Are dependency injection containers that return references to values allocated in a local function fundamentally impossible in Rust?

Question

In my mind one of the ideal traits for a dependency injection container would look like:

pub trait ResolveOwn<T> {
    fn resolve(&self) -> T;
}

I don't know how to implement this for certain T. I keep stubbing my toes on variations and cousins of this error:

error[E0515]: cannot return value referencing local variable `X`

I'm used to dependency injection in C# where returning values referencing local variables is precisely how you implement the equivalent of that resolve function.

Here's an illustration that focuses on this aspect of dependency injection:

struct ComplexThing<'a>(&'a i32);

struct Module();

impl Module {
    fn resolve_foo(&self) -> i32 {
        todo!()
    }

    pub fn resolve_complex_thing_1(&self) -> ComplexThing {
        let foo = self.resolve_foo();
        ComplexThing(&foo)
    }
}

error[E0515]: cannot return value referencing local variable `foo`
  --> src/lib.rs:12:9
   |
12 |         ComplexThing(&foo)
   |         ^^^^^^^^^^^^^----^
   |         |            |
   |         |            `foo` is borrowed here
   |         returns a value referencing data owned by the current function

See? There's that error.

My first instinct (again, coming from C#) is to give the local variable a place to live in the returned value, because the local variable is created here but it needs to live at least as long as the returned value. Hmm... that sounds sort of like returning a closure. Let's see how that goes...

pub fn resolve_complex_thing_2<'a>(&'a self) -> impl FnOnce() -> ComplexThing<'a> {
    let foo = self.resolve_foo();
    move || ComplexThing(&foo)
}

error[E0515]: cannot return value referencing local data `foo`
  --> src/lib.rs:12:17
   |
12 |         move || ComplexThing(&foo)
   |                 ^^^^^^^^^^^^^----^
   |                 |            |
   |                 |            `foo` is borrowed here
   |                 returns a value referencing data owned by the current function

No joy. It doesn't work to package this closure up into a prettier type (like some impl of Into<ComplexThing<'a>>) because it's fundamentally about returning a value referencing local data.

My next instinct is to somehow jam the local data into some kind of weak cache inside my Module and then get a reference from there (undoubtedly unsafely). And then the weak cache will need to solve half of the hard problems in Computer Science (hint: the other hard problem is naming things). That's starting to sound an awful lot like... oh no. Garbage collection!

I also thought about inverting the flow of control. It's hideous and still doesn't work:

impl Module {
    pub fn use_foo<T>(&self, f: impl FnOnce(i32) -> T) -> T {
        (f)(42)
    }

    pub fn use_complex_thing<'a, T>(&'a self, f: impl FnOnce(ComplexThing<'a>) -> T) -> T {
        self.use_foo(
            |foo| (f)(ComplexThing(&foo)),
        )
    }
}

error[E0597]: `foo` does not live long enough
  --> src/lib.rs:12:36
   |
10 |     pub fn use_complex_thing<'a, T>(&'a self, f: impl FnOnce(ComplexThing<'a>) -> T) -> T {
   |                              -- lifetime `'a` defined here
11 |         self.use_foo(
12 |             |foo| (f)(ComplexThing(&foo)),
   |                   -----------------^^^^--
   |                   |                |    |
   |                   |                |    `foo` dropped here while still borrowed
   |                   |                borrowed value does not live long enough
   |                   argument requires that `foo` is borrowed for `'a`

My last instinct is to hack around the restriction against moving a value with active borrows, because then I could trick the compiler. My attempts at implementing that resulted in a type that's impossible to use correctly — it ended up requiring knowledge that only the compiler has and seemed to introduce undefined behavior at every turn. I won't bother reproducing that code here.

It seems like it's impossible to return any owned instances of types containing (non-singleton) references.

Assuming that's true, that means there are entire classes of types that simply cannot be created with a dependency injection container in Rust.

Surely I'm missing something?

Answer 1

You can try making a drop guard along with Box::leak to leak a reference to live long enough, then have custom behavior on Drop to reclaim the leaked memory. Note that this will require you to do everything through the drop guard:

use std::marker::PhantomData;
use std::mem::ManuallyDrop;

struct ComplexThing<'a>(&'a i32);

struct Module;

pub struct DropGuard<'a, T: 'a, V: 'a> {
    // do NOT make these fields pub
    // direct manipulation of these is very unsafe
    container: ManuallyDrop<T>,
    value: *mut V,
    // I'm not sure this is needed but better safe than sorry
    _value: PhantomData<&'a mut V>,
}

impl<'a, T: 'a, V: 'a> DropGuard<'a, T, V> {
    pub fn new<F: FnOnce(&'a mut V) -> T>(value: Box<V>, gen: F) -> Self {
        // leak the value so it lives long enough
        let leaked = Box::leak(value);
        // get a pointer to know what to drop
        let leaked_ptr: *mut _ = leaked;
        DropGuard {
            container: ManuallyDrop::new(gen(leaked)),
            value: leaked_ptr,
            _value: PhantomData,
        }
    }
}

