mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5d1257a760
rust/src/librustc/middle/privacy.rs

1589 lines
66 KiB
Rust
Raw Normal View History

Removed some unnecessary RefCells from resolve
2014-09-29 18:06:13 -05:00
// Copyright 2012-2014 The Rust Project Developers. See the COPYRIGHT
Update license, add license boilerplate to most files. Remainder will follow.
2012-12-03 18:48:01 -06:00
// file at the top-level directory of this distribution and at
// http://rust-lang.org/COPYRIGHT.
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
librustc: Ensure that type parameters are in the right positions in paths. This removes the stacking of type parameters that occurs when invoking trait methods, and fixes all places in the standard library that were relying on it. It is somewhat awkward in places; I think we'll probably want something like the `Foo::<for T>::new()` syntax.
2013-08-08 13:38:10 -05:00
//! A pass that checks to make sure private fields and methods aren't used
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
//! outside their scopes. This pass will also generate a set of exported items
//! which are available for use externally when compiled as a library.
Switch to purely namespaced enums This breaks code that referred to variant names in the same namespace as their enum. Reexport the variants in the old location or alter code to refer to the new locations: ``` pub enum Foo { A, B } fn main() { let a = A; } ``` => ``` pub use self::Foo::{A, B}; pub enum Foo { A, B } fn main() { let a = A; } ``` or ``` pub enum Foo { A, B } fn main() { let a = Foo::A; } ``` [breaking-change]
2014-11-06 02:05:53 -06:00
use self::PrivacyResult::*;
use self::FieldName::*;
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
Move replace and swap to std::mem. Get rid of std::util Also move Void to std::any, move drop to std::mem and reexport in prelude.
2014-01-31 14:35:36 -06:00
use std::mem::replace;
libextra: Rename the actual metadata names of libcore to libstd and libstd to libextra
2013-05-17 17:28:44 -05:00
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
use metadata::csearch;
Remove type parameters from ExprField and ExprTupField
2014-11-23 05:14:35 -06:00
use middle::{def, resolve};
rustc: middle: rename `ty::t` to `Ty` and use it unqualified everywhere.
2014-09-13 13:09:25 -05:00
use middle::ty::{mod, Ty};
Move various data structures out of typeck and into ty.
2014-11-25 13:21:20 -06:00
use middle::ty::{MethodCall, MethodMap, MethodOrigin, MethodParam, MethodTypeParam};
use middle::ty::{MethodStatic, MethodStaticUnboxedClosure, MethodObject, MethodTraitObject};
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
use util::nodemap::{NodeMap, NodeSet};
librustc: Terminate name searches at the nearest module scope for paths that contain at least two components. r=graydon
2012-12-23 16:41:37 -06:00
Remove type parameters from ExprField and ExprTupField
2014-11-23 05:14:35 -06:00
use syntax::{ast, ast_map};
change to new trait style for method field refs Per @pnkfelix 's suggestion, using a trait to make these field accesses more readable (and vastly more similar to the original code. oops fix new ast_map fix
2014-07-14 18:31:52 -05:00
use syntax::ast_util::{is_local, local_def, PostExpansionMethod};
Modernized a few type names in rustc and syntax
2013-08-31 11:13:04 -05:00
use syntax::codemap::Span;
removed some interner fields
2013-05-14 19:27:27 -05:00
use syntax::parse::token;
Remove type parameters from ExprField and ExprTupField
2014-11-23 05:14:35 -06:00
use syntax::visit::{mod, Visitor};
rustc: Implement private fields for max/min classes
2012-09-04 16:48:32 -05:00
rustc: middle: move Export and ExportMap from resolve to def.
2014-12-18 16:03:00 -06:00
type Context<'a, 'tcx> = (&'a MethodMap<'tcx>, &'a def::ExportMap);
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
/// A set of AST nodes exported by the crate.
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
pub type ExportedItems = NodeSet;
Use the result of privacy for reachability This fixes a bug in which the visibility rules were approximated by reachability, but forgot to cover the case where a 'pub use' reexports a private item. This fixes the commit by instead using the results of the privacy pass of the compiler to create the initial working set of the reachability pass. This may have the side effect of increasing the size of metadata, but it's difficult to avoid for correctness purposes sadly. Closes #9790
2013-10-09 23:16:51 -05:00
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
/// A set of AST nodes that are fully public in the crate. This map is used for
/// documentation purposes (reexporting a private struct inlines the doc,
/// reexporting a public struct doesn't inline the doc).
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
pub type PublicItems = NodeSet;
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
/// Result of a checking operation - None => no errors were found. Some => an
/// error and contains the span and message for reporting that error and
/// optionally the same for a note about the error.
core: rename strbuf::StrBuf to string::String [breaking-change]
2014-05-22 18:57:53 -05:00
type CheckResult = Option<(Span, String, Option<(Span, String)>)>;
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
////////////////////////////////////////////////////////////////////////////////
/// The parent visitor, used to determine what's the parent of what (node-wise)
////////////////////////////////////////////////////////////////////////////////
struct ParentVisitor {
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
parents: NodeMap<ast::NodeId>,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
curparent: ast::NodeId,
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
rustc: Implement private fields for max/min classes
2012-09-04 16:48:32 -05:00
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'v> Visitor<'v> for ParentVisitor {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_item(&mut self, item: &ast::Item) {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
self.parents.insert(item.id, self.curparent);
let prev = self.curparent;
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
match item.node {
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemMod(..) => { self.curparent = item.id; }
Fix misspellings in comments.
2014-04-20 23:49:39 -05:00
// Enum variants are parented to the enum definition itself because
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// they inherit privacy
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemEnum(ref def, _) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
for variant in def.variants.iter() {
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
// The parent is considered the enclosing enum because the
// enum will dictate the privacy visibility of this variant
// instead.
self.parents.insert(variant.node.id, item.id);
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
}
Fix merge fallout of privacy changes
2013-10-07 15:01:47 -05:00
// Trait methods are always considered "public", but if the trait is
// private then we need some private item in the chain from the
// method to the root. In this case, if the trait is private, then
// parent all the methods to the trait to indicate that they're
// private.
Parse `unsafe trait` but do not do anything with it beyond parsing and integrating into rustdoc etc.
2014-12-09 18:59:20 -06:00
ast::ItemTrait(_, _, _, _, ref methods) if item.vis != ast::Public => {
Fix merge fallout of privacy changes
2013-10-07 15:01:47 -05:00
for m in methods.iter() {
match *m {
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::ProvidedMethod(ref m) => {
self.parents.insert(m.id, item.id);
}
ast::RequiredMethod(ref m) => {
self.parents.insert(m.id, item.id);
}
ast::TypeTraitItem(_) => {}
Fix merge fallout of privacy changes
2013-10-07 15:01:47 -05:00
};
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
_ => {}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_item(self, item);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
self.curparent = prev;
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_foreign_item(&mut self, a: &ast::ForeignItem) {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
self.parents.insert(a.id, self.curparent);
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_foreign_item(self, a);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
fn visit_fn(&mut self, a: visit::FnKind<'v>, b: &'v ast::FnDecl,
c: &'v ast::Block, d: Span, id: ast::NodeId) {
Fix merge fallout of privacy changes
2013-10-07 15:01:47 -05:00
// We already took care of some trait methods above, otherwise things
// like impl methods and pub trait methods are parented to the
// containing module, not the containing trait.
if !self.parents.contains_key(&id) {
self.parents.insert(id, self.curparent);
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_fn(self, a, b, c, d);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Removed unnecessary arguments for walk_* functions
2014-05-14 01:20:25 -05:00
fn visit_struct_def(&mut self, s: &ast::StructDef, _: ast::Ident,
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
_: &'v ast::Generics, n: ast::NodeId) {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// Struct constructors are parented to their struct definitions because
// they essentially are the struct definitions.
match s.ctor_id {
Some(id) => { self.parents.insert(id, n); }
None => {}
Disallow dereferencing enum types when the variant is private If an enum type's only variant is private, disallow dereferencing values of its type. Due to #4082, this only applies to enums that are in the same crate. r=pcwalton Closes #818
2012-11-30 13:24:16 -06:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// While we have the id of the struct definition, go ahead and parent
// all the fields.
for field in s.fields.iter() {
Change private structs to have private fields by default This was the original intention of the privacy of structs, and it was erroneously implemented before. A pub struct will now have default-pub fields, and a non-pub struct will have default-priv fields. This essentially brings struct fields in line with enum variants in terms of inheriting visibility. As usual, extraneous modifiers to visibility are disallowed depend on the case that you're dealing with. Closes #11522
2014-01-24 13:00:08 -06:00
self.parents.insert(field.node.id, self.curparent);
Disallow dereferencing enum types when the variant is private If an enum type's only variant is private, disallow dereferencing values of its type. Due to #4082, this only applies to enums that are in the same crate. r=pcwalton Closes #818
2012-11-30 13:24:16 -06:00
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_struct_def(self, s)
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Disallow dereferencing enum types when the variant is private If an enum type's only variant is private, disallow dereferencing values of its type. Due to #4082, this only applies to enums that are in the same crate. r=pcwalton Closes #818
2012-11-30 13:24:16 -06:00
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
////////////////////////////////////////////////////////////////////////////////
/// The embargo visitor, used to determine the exports of the ast
////////////////////////////////////////////////////////////////////////////////
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
struct EmbargoVisitor<'a, 'tcx: 'a> {
tcx: &'a ty::ctxt<'tcx>,
rustc: middle: move Export and ExportMap from resolve to def.
2014-12-18 16:03:00 -06:00
export_map: &'a def::ExportMap,
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// This flag is an indicator of whether the previous item in the
// hierarchical chain was exported or not. This is the indicator of whether
// children should be exported as well. Note that this can flip from false
// to true if a reexported module is entered (or an action similar).
prev_exported: bool,
// This is a list of all exported items in the AST. An exported item is any
// function/method/item which is usable by external crates. This essentially
// means that the result is "public all the way down", but the "path down"
// may jump across private boundaries through reexport statements.
exported_items: ExportedItems,
// This sets contains all the destination nodes which are publicly
// re-exported. This is *not* a set of all reexported nodes, only a set of
// all nodes which are reexported *and* reachable from external crates. This
// means that the destination of the reexport is exported, and hence the
// destination must also be exported.
