Ah, thanks a lot for the explanation DeLesley! Makes sense.
So, if I define get_foo_copy in terms of get_foo_reference, no safety
warnings can be given because the GUARDED_BY was casted away when returning
foo_ from get_foo_reference.
Is there some way to eliminate the implicit cast by making the
This is expected behavior. Returning foo by reference does not involve an
actual read from memory; the read doesn't happen until later, when the
reference is used. Thus there is no warning in get_foo_reference().
If thread safety annotations were integrated with the C++ type system, then
we coul