// so you can actually use it
// no DerefMut since dropping the container without dropping the guard is weird
impl<'a, T: 'a, V: 'a> std::ops::Deref for DropGuard<'a, T, V> {
    type Target = T;

    fn deref(&self) -> &Self::Target {
        &self.container
    }
}

impl<'a, T: 'a, V: 'a> Drop for DropGuard<'a, T, V> {
    fn drop(&mut self) {
        // drop the container first
        // this should be safe since self.container is never referenced again
        // the value its borrowing is still valid (due to not being dropped yet)
        // and there should be no references to it (due to this struct being dropped)
        unsafe {
            ManuallyDrop::drop(&mut self.container);
        }
        // now drop the pointer
        // this should be safe since it was created with Box::leak
        // and the container borrowing it has already been dropped
        // and no more references should have survived
        std::mem::drop(unsafe { Box::from_raw(self.value) });
    }
}

impl Module {
    pub fn resolve_foo(&self) -> i32 {
        5
    }

    pub fn resolve_complex_thing_1(&self) -> DropGuard<ComplexThing, i32> {
        DropGuard::new(Box::new(self.resolve_foo()), |i32_ref| {
            ComplexThing(i32_ref)
        })
    }
}

fn main() {
    let module = Module;
    let guard = module.resolve_complex_thing_1();
    println!("{:?}", guard.0);
}

Playground link

Another way that also cleans up the typing is to use a trait:

use std::marker::PhantomData;
use std::mem::ManuallyDrop;

struct ComplexThing<'a>(&'a i32);

struct Module;

// not sure if this trait should be unsafe
// but again, better safe than sorry
pub unsafe trait Guardable {
    type Value;
}

unsafe impl Guardable for ComplexThing<'_> {
    type Value = i32;
}

pub struct DropGuard<'a, T: 'a + Guardable> {
    // do NOT make these fields pub
    // direct manipulation of these is very unsafe
    container: ManuallyDrop<T>,
    value: *mut T::Value,
    // I'm not sure this is needed but better safe than sorry
    _value: PhantomData<&'a mut T::Value>,
}

impl<'a, T: 'a + Guardable> DropGuard<'a, T> {
    pub fn new<F: FnOnce(&'a mut T::Value) -> T>(value: Box<T::Value>, gen: F) -> Self {
        // leak the value so it lives long enough
        let leaked = Box::leak(value);
        // get a pointer to know what to drop
        let leaked_ptr: *mut _ = leaked;
        DropGuard {
            container: ManuallyDrop::new(gen(leaked)),
            value: leaked_ptr,
            _value: PhantomData,
        }
    }
}

// so you can actually use it
// no DerefMut since dropping the container without dropping the guard is weird
impl<'a, T: 'a + Guardable> std::ops::Deref for DropGuard<'a, T> {
    type Target = T;

    fn deref(&self) -> &Self::Target {
        &self.container
    }
}

impl<'a, T: 'a + Guardable> Drop for DropGuard<'a, T> {
    fn drop(&mut self) {
        // drop the container first
        // this should be safe since self.container is never referenced again
        // the value its borrowing is still valid (due to not being dropped yet)
        // and there should be no references to it (due to this struct being dropped)
        unsafe {
            ManuallyDrop::drop(&mut self.container);
        }
        // now drop the pointer
        // this should be safe since it was created with Box::leak
        // and the container borrowing it has already been dropped
        // and no more references should have survived
        std::mem::drop(unsafe { Box::from_raw(self.value) });
    }
}

impl Module {
    pub fn resolve_foo(&self) -> i32 {
        5
    }

    pub fn resolve_complex_thing_1(&self) -> DropGuard<ComplexThing> {
        DropGuard::new(Box::new(self.resolve_foo()), |i32_ref| {
            ComplexThing(i32_ref)
        })
    }
}

fn main() {
    let module = Module;
    let guard = module.resolve_complex_thing_1();
    println!("{:?}", guard.0);
}

Playground link

Since every container should only have one valid DropGuard value type, you can put that in an associated type in a trait, so now you can work with DropGuard<ComplexThing> instead of DropGuard<ComplexThing, i32>, and this also prevents you from having bogus values in the DropGuard.

Answer 2

Disclaimer: I'm fairly new to Rust; this answer is based on limited experience and may be un-nuanced.

As a general principle of Rust program design — not specific to dependency injection — you should plan not to use references except for things that are one of:

• temporary, i.e. confined to the life of some stack frame (or technically longer than that in the case of async functions, but you get the idea, I hope)
• compile-time constants or lazily initialized singletons, i.e. &'static references

The reason is that Rust does not — without various trickery — support lifetimes that are not one of those two cases.

Any structures which are needed for longer durations than that should be designed to not contain non-'static references — and instead use owned values. In other words, let your DI be like

pub trait ResolveOwn<T: 'static> {
//                   ^^^^^^^^^^
    fn resolve(&self) -> T;
}

Don't actually add that lifetime constraint: it doesn't buy you anything, and might be inconvenient (for example, in a test that wants to inject things referring to the test — which will work fine since they live longer than the entire DI container — or if the application's actual main() has something to share, similarly). But plan as if it were there.

---

Given this constraint, how can you implement things that seem to want references?

• In the simplest cases, just use owned values and don't worry about any extra cloning required unless it proves to be a performance issue.
• Use Rc or Arc for reference-counted smart pointers that keep things alive as long as necessary.
• If some T really requires references, but only into its own data, use a safe self-referential struct helper like ouroboros. (I believe this is similar to but more general than the suggestion in Aplet123's answer to this question.)

All of these strategies are independent of the DI container: they're ways to make a type satisfy the 'static lifetime bound ("contains no references except 'static ones").