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
reexports: NodeSet,
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
// These two fields are closely related to one another in that they are only
// used for generation of the 'PublicItems' set, not for privacy checking at
// all
public_items: PublicItems,
prev_public: bool,
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
impl<'a, 'tcx> EmbargoVisitor<'a, 'tcx> {
Conservatively export all trait methods and impls The comments have more information as to why this is done, but the basic idea is that finding an exported trait is actually a fairly difficult problem. The true answer lies in whether a trait is ever referenced from another exported method, and right now this kind of analysis doesn't exist, so the conservative answer of "yes" is always returned to answer whether a trait is exported. Closes #11224 Closes #11225
2013-12-31 14:40:10 -06:00
// There are checks inside of privacy which depend on knowing whether a
// trait should be exported or not. The two current consumers of this are:
//
// 1. Should default methods of a trait be exported?
// 2. Should the methods of an implementation of a trait be exported?
//
// The answer to both of these questions partly rely on whether the trait
// itself is exported or not. If the trait is somehow exported, then the
// answers to both questions must be yes. Right now this question involves
// more analysis than is currently done in rustc, so we conservatively
// answer "yes" so that all traits need to be exported.
fn exported_trait(&self, _id: ast::NodeId) -> bool {
true
}
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'a, 'tcx, 'v> Visitor<'v> for EmbargoVisitor<'a, 'tcx> {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_item(&mut self, item: &ast::Item) {
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
let orig_all_pub = self.prev_public;
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
self.prev_public = orig_all_pub && item.vis == ast::Public;
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
if self.prev_public {
self.public_items.insert(item.id);
}
let orig_all_exported = self.prev_exported;
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
match item.node {
// impls/extern blocks do not break the "public chain" because they
// cannot have visibility qualifiers on them anyway
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemImpl(..) | ast::ItemForeignMod(..) => {}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Conservatively export all trait methods and impls The comments have more information as to why this is done, but the basic idea is that finding an exported trait is actually a fairly difficult problem. The true answer lies in whether a trait is ever referenced from another exported method, and right now this kind of analysis doesn't exist, so the conservative answer of "yes" is always returned to answer whether a trait is exported. Closes #11224 Closes #11225
2013-12-31 14:40:10 -06:00
// Traits are a little special in that even if they themselves are
// not public they may still be exported.
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemTrait(..) => {
Conservatively export all trait methods and impls The comments have more information as to why this is done, but the basic idea is that finding an exported trait is actually a fairly difficult problem. The true answer lies in whether a trait is ever referenced from another exported method, and right now this kind of analysis doesn't exist, so the conservative answer of "yes" is always returned to answer whether a trait is exported. Closes #11224 Closes #11225
2013-12-31 14:40:10 -06:00
self.prev_exported = self.exported_trait(item.id);
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// Private by default, hence we only retain the "public chain" if
// `pub` is explicitly listed.
_ => {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.prev_exported =
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
(orig_all_exported && item.vis == ast::Public) ||
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.reexports.contains(&item.id);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
let public_first = self.prev_exported &&
self.exported_items.insert(item.id);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
match item.node {
// Enum variants inherit from their parent, so if the enum is
// public all variants are public unless they're explicitly priv
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemEnum(ref def, _) if public_first => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
for variant in def.variants.iter() {
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
self.exported_items.insert(variant.node.id);
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Implementations are a little tricky to determine what's exported
// out of them. Here's a few cases which are currently defined:
//
// * Impls for private types do not need to export their methods
// (either public or private methods)
//
// * Impls for public types only have public methods exported
//
// * Public trait impls for public types must have all methods
// exported.
//
// * Private trait impls for public types can be ignored
//
// * Public trait impls for private types have their methods
// exported. I'm not entirely certain that this is the correct
// thing to do, but I have seen use cases of where this will cause
// undefined symbols at linkage time if this case is not handled.
//
// * Private trait impls for private types can be completely ignored
Parse `unsafe impl` but don't do anything particularly interesting with the results.
2014-12-10 05:15:06 -06:00
ast::ItemImpl(_, _, _, ref ty, ref impl_items) => {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
let public_ty = match ty.node {
Rote changes due to the fact that ast paths no longer carry this extraneous bounds.
2014-11-20 14:08:48 -06:00
ast::TyPath(_, id) => {
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
match self.tcx.def_map.borrow()[id].clone() {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefPrimTy(..) => true,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
def => {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
let did = def.def_id();
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
!is_local(did) ||
self.exported_items.contains(&did.node)
}
}
}
_ => true,
};
let tr = ty::impl_trait_ref(self.tcx, local_def(item.id));
rustc: de-@ middle::ty.
2014-04-21 18:21:52 -05:00
let public_trait = tr.clone().map_or(false, |tr| {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
!is_local(tr.def_id) ||
self.exported_items.contains(&tr.def_id.node)
librustc: Fix merge fallout.
2013-11-24 13:44:28 -06:00
});
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
if public_ty || public_trait {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
for impl_item in impl_items.iter() {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref method) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
let meth_public =
match method.pe_explicit_self().node {
ast::SelfStatic => public_ty,
_ => true,
} && method.pe_vis() == ast::Public;
if meth_public || tr.is_some() {
self.exported_items.insert(method.id);
}
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => {}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Default methods on traits are all public so long as the trait
// is public
Parse `unsafe trait` but do not do anything with it beyond parsing and integrating into rustdoc etc.
2014-12-09 18:59:20 -06:00
ast::ItemTrait(_, _, _, _, ref methods) if public_first => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
for method in methods.iter() {
match *method {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
ast::ProvidedMethod(ref m) => {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("provided {}", m.id);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.exported_items.insert(m.id);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
ast::RequiredMethod(ref m) => {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("required {}", m.id);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.exported_items.insert(m.id);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeTraitItem(ref t) => {
Restructure AST so that the associated type definition carries bounds like any other "type parameter".
2014-10-28 13:48:52 -05:00
debug!("typedef {}", t.ty_param.id);
self.exported_items.insert(t.ty_param.id);
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
// Struct constructors are public if the struct is all public.
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemStruct(ref def, _) if public_first => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
match def.ctor_id {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
Some(id) => { self.exported_items.insert(id); }
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
None => {}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
rustc: Account for typedefs in privacy This ensures that a public typedef to a private item is ensured to be public in terms of linkage. This affects both the visibility of the library's symbols as well as other lints based on privacy (dead_code for example). Closes #14421 Closes #14422
2014-05-25 16:43:30 -05:00
ast::ItemTy(ref ty, _) if public_first => {
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let ast::TyPath(_, id) = ty.node {
match self.tcx.def_map.borrow()[id].clone() {
def::DefPrimTy(..) | def::DefTyParam(..) => {},
def => {
let did = def.def_id();
if is_local(did) {
self.exported_items.insert(did.node);
rustc: Account for typedefs in privacy This ensures that a public typedef to a private item is ensured to be public in terms of linkage. This affects both the visibility of the library's symbols as well as other lints based on privacy (dead_code for example). Closes #14421 Closes #14422
2014-05-25 16:43:30 -05:00
}
}
}
}
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
_ => {}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_item(self, item);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
self.prev_exported = orig_all_exported;
self.prev_public = orig_all_pub;
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_foreign_item(&mut self, a: &ast::ForeignItem) {
privacy: Add publically-reexported foreign item to exported item set Close #15740
2014-07-21 00:11:43 -05:00
if (self.prev_exported && a.vis == ast::Public) || self.reexports.contains(&a.id) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.exported_items.insert(a.id);
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_mod(&mut self, m: &ast::Mod, _sp: Span, id: ast::NodeId) {
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
// This code is here instead of in visit_item so that the
// crate module gets processed as well.
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
if self.prev_exported {
middle: resolve: fix inconsistencies around ExportMap and remove the 2 suffix.
2014-12-18 12:27:17 -06:00
assert!(self.export_map.contains_key(&id), "wut {}", id);
for export in self.export_map[id].iter() {
Remove reexport field
2014-01-24 05:46:19 -06:00
if is_local(export.def_id) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.reexports.insert(export.def_id.node);
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
}
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_mod(self, m)
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
////////////////////////////////////////////////////////////////////////////////
/// The privacy visitor, where privacy checks take place (violations reported)
////////////////////////////////////////////////////////////////////////////////
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
struct PrivacyVisitor<'a, 'tcx: 'a> {
tcx: &'a ty::ctxt<'tcx>,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
curitem: ast::NodeId,
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
in_foreign: bool,
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
parents: NodeMap<ast::NodeId>,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
external_exports: resolve::ExternalExports,
last_private_map: resolve::LastPrivateMap,
}
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
enum PrivacyResult {
Allowable,
ExternallyDenied,
DisallowedBy(ast::NodeId),
}
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
enum FieldName {
UnnamedField(uint), // index
// FIXME #6993: change type (and name) from Ident to Name
NamedField(ast::Ident),
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
impl<'a, 'tcx> PrivacyVisitor<'a, 'tcx> {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// used when debugging
core: rename strbuf::StrBuf to string::String [breaking-change]
2014-05-22 18:57:53 -05:00
fn nodestr(&self, id: ast::NodeId) -> String {
std: Rename the `ToStr` trait to `ToString`, and `to_str` to `to_string`. [breaking-change]
2014-06-21 05:39:03 -05:00
self.tcx.map.node_to_string(id).to_string()
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
// Determines whether the given definition is public from the point of view
// of the current item.
