Go back to sealed checking

Check that type parameters of methods and parent traits don't get instantiated
with types containing a `cap` anywhere in covariant or invariant position.

Author: odersky

compiler/src/dotty/tools/dotc/cc/CaptureOps.scala

@@ -45,12 +45,11 @@ object ccConfig:
   /** If true, use "sealed" as encapsulation mechanism, meaning that we
    *  check that type variable instantiations don't have `cap` in any of
    *  their capture sets. This is an alternative of the original restriction
-   *  that `cap` can't be boxed or unboxed. It is used in 3.3 and 3.4 but
-   *  dropped again in 3.5.
+   *  that `cap` can't be boxed or unboxed. It is dropped in 3.5 but used
+   *  again in 3.6.
    */
   def useSealed(using Context) =
-    Feature.sourceVersion.stable == SourceVersion.`3.3`
-    || Feature.sourceVersion.stable == SourceVersion.`3.4`
+    Feature.sourceVersion.stable != SourceVersion.`3.5`
 end ccConfig
 
 

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -174,8 +174,7 @@ object CheckCaptures:
                 def part = if t eq tp then "" else i"the part $t of "
                 report.error(
                   em"""$what cannot $have $tp since
-                      |${part}that type captures the root capability `cap`.
-                      |$addendum""",
+                      |${part}that type captures the root capability `cap`.$addendum""",
                   pos)
             traverse(parent)
           case t =>
@@ -686,23 +685,34 @@ class CheckCaptures extends Recheck, SymTransformer:
       else ownType
     end instantiate
 
+    def disallowCapInTypeArgs(fn: Tree, sym: Symbol, args: List[Tree])(using Context): Unit =
+      def isExempt = sym.isTypeTestOrCast || sym == defn.Compiletime_erasedValue
+      if ccConfig.useSealed && !isExempt then
+        val paramNames = atPhase(thisPhase.prev):
+          fn.tpe.widenDealias match
+            case tl: TypeLambda => tl.paramNames
+            case ref: AppliedType if ref.typeSymbol.isClass => ref.typeSymbol.typeParams.map(_.name)
+            case t =>
+              println(i"parent type: $t")
+              args.map(_ => EmptyTypeName)
+        for case (arg: TypeTree, pname) <- args.lazyZip(paramNames) do
+          def where = if sym.exists then i" in an argument of $sym" else ""
+          val (addendum, pos) =
+            if arg.isInferred
+            then ("\nThis is often caused by a local capability$where\nleaking as part of its result.", fn.srcPos)
+            else if arg.span.exists then ("", arg.srcPos)
+            else ("", fn.srcPos)
+          disallowRootCapabilitiesIn(arg.knownType, NoSymbol,
+            i"Type variable $pname of $sym", "be instantiated to", addendum, pos)
+    end disallowCapInTypeArgs
+
     override def recheckTypeApply(tree: TypeApply, pt: Type)(using Context): Type =
-      val meth = tree.symbol
-      if ccConfig.useSealed then
-        val TypeApply(fn, args) = tree
-        val polyType = atPhase(thisPhase.prev):
-          fn.tpe.widen.asInstanceOf[TypeLambda]
-        def isExempt(sym: Symbol) =
-          sym.isTypeTestOrCast || sym == defn.Compiletime_erasedValue
-        for case (arg: TypeTree, formal, pname) <- args.lazyZip(polyType.paramRefs).lazyZip((polyType.paramNames)) do
-          if !isExempt(meth) then
-            def where = if meth.exists then i" in an argument of $meth" else ""
-            disallowRootCapabilitiesIn(arg.knownType, NoSymbol,
-              i"Sealed type variable $pname", "be instantiated to",
-              i"This is often caused by a local capability$where\nleaking as part of its result.",
-              tree.srcPos)
+      val meth = tree.fun match
+        case fun @ Select(qual, nme.apply) => qual.symbol.orElse(fun.symbol)
+        case fun => fun.symbol
+      disallowCapInTypeArgs(tree.fun, meth, tree.args)
       val res = Existential.toCap(super.recheckTypeApply(tree, pt))
-      includeCallCaptures(meth, res, tree.srcPos)
+      includeCallCaptures(tree.symbol, res, tree.srcPos)
       checkContains(tree)
       res
     end recheckTypeApply
@@ -806,7 +816,7 @@ class CheckCaptures extends Recheck, SymTransformer:
                       case _ => ""
                     s"an anonymous function$location"
                   else encl.show
-                (NoSymbol, i"\nNote that $sym does not count as local since it is captured by $enclStr")
+                (NoSymbol, i"\n\nNote that $sym does not count as local since it is captured by $enclStr")
               case _ =>
                 (sym, "")
             disallowRootCapabilitiesIn(
@@ -927,6 +937,11 @@ class CheckCaptures extends Recheck, SymTransformer:
           checkSubset(thisSet,
             CaptureSet.empty.withDescription(i"of pure base class $pureBase"),
             selfType.srcPos, cs1description = " captured by this self type")
+        for case tpt: TypeTree <- impl.parents do
+          tpt.tpe match
+            case AppliedType(fn, args) =>
+              disallowCapInTypeArgs(tpt, fn.typeSymbol, args.map(TypeTree(_)))
+            case _ =>
         inNestedLevelUnless(cls.is(Module)):
           super.recheckClassDef(tree, impl, cls)
       finally
@@ -950,8 +965,8 @@ class CheckCaptures extends Recheck, SymTransformer:
       val tp = super.recheckTry(tree, pt)
       if ccConfig.useSealed && Feature.enabled(Feature.saferExceptions) then
         disallowRootCapabilitiesIn(tp, ctx.owner,
-          "result of `try`", "have type",
-          "This is often caused by a locally generated exception capability leaking as part of its result.",
+          "The result of `try`", "have type",
+          "\nThis is often caused by a locally generated exception capability leaking as part of its result.",
           tree.srcPos)
       tp
 
