Prevent leaking FreshCaps created for parameters

Author: odersky

compiler/src/dotty/tools/dotc/cc/Capability.scala

@@ -152,6 +152,8 @@ object Capabilities:
     val hiddenSet = CaptureSet.HiddenSet(owner, this: @unchecked)
       // fails initialization check without the @unchecked
 
+    //assert(rootId != 6, origin)
+
     override def equals(that: Any) = that match
       case that: FreshCap => this eq that
       case _ => false
@@ -808,6 +810,7 @@ object Capabilities:
     case LambdaActual(restp: Type)
     case OverriddenType(member: Symbol)
     case DeepCS(ref: TypeRef)
+    case Parameter(param: Symbol)
     case Unknown
 
     def explanation(using Context): String = this match
@@ -841,6 +844,8 @@ object Capabilities:
         i" when instantiating upper bound of member overridden by $member"
       case DeepCS(ref: TypeRef) =>
         i" when computing deep capture set of $ref"
+      case Parameter(param) =>
+        i" of parameter $param of ${param.owner}"
       case Unknown =>
         ""
   end Origin
@@ -907,8 +912,8 @@ object Capabilities:
       CapToFresh(origin)(tp)
 
   /** Maps fresh to cap */
-  def freshToCap(tp: Type)(using Context): Type =
-    CapToFresh(Origin.Unknown).inverse(tp)
+  def freshToCap(param: Symbol, tp: Type)(using Context): Type =
+    CapToFresh(Origin.Parameter(param)).inverse(tp)
 
   /** Map top-level free existential variables one-to-one to Fresh instances */
   def resultToFresh(tp: Type, origin: Origin)(using Context): Type =

compiler/src/dotty/tools/dotc/cc/CaptureSet.scala

@@ -698,7 +698,7 @@ object CaptureSet:
     private def narrowClassifier(cls: ClassSymbol)(using Context): Unit =
       val newClassifier = leastClassifier(classifier, cls)
       if newClassifier == defn.NothingClass then
-        println(i"conflicting classifications for $this, was $classifier, now $cls")
+        capt.println(i"conflicting classifications for $this, was $classifier, now $cls")
       myClassifier = newClassifier
 
     override def adoptClassifier(cls: ClassSymbol)(using Context): Unit =

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -68,8 +68,7 @@ object CheckCaptures:
         cur = cur.outer
         res
 
-    def ownerString(using Context): String =
-      if owner.isAnonymousFunction then "enclosing function" else owner.show
+    def ownerString(using Context): String = ownerStr(owner)
   end Env
 
   /** Similar normal substParams, but this is an approximating type map that
@@ -184,6 +183,9 @@ object CheckCaptures:
     check.traverse(tp)
   end disallowBadRootsIn
 
+  private def ownerStr(owner: Symbol)(using Context): String =
+    if owner.isAnonymousFunction then "enclosing function" else owner.show
+
   trait CheckerAPI:
     /** Complete symbol info of a val or a def */
     def completeDef(tree: ValOrDefDef, sym: Symbol, completer: LazyType)(using Context): Type
@@ -548,10 +550,8 @@ class CheckCaptures extends Recheck, SymTransformer:
       c.paramPathRoot match
         case ref: NamedType if !ref.symbol.isUseParam =>
           val what = if ref.isType then "Capture set parameter" else "Local reach capability"
-          val owner = ref.symbol.owner
-          val ownerStr = if owner.isAnonymousFunction then "enclosing function" else owner.show
           report.error(
-            em"""$what $c leaks into capture scope of $ownerStr.
+            em"""$what $c leaks into capture scope of ${ownerStr(ref.symbol.owner)}.
                 |To allow this, the ${ref.symbol} should be declared with a @use annotation""", pos)
         case _ =>
 