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
fn def_privacy(&self, did: ast::DefId) -> PrivacyResult {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
if !is_local(did) {
if self.external_exports.contains(&did) {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - {} was externally exported", did);
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
return Allowable;
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - is {} a public method", did);
librustc: De-`@mut` the type context's `methods` table
2013-12-18 17:50:53 -06:00
Fallout from collection conventions
2014-11-06 11:25:16 -06:00
return match self.tcx.impl_or_trait_items.borrow().get(&did) {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
Some(&ty::MethodTraitItem(ref meth)) => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - well at least it's a method: {}",
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
*meth);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
match meth.container {
ty::TraitContainer(id) => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - recursing on trait {}", id);
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
self.def_privacy(id)
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
ty::ImplContainer(id) => {
match ty::impl_trait_ref(self.tcx, id) {
Some(t) => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - impl of trait {}", id);
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
self.def_privacy(t.def_id)
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
None => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - found a method {}",
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
meth.vis);
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
if meth.vis == ast::Public {
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
Allowable
} else {
ExternallyDenied
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
Some(&ty::TypeTraitItem(ref typedef)) => {
match typedef.container {
ty::TraitContainer(id) => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - recursing on trait {}", id);
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
self.def_privacy(id)
}
ty::ImplContainer(id) => {
match ty::impl_trait_ref(self.tcx, id) {
Some(t) => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - impl of trait {}", id);
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
self.def_privacy(t.def_id)
}
None => {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - found a typedef {}",
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
typedef.vis);
if typedef.vis == ast::Public {
Allowable
} else {
ExternallyDenied
}
}
}
}
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
None => {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - nope, not even a method");
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
ExternallyDenied
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
};
}
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
debug!("privacy - local {} not public all the way down",
std: Rename the `ToStr` trait to `ToString`, and `to_str` to `to_string`. [breaking-change]
2014-06-21 05:39:03 -05:00
self.tcx.map.node_to_string(did.node));
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// return quickly for things in the same module
Fallout from collection conventions
2014-11-06 11:25:16 -06:00
if self.parents.get(&did.node) == self.parents.get(&self.curitem) {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - same parent, we're done here");
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
return Allowable;
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
// We now know that there is at least one private member between the
// destination and the root.
let mut closest_private_id = did.node;
loop {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - examining {}", self.nodestr(closest_private_id));
Refactored ast_map and friends, mainly to have Paths without storing them.
2014-02-13 23:07:09 -06:00
let vis = match self.tcx.map.find(closest_private_id) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// If this item is a method, then we know for sure that it's an
// actual method and not a static method. The reason for this is
// that these cases are only hit in the ExprMethodCall
// expression, and ExprCall will have its path checked later
// (the path of the trait/impl) if it's a static method.
//
// With this information, then we can completely ignore all
// trait methods. The privacy violation would be if the trait
// couldn't get imported, not if the method couldn't be used
// (all trait methods are public).
//
// However, if this is an impl method, then we dictate this
// decision solely based on the privacy of the method
// invocation.
// FIXME(#10573) is this the right behavior? Why not consider
// where the method was defined?
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
Some(ast_map::NodeImplItem(ii)) => {
match *ii {
ast::MethodImplItem(ref m) => {
let imp = self.tcx.map
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
.get_parent_did(closest_private_id);
match ty::impl_trait_ref(self.tcx, imp) {
Some(..) => return Allowable,
_ if m.pe_vis() == ast::Public => {
return Allowable
}
_ => m.pe_vis()
}
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => return Allowable,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
Some(ast_map::NodeTraitItem(_)) => {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
return Allowable;
}
// This is not a method call, extract the visibility as one
// would normally look at it
Refactored ast_map and friends, mainly to have Paths without storing them.
2014-02-13 23:07:09 -06:00
Some(ast_map::NodeItem(it)) => it.vis,
Some(ast_map::NodeForeignItem(_)) => {
self.tcx.map.get_foreign_vis(closest_private_id)
}
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
Some(ast_map::NodeVariant(..)) => {
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::Public // need to move up a level (to the enum)
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
_ => ast::Public,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
};
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
if vis != ast::Public { break }
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// if we've reached the root, then everything was allowable and this
// access is public.
if closest_private_id == ast::CRATE_NODE_ID { return Allowable }
Remove a large amount of deprecated functionality Spring cleaning is here! In the Fall! This commit removes quite a large amount of deprecated functionality from the standard libraries. I tried to ensure that only old deprecated functionality was removed. This is removing lots and lots of deprecated features, so this is a breaking change. Please consult the deprecation messages of the deleted code to see how to migrate code forward if it still needs migration. [breaking-change]
2014-10-15 01:05:01 -05:00
closest_private_id = self.parents[closest_private_id];
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// If we reached the top, then we were public all the way down and
// we can allow this access.
if closest_private_id == ast::DUMMY_NODE_ID { return Allowable }
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - closest priv {}", self.nodestr(closest_private_id));
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
if self.private_accessible(closest_private_id) {
Allowable
} else {
DisallowedBy(closest_private_id)
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
/// For a local private node in the AST, this function will determine
/// whether the node is accessible by the current module that iteration is
/// inside.
fn private_accessible(&self, id: ast::NodeId) -> bool {
Remove a large amount of deprecated functionality Spring cleaning is here! In the Fall! This commit removes quite a large amount of deprecated functionality from the standard libraries. I tried to ensure that only old deprecated functionality was removed. This is removing lots and lots of deprecated features, so this is a breaking change. Please consult the deprecation messages of the deleted code to see how to migrate code forward if it still needs migration. [breaking-change]
2014-10-15 01:05:01 -05:00
let parent = self.parents[id];
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - accessible parent {}", self.nodestr(parent));
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// After finding `did`'s closest private member, we roll ourselves back
// to see if this private member's parent is anywhere in our ancestry.
// By the privacy rules, we can access all of our ancestor's private
// members, so that's why we test the parent, and not the did itself.
let mut cur = self.curitem;
loop {
librustc: Remove all uses of {:?}.
2014-10-15 01:25:34 -05:00
debug!("privacy - questioning {}, {}", self.nodestr(cur), cur);
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
match cur {
// If the relevant parent is in our history, then we're allowed
// to look inside any of our ancestor's immediate private items,
// so this access is valid.
x if x == parent => return true,
// If we've reached the root, then we couldn't access this item
// in the first place
ast::DUMMY_NODE_ID => return false,
// Keep going up
_ => {}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Remove a large amount of deprecated functionality Spring cleaning is here! In the Fall! This commit removes quite a large amount of deprecated functionality from the standard libraries. I tried to ensure that only old deprecated functionality was removed. This is removing lots and lots of deprecated features, so this is a breaking change. Please consult the deprecation messages of the deleted code to see how to migrate code forward if it still needs migration. [breaking-change]
2014-10-15 01:05:01 -05:00
cur = self.parents[cur];
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
fn report_error(&self, result: CheckResult) -> bool {
match result {
None => true,
Some((span, msg, note)) => {
librustc: Remove all uses of `~str` from librustc.
2014-05-09 20:45:36 -05:00
self.tcx.sess.span_err(span, msg.as_slice());
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
match note {
librustc: Remove all uses of `~str` from librustc.
2014-05-09 20:45:36 -05:00
Some((span, msg)) => {
self.tcx.sess.span_note(span, msg.as_slice())
}
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
None => {},
}
false
},
}
}
/// Guarantee that a particular definition is public. Returns a CheckResult
/// which contains any errors found. These can be reported using `report_error`.
/// If the result is `None`, no errors were found.
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
fn ensure_public(&self, span: Span, to_check: ast::DefId,
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
source_did: Option<ast::DefId>, msg: &str) -> CheckResult {
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
let id = match self.def_privacy(to_check) {
ExternallyDenied => {
std: Remove format_strbuf!() This was only ever a transitionary macro.
2014-05-27 22:44:58 -05:00
return Some((span, format!("{} is private", msg), None))
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
}
Allowable => return None,
DisallowedBy(id) => id,
};
// If we're disallowed by a particular id, then we attempt to give a
// nice error message to say why it was disallowed. It was either
// because the item itself is private or because its parent is private
// and its parent isn't in our ancestry.
let (err_span, err_msg) = if id == source_did.unwrap_or(to_check).node {
std: Remove format_strbuf!() This was only ever a transitionary macro.
2014-05-27 22:44:58 -05:00
return Some((span, format!("{} is private", msg), None));
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
} else {
std: Remove format_strbuf!() This was only ever a transitionary macro.
2014-05-27 22:44:58 -05:00
(span, format!("{} is inaccessible", msg))
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
};
let item = match self.tcx.map.find(id) {
Some(ast_map::NodeItem(item)) => {
match item.node {
// If an impl disallowed this item, then this is resolve's
// way of saying that a struct/enum's static method was
// invoked, and the struct/enum itself is private. Crawl
// back up the chains to find the relevant struct/enum that
// was private.
Parse `unsafe impl` but don't do anything particularly interesting with the results.
2014-12-10 05:15:06 -06:00
ast::ItemImpl(_, _, _, ref ty, _) => {
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
let id = match ty.node {
Rote changes due to the fact that ast paths no longer carry this extraneous bounds.
2014-11-20 14:08:48 -06:00
ast::TyPath(_, id) => id,
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
_ => return Some((err_span, err_msg, None)),
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
};
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
let def = self.tcx.def_map.borrow()[id].clone();
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
let did = def.def_id();
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
assert!(is_local(did));
match self.tcx.map.get(did.node) {
ast_map::NodeItem(item) => item,
_ => self.tcx.sess.span_bug(item.span,
"path is not an item")
}
}
_ => item
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
}
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
}
Some(..) | None => return Some((err_span, err_msg, None)),
};
let desc = match item.node {
ast::ItemMod(..) => "module",
ast::ItemTrait(..) => "trait",
ast::ItemStruct(..) => "struct",
ast::ItemEnum(..) => "enum",
_ => return Some((err_span, err_msg, None))
};
std: Remove format_strbuf!() This was only ever a transitionary macro.
2014-05-27 22:44:58 -05:00
let msg = format!("{} `{}` is private", desc,
token::get_ident(item.ident));
rustc: Improve errors on private static methods This gives a better NOTE error message when a privacy error is encountered with a static method. Previously no note was emitted (due to lack of support), but now a note is emitted indicating that the struct/enum itself is private. Closes #13641
2014-04-20 14:07:15 -05:00
Some((err_span, err_msg, Some((span, msg))))
Refine privacy error messages to be more accurate This stops labeling everything as "is private" when in fact the destination may be public. Instead, the clause "is inaccessible" is used and the private part of the flag is called out with a "is private" message. Closes #9793
2013-10-14 17:12:40 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// Checks that a field is in scope.
Allow inheritance between structs. No subtyping, no interaction with traits. Partially addresses #9912.
2014-02-24 01:17:02 -06:00
fn check_field(&mut self,
span: Span,
id: ast::DefId,
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
name: FieldName) {
let fields = ty::lookup_struct_fields(self.tcx, id);
let field = match name {
NamedField(ident) => {
Allow inheritance between structs. No subtyping, no interaction with traits. Partially addresses #9912.