@@ -1592,8 +1607,7 @@ class CheckCaptures extends Recheck, SymTransformer:
                 && !arg.typeSymbol.name.is(WildcardParamName)
               then
                 CheckCaptures.disallowRootCapabilitiesIn(arg, NoSymbol,
-                  "Array", "have element type",
-                  "Since arrays are mutable, they have to be treated like variables,\nso their element type must be sealed.",
+                  "Array", "have element type", "",
                   pos)
               traverseChildren(t)
             case defn.RefinedFunctionOf(rinfo: MethodType) =>

tests/neg-custom-args/captures/box-adapt-cases.scala

@@ -4,7 +4,7 @@ def test1(): Unit = {
   type Id[X] = [T] -> (op: X => T) -> T
 
   val x: Id[Cap^] = ???
-  x(cap => cap.use())  // error, OK under sealed
+  x(cap => cap.use())
 }
 
 def test2(io: Cap^): Unit = {

tests/neg-custom-args/captures/capt-test.scala

@@ -20,8 +20,8 @@ def handle[E <: Exception,  R <: Top](op: (CT[E] @retains(caps.cap)) => R)(handl
   catch case ex: E => handler(ex)
 
 def test: Unit =
-  val b = handle[Exception, () => Nothing] {
+  val b = handle[Exception, () => Nothing] { // error
     (x: CanThrow[Exception]) => () => raise(new Exception)(using x)
-  } { // error
+  } {
     (ex: Exception) => ???
   }

