that is the
source of a lifetime dependency on the function's return value. That will always
raise a diagnostic error: depending on a temporary value is not the same as
depending on a variable. A temporary value's scope is only the current expression.
Also avoid using ownership modifiers for UnsafePointer. We don't want to treat
them like noncopyable types. They are simply values. Treating them like
noncopyable types creates a lot of overhead in the representation, which is
likely to interfere with diagnostics and optimization.
Without this, supported old compilers which don't recognize LifetimeDependence feature but
recognize the NonEscapableTypes feature will run into lifetime dependence inference errors
on the implicit initializer generated for the stdlib's swiftinterface