2014-02-24 01:17:02 -06:00
debug!("privacy - check named field {} in struct {}", ident.name, id);
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
fields.iter().find(|f| f.name == ident.name).unwrap()
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
Remove a large amount of deprecated functionality Spring cleaning is here! In the Fall! This commit removes quite a large amount of deprecated functionality from the standard libraries. I tried to ensure that only old deprecated functionality was removed. This is removing lots and lots of deprecated features, so this is a breaking change. Please consult the deprecation messages of the deleted code to see how to migrate code forward if it still needs migration. [breaking-change]
2014-10-15 01:05:01 -05:00
UnnamedField(idx) => &fields[idx]
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
};
name struct in "field `...` is private" error
2014-04-05 12:28:01 -05:00
if field.vis == ast::Public ||
(is_local(field.id) && self.private_accessible(field.id.node)) {
return
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
name struct in "field `...` is private" error
2014-04-05 12:28:01 -05:00
let struct_type = ty::lookup_item_type(self.tcx, id).ty;
rustc: middle: remove obsolete ty::get.
2014-10-31 03:51:16 -05:00
let struct_desc = match struct_type.sty {
Overhaul typechecking of patterns Instead of checking patterns in a top-down fashion with a known expected type on entry, this changes makes typeck establish appropriate constraints between a pattern and the expression it destructures, and lets inference compute the final types or produce good error messages if it's impossible.
2014-10-20 20:40:10 -05:00
ty::ty_struct(_, _) =>
format!("struct `{}`", ty::item_path_str(self.tcx, id)),
First stage of struct variant field visibility changes We need a snapshot before the parser can be adjusted.
2014-11-08 18:54:33 -06:00
// struct variant fields have inherited visibility
ty::ty_enum(..) => return,
name struct in "field `...` is private" error
2014-04-05 12:28:01 -05:00
_ => self.tcx.sess.span_bug(span, "can't find struct for field")
};
let msg = match name {
NamedField(name) => format!("field `{}` of {} is private",
token::get_ident(name), struct_desc),
std: Remove i18n/l10n from format! * The select/plural methods from format strings are removed * The # character no longer needs to be escaped * The \-based escapes have been removed * '{{' is now an escape for '{' * '}}' is now an escape for '}' Closes #14810 [breaking-change]
2014-05-28 11:24:28 -05:00
UnnamedField(idx) => format!("field #{} of {} is private",
idx + 1, struct_desc),
name struct in "field `...` is private" error
2014-04-05 12:28:01 -05:00
};
libstd: Remove `~str` from all `libstd` modules except `fmt` and `str`.
2014-05-16 12:45:16 -05:00
self.tcx.sess.span_err(span, msg.as_slice());
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
// Given the ID of a method, checks to ensure it's in scope.
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
fn check_static_method(&mut self,
span: Span,
method_id: ast::DefId,
Refactored ast_map and friends, mainly to have Paths without storing them.
2014-02-13 23:07:09 -06:00
name: ast::Ident) {
Make privacy checking on default methods for cross crate structs not fail. Closes #7481. It is unclear to me that the way method call privacy checking is done makes any sense, though. It is only performed if the type is a struct...
2013-07-02 16:39:25 -05:00
// If the method is a default method, we need to use the def_id of
// the default implementation.
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
let method_id = match ty::impl_or_trait_item(self.tcx, method_id) {
ty::MethodTraitItem(method_type) => {
method_type.provided_source.unwrap_or(method_id)
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ty::TypeTraitItem(_) => method_id,
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
};
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
let string = token::get_ident(name);
self.report_error(self.ensure_public(span,
method_id,
None,
libstd: Remove `~str` from all `libstd` modules except `fmt` and `str`.
2014-05-16 12:45:16 -05:00
format!("method `{}`",
string).as_slice()));
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// Checks that a path is in scope.
fn check_path(&mut self, span: Span, path_id: ast::NodeId, path: &ast::Path) {
Drop the '2' suffix from logging macros Who doesn't like a massive renaming?
2013-10-21 15:08:31 -05:00
debug!("privacy - path {}", self.nodestr(path_id));
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
let orig_def = self.tcx.def_map.borrow()[path_id].clone();
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
let ck = |tyname: &str| {
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
let ck_public = |def: ast::DefId| {
let name = token::get_ident(path.segments
.last()
.unwrap()
.identifier);
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
let origdid = orig_def.def_id();
libstd: Remove `~str` from all `libstd` modules except `fmt` and `str`.
2014-05-16 12:45:16 -05:00
self.ensure_public(span,
def,
Some(origdid),
format!("{} `{}`",
tyname,
name).as_slice())
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
};
Remove a large amount of deprecated functionality Spring cleaning is here! In the Fall! This commit removes quite a large amount of deprecated functionality from the standard libraries. I tried to ensure that only old deprecated functionality was removed. This is removing lots and lots of deprecated features, so this is a breaking change. Please consult the deprecation messages of the deleted code to see how to migrate code forward if it still needs migration. [breaking-change]
2014-10-15 01:05:01 -05:00
match self.last_private_map[path_id] {
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
resolve::LastMod(resolve::AllPublic) => {},
resolve::LastMod(resolve::DependsOn(def)) => {
self.report_error(ck_public(def));
},
Add a lint for not using field pattern shorthands Closes #17792.
2014-10-05 19:36:53 -05:00
resolve::LastImport{value_priv,
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
value_used: check_value,
Add a lint for not using field pattern shorthands Closes #17792.
2014-10-05 19:36:53 -05:00
type_priv,
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
type_used: check_type} => {
// This dance with found_error is because we don't want to report
// a privacy error twice for the same directive.
let found_error = match (type_priv, check_type) {
(Some(resolve::DependsOn(def)), resolve::Used) => {
!self.report_error(ck_public(def))
},
_ => false,
};
if !found_error {
match (value_priv, check_value) {
(Some(resolve::DependsOn(def)), resolve::Used) => {
self.report_error(ck_public(def));
},
_ => {},
}
}
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
// If an import is not used in either namespace, we still
// want to check that it could be legal. Therefore we check
// in both namespaces and only report an error if both would
// be illegal. We only report one error, even if it is
// illegal to import from both namespaces.
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
match (value_priv, check_value, type_priv, check_type) {
(Some(p), resolve::Unused, None, _) |
(None, _, Some(p), resolve::Unused) => {
let p = match p {
resolve::AllPublic => None,
resolve::DependsOn(def) => ck_public(def),
};
if p.is_some() {
self.report_error(p);
}
},
(Some(v), resolve::Unused, Some(t), resolve::Unused) => {
let v = match v {
resolve::AllPublic => None,
resolve::DependsOn(def) => ck_public(def),
};
let t = match t {
resolve::AllPublic => None,
resolve::DependsOn(def) => ck_public(def),
};
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let (Some(_), Some(t)) = (v, t) {
self.report_error(Some(t));
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
}
},
_ => {},
}
},
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
};
Make priavcy checking aware that a `use` directive can point to two defintions (namespaces) with different privacy. Closes #4110
2014-02-11 13:19:18 -06:00
// FIXME(#12334) Imports can refer to definitions in both the type and
// value namespaces. The privacy information is aware of this, but the
// def map is not. Therefore the names we work out below will not always
// be accurate and we can get slightly wonky error messages (but type
// checking is always correct).
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
match self.tcx.def_map.borrow()[path_id].clone() {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefStaticMethod(..) => ck("static method"),
def::DefFn(..) => ck("function"),
def::DefStatic(..) => ck("static"),
rustc: Add `const` globals to the language This change is an implementation of [RFC 69][rfc] which adds a third kind of global to the language, `const`. This global is most similar to what the old `static` was, and if you're unsure about what to use then you should use a `const`. The semantics of these three kinds of globals are: * A `const` does not represent a memory location, but only a value. Constants are translated as rvalues, which means that their values are directly inlined at usage location (similar to a #define in C/C++). Constant values are, well, constant, and can not be modified. Any "modification" is actually a modification to a local value on the stack rather than the actual constant itself. Almost all values are allowed inside constants, whether they have interior mutability or not. There are a few minor restrictions listed in the RFC, but they should in general not come up too often. * A `static` now always represents a memory location (unconditionally). Any references to the same `static` are actually a reference to the same memory location. Only values whose types ascribe to `Sync` are allowed in a `static`. This restriction is in place because many threads may access a `static` concurrently. Lifting this restriction (and allowing unsafe access) is a future extension not implemented at this time. * A `static mut` continues to always represent a memory location. All references to a `static mut` continue to be `unsafe`. This is a large breaking change, and many programs will need to be updated accordingly. A summary of the breaking changes is: * Statics may no longer be used in patterns. Statics now always represent a memory location, which can sometimes be modified. To fix code, repurpose the matched-on-`static` to a `const`. static FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } change this code to: const FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } * Statics may no longer refer to other statics by value. Due to statics being able to change at runtime, allowing them to reference one another could possibly lead to confusing semantics. If you are in this situation, use a constant initializer instead. Note, however, that statics may reference other statics by address, however. * Statics may no longer be used in constant expressions, such as array lengths. This is due to the same restrictions as listed above. Use a `const` instead. [breaking-change] [rfc]: https://github.com/rust-lang/rfcs/pull/246
2014-10-06 10:17:01 -05:00
def::DefConst(..) => ck("const"),
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefVariant(..) => ck("variant"),
rustdoc: Correctly distinguish enums and types This is done by adding a new field to the `DefTy` variant of `middle::def::Def`, which also clarifies an error message in the process. Closes #16712.
2014-09-15 16:13:00 -05:00
def::DefTy(_, false) => ck("type"),
def::DefTy(_, true) => ck("enum"),
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefTrait(..) => ck("trait"),
def::DefStruct(..) => ck("struct"),
Allow self as an arg in extension methods
2014-10-14 19:33:20 -05:00
def::DefMethod(_, Some(..), _) => ck("trait method"),
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefMethod(..) => ck("method"),
def::DefMod(..) => ck("module"),
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
_ => {}
}
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// Checks that a method is in scope.
trans -- stop tracking vtables precisely, instead recompute as needed.
2014-09-12 10:42:58 -05:00
fn check_method(&mut self, span: Span, origin: &MethodOrigin,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
ident: ast::Ident) {
trans -- stop tracking vtables precisely, instead recompute as needed.
2014-09-12 10:42:58 -05:00
match *origin {
Rename a few typeck method-related structures to UpperCamelCase.
2014-02-26 08:01:36 -06:00
MethodStatic(method_id) => {
Refactored ast_map and friends, mainly to have Paths without storing them.