@@ -925,7 +925,7 @@ class CheckCaptures extends Recheck, SymTransformer:
             assert(params.hasSameLengthAs(argTypes), i"$mdef vs $pt, ${params}")
             for (argType, param) <- argTypes.lazyZip(params) do
               val paramTpt = param.asInstanceOf[ValDef].tpt
-              val paramType = freshToCap(paramTpt.nuType)
+              val paramType = freshToCap(param.symbol, paramTpt.nuType)
               checkConformsExpr(argType, paramType, param)
                 .showing(i"compared expected closure formal $argType against $param with ${paramTpt.nuType}", capt)
             if ccConfig.preTypeClosureResults && !(isEtaExpansion(mdef) && ccConfig.handleEtaExpansionsSpecially) then
@@ -2030,7 +2030,13 @@ class CheckCaptures extends Recheck, SymTransformer:
               case c: DerivedCapability =>
                 checkElem(c.underlying)
               case c: FreshCap =>
-                check(c.hiddenSet)
+                c.origin match
+                  case Origin.Parameter(param) =>
+                    report.error(
+                      em"Local $c created in type of $param leaks into capture scope of ${ownerStr(param.owner)}",
+                      tree.srcPos)
+                  case _ =>
+                    check(c.hiddenSet)
               case _ =>
 
         check(uses)

compiler/src/dotty/tools/dotc/cc/Setup.scala

@@ -646,17 +646,18 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
         def ownerChanges =
           ctx.owner.name.is(TryOwnerName)
 
-        def paramsToCap(mt: Type)(using Context): Type = mt match
+        def paramsToCap(psymss: List[List[Symbol]], mt: Type)(using Context): Type = mt match
           case mt: MethodType =>
             try
               mt.derivedLambdaType(
-                paramInfos = mt.paramInfos.map(freshToCap),
-                resType = paramsToCap(mt.resType))
+                paramInfos =
+                  psymss.head.lazyZip(mt.paramInfos).map(freshToCap),
+                resType = paramsToCap(psymss.tail, mt.resType))
             catch case ex: AssertionError =>
               println(i"error while mapping params ${mt.paramInfos} of $sym")
               throw ex
           case mt: PolyType =>
-            mt.derivedLambdaType(resType = paramsToCap(mt.resType))
+            mt.derivedLambdaType(resType = paramsToCap(psymss.tail, mt.resType))
           case _ => mt
 
         // If there's a change in the signature or owner, update the info of `sym`
@@ -668,7 +669,7 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
                 toResultInResults(sym, report.error(_, tree.srcPos)):
                   if sym.is(Method) then
                     inContext(ctx.withOwner(sym)):
-                      paramsToCap(methodType(paramSymss, localReturnType))
+                      paramsToCap(paramSymss, methodType(paramSymss, localReturnType))
                   else tree.tpt.nuType
               if tree.tpt.isInstanceOf[InferredTypeTree]
                   && !sym.is(Param) && !sym.is(ParamAccessor)

tests/neg-custom-args/captures/leak-problem-unboxed.scala

@@ -1,5 +1,4 @@
 import language.experimental.captureChecking
-import caps.use
 
 // Some capabilities that should be used locally
 trait Async:
@@ -19,16 +18,23 @@ def useBoxedAsync1[C^](x: Box[Async^{C}]): Unit = x.get.read() // ok
 def test(): Unit =
 
   val f: Box[Async^] => Unit = (x: Box[Async^]) => useBoxedAsync(x) // error
-  val t0: Box[Async^] => Unit = x => useBoxedAsync(x) // TODO hould be error!
+  val f0: Box[Async^] => Unit = x => useBoxedAsync(x) // // error
 
-  val t1: Box[Async^] => Unit = useBoxedAsync(_) // TODO should be error!
-  val t2: Box[Async^] => Unit = useBoxedAsync // TODO should be error!
-  val t3 = useBoxedAsync(_) // was error, now ok
-  val t4 = useBoxedAsync // was error, now ok
+  val f1: Box[Async^] => Unit = useBoxedAsync(_) // error
+  val f2: Box[Async^] => Unit = useBoxedAsync // error
+  val f3 = useBoxedAsync(_) // was error, now ok, but bang below fails
+  val f4 = useBoxedAsync // was error, now ok, but bang2 below fails
 
   def boom(x: Async^): () ->{f} Unit =
     () => f(Box(x))
 
   val leaked = usingAsync[() ->{f} Unit](boom)
 
-  leaked()  // scope violation
+  leaked()  // was scope violation
+
+  def bang(x: Async^) =
+    () => f3(Box(x)) // error
+
+  def bang2(x: Async^) =
+    () => f3(Box(x)) // error
+