tests/neg-custom-args/captures/capt1.check

@@ -33,22 +33,18 @@
 29 |    def m() = if x == null then y else y
    |
    | longer explanation available when compiling with `-explain`
--- Error: tests/neg-custom-args/captures/capt1.scala:34:12 -------------------------------------------------------------
+-- Error: tests/neg-custom-args/captures/capt1.scala:34:16 -------------------------------------------------------------
 34 |  val z2 = h[() -> Cap](() => x) // error // error
-   |           ^^^^^^^^^^^^
-   |           Sealed type variable X cannot be instantiated to () -> box C^ since
-   |           the part box C^ of that type captures the root capability `cap`.
-   |           This is often caused by a local capability in an argument of method h
-   |           leaking as part of its result.
+   |             ^^^^^^^^^
+   |             Type variable X of method h cannot be instantiated to () -> box C^ since
+   |             the part box C^ of that type captures the root capability `cap`.
 -- Error: tests/neg-custom-args/captures/capt1.scala:34:30 -------------------------------------------------------------
 34 |  val z2 = h[() -> Cap](() => x) // error // error
    |                              ^
    |                            (x : C^) cannot be referenced here; it is not included in the allowed capture set {}
    |                            of an enclosing function literal with expected type () -> box C^
--- Error: tests/neg-custom-args/captures/capt1.scala:36:12 -------------------------------------------------------------
+-- Error: tests/neg-custom-args/captures/capt1.scala:36:13 -------------------------------------------------------------
 36 |  val z3 = h[(() -> Cap) @retains(x)](() => x)(() => C())  // error
-   |           ^^^^^^^^^^^^^^^^^^^^^^^^^^
-   |           Sealed type variable X cannot be instantiated to box () ->{x} Cap since
-   |           the part Cap of that type captures the root capability `cap`.
-   |           This is often caused by a local capability in an argument of method h
-   |           leaking as part of its result.
+   |             ^^^^^^^^^^^^^^^^^^^^^^^
+   |             Type variable X of method h cannot be instantiated to box () ->{x} Cap since
+   |             the part Cap of that type captures the root capability `cap`.

tests/neg-custom-args/captures/capt1.scala

@@ -1,5 +1,5 @@
-//> using options -source 3.4
-// (to make sure we use the sealed policy)
+
+
 import annotation.retains
 class C
 def f(x: C @retains(caps.cap), y: C): () -> C =

tests/neg-custom-args/captures/effect-swaps-explicit.scala

@@ -1,5 +1,5 @@
-//> using options -source 3.4
-// (to make sure we use the sealed policy)
+
+
 object boundary:
 
   final class Label[-T] // extends caps.Capability

tests/neg-custom-args/captures/effect-swaps.check

@@ -22,3 +22,8 @@
 73 |            fr.await.ok
    |
    | longer explanation available when compiling with `-explain`
+-- Error: tests/neg-custom-args/captures/effect-swaps.scala:66:15 ------------------------------------------------------
+66 |        Result.make: // error: local reference leaks
+   |        ^^^^^^^^^^^
+   |local reference contextual$9 from (using contextual$9: boundary.Label[Result[box Future[box T^?]^{fr, contextual$9}, box E^?]]^):
+   |  box Future[box T^?]^{fr, contextual$9} leaks into outer capture set of type parameter T of method make in object Result

tests/neg-custom-args/captures/effect-swaps.scala

@@ -63,7 +63,7 @@ def test[T, E](using Async) =
           fr.await.ok
 
     def fail4[T, E](fr: Future[Result[T, E]]^) =
-        Result.make: // should be errorm but inders Result[Any, Any]
+        Result.make: // error: local reference leaks
           Future: fut ?=>
             fr.await.ok
 

tests/neg-custom-args/captures/filevar.scala

@@ -5,8 +5,8 @@ class File:
   def write(x: String): Unit = ???
 
 class Service:
-  var file: File^ = uninitialized  // OK, was error under sealed
-  def log = file.write("log") // error, was OK under sealed
+  var file: File^ = uninitialized  // error, was OK under unsealed
+  def log = file.write("log") // OK, was error under unsealed
 
 def withFile[T](op: (l: caps.Capability) ?-> (f: File^{l}) => T): T =
   op(using caps.cap)(new File)