2014-02-13 23:07:09 -06:00
self.check_static_method(span, method_id, ident)
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
librustc: Implement unboxed closures with mutable receivers
2014-05-29 00:26:56 -05:00
MethodStaticUnboxedClosure(_) => {}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Trait methods are always all public. The only controlling factor
// is whether the trait itself is accessible or not.
Add a lint for not using field pattern shorthands Closes #17792.
2014-10-05 19:36:53 -05:00
MethodTypeParam(MethodParam { ref trait_ref, .. }) |
MethodTraitObject(MethodObject { ref trait_ref, .. }) => {
trans -- stop tracking vtables precisely, instead recompute as needed.
2014-09-12 10:42:58 -05:00
self.report_error(self.ensure_public(span, trait_ref.def_id,
None, "source trait"));
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
}
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'a, 'tcx, 'v> Visitor<'v> for PrivacyVisitor<'a, 'tcx> {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_item(&mut self, item: &ast::Item) {
Move replace and swap to std::mem. Get rid of std::util Also move Void to std::any, move drop to std::mem and reexport in prelude.
2014-01-31 14:35:36 -06:00
let orig_curitem = replace(&mut self.curitem, item.id);
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_item(self, item);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.curitem = orig_curitem;
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_expr(&mut self, expr: &ast::Expr) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
match expr.node {
Remove type parameters from ExprField and ExprTupField
2014-11-23 05:14:35 -06:00
ast::ExprField(ref base, ident) => {
if let ty::ty_struct(id, _) = ty::expr_ty_adjusted(self.tcx, &**base).sty {
self.check_field(expr.span, id, NamedField(ident.node));
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
Remove type parameters from ExprField and ExprTupField
2014-11-23 05:14:35 -06:00
ast::ExprTupField(ref base, idx) => {
if let ty::ty_struct(id, _) = ty::expr_ty_adjusted(self.tcx, &**base).sty {
self.check_field(expr.span, id, UnnamedField(idx.node));
Implement tuple and tuple struct indexing This allows code to access the fields of tuples and tuple structs: let x = (1i, 2i); assert_eq!(x.1, 2); struct Point(int, int); let origin = Point(0, 0); assert_eq!(origin.0, 0); assert_eq!(origin.1, 0);
2014-08-09 22:54:33 -05:00
}
}
Implement automatic overloaded dereference. Closes #7141.
2014-03-06 11:24:11 -06:00
ast::ExprMethodCall(ident, _, _) => {
let method_call = MethodCall::expr(expr.id);
Fallout from collection conventions
2014-11-06 11:25:16 -06:00
match self.tcx.method_map.borrow().get(&method_call) {
Implement automatic overloaded dereference. Closes #7141.
2014-03-06 11:24:11 -06:00
None => {
self.tcx.sess.span_bug(expr.span,
"method call not in \
method map");
}
Some(method) => {
debug!("(privacy checking) checking impl method");
trans -- stop tracking vtables precisely, instead recompute as needed.
2014-09-12 10:42:58 -05:00
self.check_method(expr.span, &method.origin, ident.node);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
}
ast::ExprStruct(_, ref fields, _) => {
rustc: middle: remove obsolete ty::get.
2014-10-31 03:51:16 -05:00
match ty::expr_ty(self.tcx, expr).sty {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
ty::ty_struct(id, _) => {
for field in (*fields).iter() {
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
self.check_field(expr.span, id,
NamedField(field.ident.node));
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
ty::ty_enum(_, _) => {
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
match self.tcx.def_map.borrow()[expr.id].clone() {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
def::DefVariant(_, variant_id, _) => {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
for field in fields.iter() {
self.check_field(expr.span, variant_id,
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
NamedField(field.ident.node));
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
_ => self.tcx.sess.span_bug(expr.span,
"resolve didn't \
map enum struct \
constructor to a \
variant def"),
}
}
_ => self.tcx.sess.span_bug(expr.span, "struct expr \
didn't have \
struct type?!"),
}
}
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
ast::ExprPath(..) => {
let guard = |did: ast::DefId| {
let fields = ty::lookup_struct_fields(self.tcx, did);
let any_priv = fields.iter().any(|f| {
f.vis != ast::Public && (
!is_local(f.id) ||
!self.private_accessible(f.id.node))
});
if any_priv {
self.tcx.sess.span_err(expr.span,
"cannot invoke tuple struct constructor \
with private fields");
}
};
Fallout from collection conventions
2014-11-06 11:25:16 -06:00
match self.tcx.def_map.borrow().get(&expr.id) {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
Some(&def::DefStruct(did)) => {
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
guard(if is_local(did) {
local_def(self.tcx.map.get_parent(did.node))
} else {
// "tuple structs" with zero fields (such as
// `pub struct Foo;`) don't have a ctor_id, hence
// the unwrap_or to the same struct id.
let maybe_did =
csearch::get_tuple_struct_definition_if_ctor(
&self.tcx.sess.cstore, did);
maybe_did.unwrap_or(did)
})
}
_ => {}
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
_ => {}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_expr(self, expr);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_view_item(&mut self, a: &ast::ViewItem) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
match a.node {
rename ast::ViewItemExternMod to ast::ViewItemExternCrate, and clean::ExternMod to clean::ExternCrate
2014-03-07 01:57:45 -06:00
ast::ViewItemExternCrate(..) => {}
syntax: ViewItemUse no longer contains multiple view paths. it reflected the obsolete syntax `use a, b, c;` and did not make past the parser (though it was a non-fatal error so we can continue). this legacy affected many portions of rustc and rustdoc as well, so this commit cleans them up altogether.
2014-04-26 08:33:45 -05:00
ast::ViewItemUse(ref vpath) => {
match vpath.node {
ast::ViewPathSimple(..) | ast::ViewPathGlob(..) => {}
Implement new mod import sugar Implements RFC #168.
2014-07-17 17:56:56 -05:00
ast::ViewPathList(ref prefix, ref list, _) => {
syntax: ViewItemUse no longer contains multiple view paths. it reflected the obsolete syntax `use a, b, c;` and did not make past the parser (though it was a non-fatal error so we can continue). this legacy affected many portions of rustc and rustdoc as well, so this commit cleans them up altogether.
2014-04-26 08:33:45 -05:00
for pid in list.iter() {
Implement new mod import sugar Implements RFC #168.
2014-07-17 17:56:56 -05:00
match pid.node {
ast::PathListIdent { id, name } => {
debug!("privacy - ident item {}", id);
let seg = ast::PathSegment {
identifier: name,
Support parenthesized paths `Foo(A,B) -> C` that expand to `Foo<(A,B),C>`. These paths also bind anonymous regions (or will, once HRTB is fully working). Fixes #18423.
2014-11-03 20:52:52 -06:00
parameters: ast::PathParameters::none(),
Implement new mod import sugar Implements RFC #168.
2014-07-17 17:56:56 -05:00
};
let segs = vec![seg];
let path = ast::Path {
global: false,
span: pid.span,
segments: segs,
};
self.check_path(pid.span, id, &path);
}
ast::PathListMod { id } => {
debug!("privacy - mod item {}", id);
self.check_path(pid.span, id, prefix);
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
}
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_view_item(self, a);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_pat(&mut self, pattern: &ast::Pat) {
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
// Foreign functions do not have their patterns mapped in the def_map,
// and there's nothing really relevant there anyway, so don't bother
// checking privacy. If you can name the type then you can pass it to an
// external C function anyway.
if self.in_foreign { return }
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
match pattern.node {
ast::PatStruct(_, ref fields, _) => {
rustc: middle: remove obsolete ty::get.
2014-10-31 03:51:16 -05:00
match ty::pat_ty(self.tcx, pattern).sty {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
ty::ty_struct(id, _) => {
for field in fields.iter() {
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
self.check_field(pattern.span, id,
Add a lint for not using field pattern shorthands Closes #17792.
2014-10-05 19:36:53 -05:00
NamedField(field.node.ident));
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
}
ty::ty_enum(_, _) => {
Fallout from collection conventions
2014-11-06 11:25:16 -06:00
match self.tcx.def_map.borrow().get(&pattern.id) {
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
Some(&def::DefVariant(_, variant_id, _)) => {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
for field in fields.iter() {
self.check_field(pattern.span, variant_id,
Add a lint for not using field pattern shorthands Closes #17792.
2014-10-05 19:36:53 -05:00
NamedField(field.node.ident));
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
_ => self.tcx.sess.span_bug(pattern.span,
"resolve didn't \
map enum struct \
pattern to a \
variant def"),
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
_ => self.tcx.sess.span_bug(pattern.span,
"struct pattern didn't have \
struct type?!"),
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
}
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
// Patterns which bind no fields are allowable (the path is check
// elsewhere).
ast::PatEnum(_, Some(ref fields)) => {
rustc: middle: remove obsolete ty::get.
2014-10-31 03:51:16 -05:00
match ty::pat_ty(self.tcx, pattern).sty {
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
ty::ty_struct(id, _) => {
for (i, field) in fields.iter().enumerate() {
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let ast::PatWild(..) = field.node {
continue
rustc: Switch tuple structs to have private fields This is a continuation of the work done in #13184 to make struct fields private by default. This commit finishes RFC 4 by making all tuple structs have private fields by default. Note that enum variants are not affected. A tuple struct having a private field means that it cannot be matched on in a pattern match (both refutable and irrefutable), and it also cannot have a value specified to be constructed. Similarly to private fields, switching the type of a private field in a tuple struct should be able to be done in a backwards compatible way. The one snag that I ran into which wasn't mentioned in the RFC is that this commit also forbids taking the value of a tuple struct constructor. For example, this code now fails to compile: mod a { pub struct A(int); } let a: fn(int) -> a::A = a::A; //~ ERROR: first field is private Although no fields are bound in this example, it exposes implementation details through the type itself. For this reason, taking the value of a struct constructor with private fields is forbidden (outside the containing module). RFC: 0004-private-fields
2014-03-31 20:13:44 -05:00
}
self.check_field(field.span, id, UnnamedField(i));
}
}
ty::ty_enum(..) => {
// enum fields have no privacy at this time
}
_ => {}
}
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
_ => {}
rustc: Implement private methods. Doesn't work cross-crate yet.
