[Buttons840]

Isn't this a definition of lifetimes too?

A lifetime is some set of memory a reference may refer to. Consider:

fn foo<'a, 'b>(x: &'a str, y: &'b str) -> &'a str

Aren't 'a and 'b sets of memory a reference can refer to? As far as this function call is concerned, both 'a and 'b will live throughout, so it's not about life and death, it's about what memory the references may refer too.

Is a lifetime and a "provenance" the same thing?

[Rusky]

Provenance is a dynamic property of pointer values. The actual underlying rules that a program must follow, even when using raw pointers and `unsafe`, are written in terms of provenance. Miri (https://github.com/rust-lang/miri) represents provenance as an actual value stored alongside each pointer's address, so it can check for violations of these rules.

Lifetimes are a static approximation of provenance. They are erased after being validated by the borrow checker, and do not exist in Miri or have any impact on what transformations the optimizer may perform. In other words, the provenance rules allow a superset of what the borrow checker allows.

[Buttons840]

So this is about solidifying very specific semantics that are of more concern to projects like Miri than it is to regular users?

Speaking of Miri, is the long term goal to say for certain whether or not a program execution encountered UB? (Which is, of course, different than verifying it before execution at compile time.)

[Rusky]

It is about solidifying semantics, but those semantics are still a concern to regular users who are writing `unsafe` code, not just Miri.

As I understand it, Miri would like to be certain about the presence/absence of the UB of any particular program execution, but there will probably always be some cases it can't catch.

[digama0]

> Speaking of Miri, is the long term goal to say for certain whether or not a program execution encountered UB? (Which is, of course, different than verifying it before execution at compile time.)

That's more than a long term goal, that's the present behavior, to the extent that the UB rules are defined in the first place. Miri will tell you when it has to make approximating assumptions (e.g. accessing FFI or using nondeterministic operations), and it doesn't happen very often. This is very much the intent of the tool.

[Georgelemental]

> Aren't 'a and 'b sets of memory a reference can refer to?

No, the set of memory the reference refers to is encoded by the reference's bits. Two references with the same lifetime can refer to different memory, and vice-versa. Lifetimes determine when the reference is valid.

[Buttons840]

I was speaking more abstractly.

Strictly speaking, a pointer points to 1 address, not a set.

Abstractly speaking, a lifetime represents a set of memory that lives a certain length of time, and thus also represents the set of memory a reference with that lifetime can reference.

It's just a different way of thinking about lifetimes which helped me understand them.

[Georgelemental]

> a pointer points to 1 address, not a set.

Rust "fat pointers" like `&str` contain a length as well.

> represents the set of memory a reference with that lifetime can reference.

No, you can have memory that is alive for a particular lifetime but that you are not allowed to access via a pointer with said lifetime (because it's out of bounds).