2012-09-04 20:28:22 -05:00
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_pat(self, pattern);
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
}
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_foreign_item(&mut self, fi: &ast::ForeignItem) {
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
self.in_foreign = true;
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_foreign_item(self, fi);
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
self.in_foreign = false;
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_path(&mut self, path: &ast::Path, id: ast::NodeId) {
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
self.check_path(path.span, id, path);
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_path(self, path);
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
////////////////////////////////////////////////////////////////////////////////
/// The privacy sanity check visitor, ensures unnecessary visibility isn't here
////////////////////////////////////////////////////////////////////////////////
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
struct SanePrivacyVisitor<'a, 'tcx: 'a> {
tcx: &'a ty::ctxt<'tcx>,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
in_fn: bool,
}
Port privacy.rs from oldvisit to <V:Visitor> trait.
2013-08-13 06:21:45 -05:00
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'a, 'tcx, 'v> Visitor<'v> for SanePrivacyVisitor<'a, 'tcx> {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_item(&mut self, item: &ast::Item) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
if self.in_fn {
self.check_all_inherited(item);
} else {
self.check_sane_privacy(item);
}
Fix all violations of stronger guarantees for mutable borrows Fix all violations in the Rust source tree of the stronger guarantee of a unique access path for mutable borrows as described in #12624.
2014-06-13 22:48:09 -05:00
let in_fn = self.in_fn;
Move replace and swap to std::mem. Get rid of std::util Also move Void to std::any, move drop to std::mem and reexport in prelude.
2014-01-31 14:35:36 -06:00
let orig_in_fn = replace(&mut self.in_fn, match item.node {
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemMod(..) => false, // modules turn privacy back on
Fix all violations of stronger guarantees for mutable borrows Fix all violations in the Rust source tree of the stronger guarantee of a unique access path for mutable borrows as described in #12624.
2014-06-13 22:48:09 -05:00
_ => in_fn, // otherwise we inherit
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
});
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_item(self, item);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.in_fn = orig_in_fn;
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
fn visit_fn(&mut self, fk: visit::FnKind<'v>, fd: &'v ast::FnDecl,
b: &'v ast::Block, s: Span, _: ast::NodeId) {
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// This catches both functions and methods
Move replace and swap to std::mem. Get rid of std::util Also move Void to std::any, move drop to std::mem and reexport in prelude.
2014-01-31 14:35:36 -06:00
let orig_in_fn = replace(&mut self.in_fn, true);
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_fn(self, fk, fd, b, s);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
self.in_fn = orig_in_fn;
}
Forbid unnecessary visibility on view items For `use` statements, this means disallowing qualifiers when in functions and disallowing `priv` outside of functions. For `extern mod` statements, this means disallowing everything everywhere. It may have been envisioned for `pub extern mod foo` to be a thing, but it currently doesn't do anything (resolve doesn't pick it up), so better to err on the side of forwards-compatibility and forbid it entirely for now. Closes #9957
2014-01-16 15:27:27 -06:00
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_view_item(&mut self, i: &ast::ViewItem) {
Forbid unnecessary visibility on view items For `use` statements, this means disallowing qualifiers when in functions and disallowing `priv` outside of functions. For `extern mod` statements, this means disallowing everything everywhere. It may have been envisioned for `pub extern mod foo` to be a thing, but it currently doesn't do anything (resolve doesn't pick it up), so better to err on the side of forwards-compatibility and forbid it entirely for now. Closes #9957
2014-01-16 15:27:27 -06:00
match i.vis {
ast::Inherited => {}
ast::Public => {
if self.in_fn {
self.tcx.sess.span_err(i.span, "unnecessary `pub`, imports \
in functions are never \
reachable");
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
} else if let ast::ViewItemExternCrate(..) = i.node {
self.tcx.sess.span_err(i.span, "`pub` visibility \
is not allowed");
Forbid unnecessary visibility on view items For `use` statements, this means disallowing qualifiers when in functions and disallowing `priv` outside of functions. For `extern mod` statements, this means disallowing everything everywhere. It may have been envisioned for `pub extern mod foo` to be a thing, but it currently doesn't do anything (resolve doesn't pick it up), so better to err on the side of forwards-compatibility and forbid it entirely for now. Closes #9957
2014-01-16 15:27:27 -06:00
}
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_view_item(self, i);
Forbid unnecessary visibility on view items For `use` statements, this means disallowing qualifiers when in functions and disallowing `priv` outside of functions. For `extern mod` statements, this means disallowing everything everywhere. It may have been envisioned for `pub extern mod foo` to be a thing, but it currently doesn't do anything (resolve doesn't pick it up), so better to err on the side of forwards-compatibility and forbid it entirely for now. Closes #9957
2014-01-16 15:27:27 -06:00
}
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
impl<'a, 'tcx> SanePrivacyVisitor<'a, 'tcx> {
Fix misspellings in comments.
2014-04-20 23:49:39 -05:00
/// Validates all of the visibility qualifiers placed on the item given. This
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
/// ensures that there are no extraneous qualifiers that don't actually do
/// anything. In theory these qualifiers wouldn't parse, but that may happen
/// later on down the road...
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
fn check_sane_privacy(&self, item: &ast::Item) {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
let tcx = self.tcx;
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
let check_inherited = |sp: Span, vis: ast::Visibility, note: &str| {
if vis != ast::Inherited {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
tcx.sess.span_err(sp, "unnecessary visibility qualifier");
if note.len() > 0 {
tcx.sess.span_note(sp, note);
}
rustc: Implement private fields for max/min classes
2012-09-04 16:48:32 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
};
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
match item.node {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
// implementations of traits don't need visibility qualifiers because
// that's controlled by having the trait in scope.
Parse `unsafe impl` but don't do anything particularly interesting with the results.
2014-12-10 05:15:06 -06:00
ast::ItemImpl(_, _, Some(..), _, ref impl_items) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
check_inherited(item.span, item.vis,
"visibility qualifiers have no effect on trait \
impls");
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
for impl_item in impl_items.iter() {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref m) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
check_inherited(m.span, m.pe_vis(), "");
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => {}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
}
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
ast::ItemImpl(..) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
check_inherited(item.span, item.vis,
"place qualifiers on individual methods instead");
}
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
ast::ItemForeignMod(..) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
check_inherited(item.span, item.vis,
"place qualifiers on individual functions \
instead");
}
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemEnum(ref def, _) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
for v in def.variants.iter() {
match v.node.vis {
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::Public => {
if item.vis == ast::Public {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
tcx.sess.span_err(v.span, "unnecessary `pub` \
visibility");
}
}
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::Inherited => {}
Correctly encode item visibility in metadata This fixes private statics and functions from being usable cross-crates, along with some bad privacy error messages. This is a reopening of #8365 with all the privacy checks in privacy.rs instead of resolve.rs (where they should be anyway). These maps of exported items will hopefully get used for generating documentation by rustdoc Closes #8592
2013-08-07 02:11:34 -05:00
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
}
}
Parse `unsafe trait` but do not do anything with it beyond parsing and integrating into rustdoc etc.
2014-12-09 18:59:20 -06:00
ast::ItemTrait(_, _, _, _, ref methods) => {
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
for m in methods.iter() {
match *m {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
ast::ProvidedMethod(ref m) => {
change to new trait style for method field refs Per @pnkfelix 's suggestion, using a trait to make these field accesses more readable (and vastly more similar to the original code. oops fix new ast_map fix
2014-07-14 18:31:52 -05:00
check_inherited(m.span, m.pe_vis(),
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
"unnecessary visibility");
}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
ast::RequiredMethod(ref m) => {
syntax: Clean out obsolete syntax parsing All of these features have been obsolete since February 2014, where most have been obsolete since 2013. There shouldn't be any more need to keep around the parser hacks after this length of time.
2014-05-22 12:49:26 -05:00
check_inherited(m.span, m.vis,
"unnecessary visibility");
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeTraitItem(_) => {}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
}
librustc: Enforce privacy for static methods. This starts moving a bunch of privacy checks into the privacy checking phase and out of resolve.
2013-03-18 19:20:45 -05:00
rustc: Add `const` globals to the language This change is an implementation of [RFC 69][rfc] which adds a third kind of global to the language, `const`. This global is most similar to what the old `static` was, and if you're unsure about what to use then you should use a `const`. The semantics of these three kinds of globals are: * A `const` does not represent a memory location, but only a value. Constants are translated as rvalues, which means that their values are directly inlined at usage location (similar to a #define in C/C++). Constant values are, well, constant, and can not be modified. Any "modification" is actually a modification to a local value on the stack rather than the actual constant itself. Almost all values are allowed inside constants, whether they have interior mutability or not. There are a few minor restrictions listed in the RFC, but they should in general not come up too often. * A `static` now always represents a memory location (unconditionally). Any references to the same `static` are actually a reference to the same memory location. Only values whose types ascribe to `Sync` are allowed in a `static`. This restriction is in place because many threads may access a `static` concurrently. Lifting this restriction (and allowing unsafe access) is a future extension not implemented at this time. * A `static mut` continues to always represent a memory location. All references to a `static mut` continue to be `unsafe`. This is a large breaking change, and many programs will need to be updated accordingly. A summary of the breaking changes is: * Statics may no longer be used in patterns. Statics now always represent a memory location, which can sometimes be modified. To fix code, repurpose the matched-on-`static` to a `const`. static FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } change this code to: const FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } * Statics may no longer refer to other statics by value. Due to statics being able to change at runtime, allowing them to reference one another could possibly lead to confusing semantics. If you are in this situation, use a constant initializer instead. Note, however, that statics may reference other statics by address, however. * Statics may no longer be used in constant expressions, such as array lengths. This is due to the same restrictions as listed above. Use a `const` instead. [breaking-change] [rfc]: https://github.com/rust-lang/rfcs/pull/246
2014-10-06 10:17:01 -05:00
ast::ItemConst(..) | ast::ItemStatic(..) | ast::ItemStruct(..) |
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemFn(..) | ast::ItemMod(..) | ast::ItemTy(..) |
rustc: Remove private enum variants This removes the `priv` keyword from the language and removes private enum variants as a result. The remaining use cases of private enum variants were all updated to be a struct with one private field that is a private enum. RFC: 0006-remove-priv Closes #13535
2014-04-15 20:02:58 -05:00
ast::ItemMac(..) => {}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
}
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
/// When inside of something like a function or a method, visibility has no
/// control over anything so this forbids any mention of any visibility
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
fn check_all_inherited(&self, item: &ast::Item) {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
let tcx = self.tcx;
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
fn check_inherited(tcx: &ty::ctxt, sp: Span, vis: ast::Visibility) {
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
if vis != ast::Inherited {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
tcx.sess.span_err(sp, "visibility has no effect inside functions");
}
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
}
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
let check_struct = |def: &ast::StructDef| {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
for f in def.fields.iter() {
match f.node.kind {
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
ast::NamedField(_, p) => check_inherited(tcx, f.span, p),
syntax: Permit visibility on tuple fields This change is in preparation for #8122. Nothing is currently done with these visibility qualifiers, they are just parsed and accepted by the compiler. RFC: 0004-private-fields
2014-03-25 18:53:52 -05:00
ast::UnnamedField(..) => {}
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
};
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
check_inherited(tcx, item.span, item.vis);
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
match item.node {
Parse `unsafe impl` but don't do anything particularly interesting with the results.
2014-12-10 05:15:06 -06:00
ast::ItemImpl(_, _, _, _, ref impl_items) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
for impl_item in impl_items.iter() {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref m) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
check_inherited(tcx, m.span, m.pe_vis());
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => {}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemForeignMod(ref fm) => {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
for i in fm.items.iter() {
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
check_inherited(tcx, i.span, i.vis);
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemEnum(ref def, _) => {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
for v in def.variants.iter() {
Fix other bugs with new closure borrowing This fixes various issues throughout the standard distribution and tests.
2014-04-22 01:25:18 -05:00
check_inherited(tcx, v.span, v.node.vis);
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::ItemStruct(ref def, _) => check_struct(&**def),
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
Parse `unsafe trait` but do not do anything with it beyond parsing and integrating into rustdoc etc.
2014-12-09 18:59:20 -06:00
ast::ItemTrait(_, _, _, _, ref methods) => {
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
for m in methods.iter() {
match *m {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
ast::RequiredMethod(..) => {}
ast::ProvidedMethod(ref m) => check_inherited(tcx, m.span,
change to new trait style for method field refs Per @pnkfelix 's suggestion, using a trait to make these field accesses more readable (and vastly more similar to the original code. oops fix new ast_map fix
2014-07-14 18:31:52 -05:00
m.pe_vis()),
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeTraitItem(_) => {}
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
}
rustc: Add `const` globals to the language This change is an implementation of [RFC 69][rfc] which adds a third kind of global to the language, `const`. This global is most similar to what the old `static` was, and if you're unsure about what to use then you should use a `const`. The semantics of these three kinds of globals are: * A `const` does not represent a memory location, but only a value. Constants are translated as rvalues, which means that their values are directly inlined at usage location (similar to a #define in C/C++). Constant values are, well, constant, and can not be modified. Any "modification" is actually a modification to a local value on the stack rather than the actual constant itself. Almost all values are allowed inside constants, whether they have interior mutability or not. There are a few minor restrictions listed in the RFC, but they should in general not come up too often. * A `static` now always represents a memory location (unconditionally). Any references to the same `static` are actually a reference to the same memory location. Only values whose types ascribe to `Sync` are allowed in a `static`. This restriction is in place because many threads may access a `static` concurrently. Lifting this restriction (and allowing unsafe access) is a future extension not implemented at this time. * A `static mut` continues to always represent a memory location. All references to a `static mut` continue to be `unsafe`. This is a large breaking change, and many programs will need to be updated accordingly. A summary of the breaking changes is: * Statics may no longer be used in patterns. Statics now always represent a memory location, which can sometimes be modified. To fix code, repurpose the matched-on-`static` to a `const`. static FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } change this code to: const FOO: uint = 4; match n { FOO => { /* ... */ } _ => { /* ... */ } } * Statics may no longer refer to other statics by value. Due to statics being able to change at runtime, allowing them to reference one another could possibly lead to confusing semantics. If you are in this situation, use a constant initializer instead. Note, however, that statics may reference other statics by address, however. * Statics may no longer be used in constant expressions, such as array lengths. This is due to the same restrictions as listed above. Use a `const` instead. [breaking-change] [rfc]: https://github.com/rust-lang/rfcs/pull/246
2014-10-06 10:17:01 -05:00
ast::ItemStatic(..) | ast::ItemConst(..) |
libsyntax: Renamed types, traits and enum variants to CamelCase.
2014-01-09 07:05:33 -06:00
ast::ItemFn(..) | ast::ItemMod(..) | ast::ItemTy(..) |
ast::ItemMac(..) => {}
Forbid privacy in inner functions Closes #10111
2013-11-05 20:06:27 -06:00
}
}
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
struct VisiblePrivateTypesVisitor<'a, 'tcx: 'a> {
tcx: &'a ty::ctxt<'tcx>,
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
exported_items: &'a ExportedItems,
public_items: &'a PublicItems,
Un-feature gate struct variants Struct variant field visibility is now inherited. Remove `pub` keywords from declarations. Closes #18641 [breaking-change]
2014-11-15 19:57:54 -06:00
in_variant: bool,
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
struct CheckTypeForPrivatenessVisitor<'a, 'b: 'a, 'tcx: 'b> {
inner: &'a VisiblePrivateTypesVisitor<'b, 'tcx>,
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
/// whether the type refers to private types.
contains_private: bool,
/// whether we've recurred at all (i.e. if we're pointing at the
/// first type on which visit_ty was called).
at_outer_type: bool,
// whether that first type is a public path.
outer_type_is_public_path: bool,
}
rustc: fix fallout from the addition of a 'tcx lifetime on tcx.
2014-04-22 07:56:37 -05:00
impl<'a, 'tcx> VisiblePrivateTypesVisitor<'a, 'tcx> {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
fn path_is_private_type(&self, path_id: ast::NodeId) -> bool {
fallout from deprecating find_copy and get_copy
2014-11-07 13:35:18 -06:00
let did = match self.tcx.def_map.borrow().get(&path_id).cloned() {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
// `int` etc. (None doesn't seem to occur.)
Move Def out of syntax crate, where it does not belong
2014-05-14 14:31:30 -05:00
None | Some(def::DefPrimTy(..)) => return false,
Some(def) => def.def_id()
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
};
// A path can only be private if:
// it's in this crate...
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
if !is_local(did) {
return false
}
// .. and it corresponds to a private type in the AST (this returns
// None for type parameters)
match self.tcx.map.find(did.node) {
Some(ast_map::NodeItem(ref item)) => item.vis != ast::Public,
Some(_) | None => false,
}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
fn trait_is_public(&self, trait_id: ast::NodeId) -> bool {
// FIXME: this would preferably be using `exported_items`, but all
// traits are exported currently (see `EmbargoVisitor.exported_trait`)
self.public_items.contains(&trait_id)
}
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
fn check_ty_param_bound(&self,
span: Span,
ty_param_bound: &ast::TyParamBound) {
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let ast::TraitTyParamBound(ref trait_ref) = *ty_param_bound {
if !self.tcx.sess.features.borrow().visible_private_types &&
self.path_is_private_type(trait_ref.trait_ref.ref_id) {
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
self.tcx.sess.span_err(span,
"private type in exported type \
parameter bound");
}
}
}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'a, 'b, 'tcx, 'v> Visitor<'v> for CheckTypeForPrivatenessVisitor<'a, 'b, 'tcx> {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_ty(&mut self, ty: &ast::Ty) {
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let ast::TyPath(_, path_id) = ty.node {
if self.inner.path_is_private_type(path_id) {
self.contains_private = true;
// found what we're looking for so let's stop
// working.
return
} else if self.at_outer_type {
self.outer_type_is_public_path = true;
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
self.at_outer_type = false;
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_ty(self, ty)
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
// don't want to recurse into [, .. expr]
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_expr(&mut self, _: &ast::Expr) {}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
impl<'a, 'tcx, 'v> Visitor<'v> for VisiblePrivateTypesVisitor<'a, 'tcx> {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_item(&mut self, item: &ast::Item) {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
match item.node {
// contents of a private mod can be reexported, so we need
// to check internals.
ast::ItemMod(_) => {}
// An `extern {}` doesn't introduce a new privacy
// namespace (the contents have their own privacies).
ast::ItemForeignMod(_) => {}
Parse `unsafe trait` but do not do anything with it beyond parsing and integrating into rustdoc etc.
2014-12-09 18:59:20 -06:00
ast::ItemTrait(_, _, _, ref bounds, _) => {
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
if !self.trait_is_public(item.id) {
return
}
for bound in bounds.iter() {
self.check_ty_param_bound(item.span, bound)
}
}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
// impls need some special handling to try to offer useful
// error messages without (too many) false positives
// (i.e. we could just return here to not check them at
// all, or some worse estimation of whether an impl is
Fix spelling errors.
2014-07-02 20:27:07 -05:00
// publicly visible.
Parse `unsafe impl` but don't do anything particularly interesting with the results.
2014-12-10 05:15:06 -06:00
ast::ItemImpl(_, ref g, ref trait_ref, ref self_, ref impl_items) => {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
// `impl [... for] Private` is never visible.
let self_contains_private;
// impl [... for] Public<...>, but not `impl [... for]
// ~[Public]` or `(Public,)` etc.
let self_is_public_path;
// check the properties of the Self type:
{
let mut visitor = CheckTypeForPrivatenessVisitor {
inner: self,
contains_private: false,
at_outer_type: true,
outer_type_is_public_path: false,
};
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
visitor.visit_ty(&**self_);
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
self_contains_private = visitor.contains_private;
self_is_public_path = visitor.outer_type_is_public_path;
}
Fix misspellings in comments.
2014-04-20 23:49:39 -05:00
// miscellaneous info about the impl
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
// `true` iff this is `impl Private for ...`.
let not_private_trait =
trait_ref.as_ref().map_or(true, // no trait counts as public trait
|tr| {
let did = ty::trait_ref_to_def_id(self.tcx, tr);
!is_local(did) || self.trait_is_public(did.node)
});
// `true` iff this is a trait impl or at least one method is public.
//
// `impl Public { $( fn ...() {} )* }` is not visible.
//
// This is required over just using the methods' privacy
// directly because we might have `impl<T: Foo<Private>> ...`,
// and we shouldn't warn about the generics if all the methods
// are private (because `T` won't be visible externally).
let trait_or_some_public_method =
trait_ref.is_some() ||
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
impl_items.iter()
.any(|impl_item| {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref m) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
self.exported_items.contains(&m.id)
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => false,
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
});
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
if !self_contains_private &&
not_private_trait &&
trait_or_some_public_method {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_generics(self, g);
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
match *trait_ref {
None => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
for impl_item in impl_items.iter() {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref method) => {
visit::walk_method_helper(self, &**method)
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => {}
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
Some(ref tr) => {
// Any private types in a trait impl fall into two
// categories.
// 1. mentioned in the trait definition
// 2. mentioned in the type params/generics
//
// Those in 1. can only occur if the trait is in
// this crate and will've been warned about on the
// trait definition (there's no need to warn twice
// so we don't check the methods).
//
// Those in 2. are warned via walk_generics and this
// call here.
Update parser with `for` syntax
2014-11-07 05:53:45 -06:00
self.visit_trait_ref(tr)
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
} else if trait_ref.is_none() && self_is_public_path {
// impl Public<Private> { ... }. Any public static
// methods will be visible as `Public::foo`.
let mut found_pub_static = false;
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
for impl_item in impl_items.iter() {
match *impl_item {
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
ast::MethodImplItem(ref method) => {
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
if method.pe_explicit_self().node ==
ast::SelfStatic &&
self.exported_items
.contains(&method.id) {
found_pub_static = true;
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
visit::walk_method_helper(self, &**method);
librustc: Stop assuming that implementations and traits only contain methods. This paves the way to associated items by introducing an extra level of abstraction ("impl-or-trait item") between traits/implementations and methods. This new abstraction is encoded in the metadata and used throughout the compiler where appropriate. There are no functional changes; this is purely a refactoring.
2014-08-04 15:56:56 -05:00
}
}
librustc: Implement associated types behind a feature gate. The implementation essentially desugars during type collection and AST type conversion time into the parameter scheme we have now. Only fully qualified names--e.g. `<T as Foo>::Bar`--are supported.
2014-08-05 21:44:21 -05:00
ast::TypeImplItem(_) => {}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
if found_pub_static {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_generics(self, g)
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
return
}
// `type ... = ...;` can contain private types, because
// we're introducing a new name.
ast::ItemTy(..) => return,
// not at all public, so we don't care
_ if !self.exported_items.contains(&item.id) => return,
_ => {}
}
// we've carefully constructed it so that if we're here, then
// any `visit_ty`'s will be called on things that are in
// public signatures, i.e. things that we're interested in for
// this visitor.
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_item(self, item);
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
fn visit_generics(&mut self, generics: &ast::Generics) {
for ty_param in generics.ty_params.iter() {
for bound in ty_param.bounds.iter() {
self.check_ty_param_bound(ty_param.span, bound)
}
}
for predicate in generics.where_clause.predicates.iter() {
Add support for equality constraints on associated types
2014-11-28 22:08:30 -06:00
match predicate {
Reviewer comments
2014-12-02 17:03:02 -06:00
&ast::WherePredicate::BoundPredicate(ref bound_pred) => {
Add support for equality constraints on associated types
2014-11-28 22:08:30 -06:00
for bound in bound_pred.bounds.iter() {
self.check_ty_param_bound(bound_pred.span, bound)
}
}
Reviewer comments
2014-12-02 17:03:02 -06:00
&ast::WherePredicate::EqPredicate(ref eq_pred) => {
Add support for equality constraints on associated types
2014-11-28 22:08:30 -06:00
self.visit_ty(&*eq_pred.ty);
}
librustc: Forbid private types in public APIs. This breaks code like: struct Foo { ... } pub fn make_foo() -> Foo { ... } Change this code to: pub struct Foo { // note `pub` ... } pub fn make_foo() -> Foo { ... } The `visible_private_types` lint has been removed, since it is now an error to attempt to expose a private type in a public API. In its place a `#[feature(visible_private_types)]` gate has been added. Closes #16463. RFC #48. [breaking-change]
2014-09-19 14:30:07 -05:00
}
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_foreign_item(&mut self, item: &ast::ForeignItem) {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
if self.exported_items.contains(&item.id) {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_foreign_item(self, item)
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
Track the visited AST's lifetime throughout Visitor.
2014-09-09 17:54:36 -05:00
fn visit_fn(&mut self, fk: visit::FnKind<'v>, fd: &'v ast::FnDecl,
b: &'v ast::Block, s: Span, id: ast::NodeId) {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
// needs special handling for methods.
if self.exported_items.contains(&id) {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_fn(self, fk, fd, b, s);
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_ty(&mut self, t: &ast::Ty) {
Replace some verbose match statements with their `if let` equivalent. No semantic changes, no enabling `if let` where it wasn't already enabled.
2014-11-29 15:41:21 -06:00
if let ast::TyPath(ref p, path_id) = t.node {
if !self.tcx.sess.features.borrow().visible_private_types &&
self.path_is_private_type(path_id) {
self.tcx.sess.span_err(p.span,
"private type in exported type signature");
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_ty(self, t)
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_variant(&mut self, v: &ast::Variant, g: &ast::Generics) {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
if self.exported_items.contains(&v.node.id) {
Un-feature gate struct variants Struct variant field visibility is now inherited. Remove `pub` keywords from declarations. Closes #18641 [breaking-change]
2014-11-15 19:57:54 -06:00
self.in_variant = true;
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_variant(self, v, g);
Un-feature gate struct variants Struct variant field visibility is now inherited. Remove `pub` keywords from declarations. Closes #18641 [breaking-change]
2014-11-15 19:57:54 -06:00
self.in_variant = false;
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_struct_field(&mut self, s: &ast::StructField) {
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
match s.node.kind {
Un-feature gate struct variants Struct variant field visibility is now inherited. Remove `pub` keywords from declarations. Closes #18641 [breaking-change]
2014-11-15 19:57:54 -06:00
ast::NamedField(_, vis) if vis == ast::Public || self.in_variant => {
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_struct_field(self, s);
rustc: Switch struct fields to private by default This commit switches privacy's checking of fields to have *all* fields be private by default. This does not yet change tuple structs, this only affects structs with named fields. The fallout of this change will follow shortly. RFC: 0004-private-fields cc #8122 Closes #11809
2014-03-27 15:22:56 -05:00
}
_ => {}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
}
// we don't need to introspect into these at all: an
// expression/block context can't possibly contain exported
// things, and neither do view_items. (Making them no-ops stops us
// from traversing the whole AST without having to be super
// careful about our `walk_...` calls above.)
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
fn visit_view_item(&mut self, _: &ast::ViewItem) {}
fn visit_block(&mut self, _: &ast::Block) {}
fn visit_expr(&mut self, _: &ast::Expr) {}
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
De-@ ty::ctxt usage.
2014-03-05 21:07:47 -06:00
pub fn check_crate(tcx: &ty::ctxt,
rustc: middle: move Export and ExportMap from resolve to def.
2014-12-18 16:03:00 -06:00
export_map: &def::ExportMap,
Extract privacy checking from name resolution This commit is the culmination of my recent effort to refine Rust's notion of privacy and visibility among crates. The major goals of this commit were to remove privacy checking from resolve for the sake of sane error messages, and to attempt a much more rigid and well-tested implementation of visibility throughout rust. The implemented rules for name visibility are: 1. Everything pub from the root namespace is visible to anyone 2. You may access any private item of your ancestors. "Accessing a private item" depends on what the item is, so for a function this means that you can call it, but for a module it means that you can look inside of it. Once you look inside a private module, any accessed item must be "pub from the root" where the new root is the private module that you looked into. These rules required some more analysis results to get propagated from trans to privacy in the form of a few hash tables. I added a new test in which my goal was to showcase all of the privacy nuances of the language, and I hope to place any new bugs into this file to prevent regressions. Overall, I was unable to completely remove the notion of privacy from resolve. One use of privacy is for dealing with glob imports. Essentially a glob import can only import *public* items from the destination, and because this must be done at namespace resolution time, resolve must maintain the notion of "what items are public in a module". There are some sad approximations of privacy, but I unfortunately can't see clear methods to extract them outside. The other use case of privacy in resolve now is one that must stick around regardless of glob imports. When dealing with privacy, checking a private path needs to know "what the last private thing was" when looking at a path. Resolve is the only compiler pass which knows the answer to this question, so it maintains the answer on a per-path resolution basis (works similarly to the def_map generated). Closes #8215
2013-10-05 16:37:39 -05:00
external_exports: resolve::ExternalExports,
rustc: fix fallout from using ptr::P.
2014-09-07 12:09:06 -05:00
last_private_map: resolve::LastPrivateMap)
-> (ExportedItems, PublicItems) {
let krate = tcx.map.krate();
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Figure out who everyone's parent is
let mut visitor = ParentVisitor {
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
parents: NodeMap::new(),
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
curparent: ast::DUMMY_NODE_ID,
};
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_crate(&mut visitor, krate);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Use the parent map to check the privacy of everything
let mut visitor = PrivacyVisitor {
curitem: ast::DUMMY_NODE_ID,
Check the privacy of implemented traits This bug showed up because the visitor only visited the path of the implemented trait via walk_path (with no corresponding visit_path function). I have modified the visitor to use visit_path (which is now overridable), and the privacy visitor overrides this function and now properly checks for the privacy of all paths. Closes #10857
2013-12-08 13:25:35 -06:00
in_foreign: false,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
tcx: tcx,
parents: visitor.parents,
external_exports: external_exports,
last_private_map: last_private_map,
};
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_crate(&mut visitor, krate);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
// Sanity check to make sure that all privacy usage and controls are
// reasonable.
let mut visitor = SanePrivacyVisitor {
in_fn: false,
tcx: tcx,
};
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_crate(&mut visitor, krate);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
tcx.sess.abort_if_errors();
// Build up a set of all exported items in the AST. This is a set of all
// items which are reachable from external crates based on visibility.
let mut visitor = EmbargoVisitor {
tcx: tcx,
rustc: Move to FNV hashing for node/def ids This leverages the new hashing framework and hashmap implementation to provide a much speedier hashing algorithm for node ids and def ids. The hash algorithm used is currentl FNV hashing, but it's quite easy to swap out. I originally implemented hashing as the identity function, but this actually ended up in slowing down rustc compiling libstd from 8s to 13s. I would suspect that this is a result of a large number of collisions. With FNV hashing, we get these timings (compiling with --no-trans, in seconds): | | before | after | |-----------|---------:|--------:| | libstd | 8.324 | 6.703 | | stdtest | 47.674 | 46.857 | | libsyntax | 9.918 | 8.400 |
2014-02-28 16:34:26 -06:00
exported_items: NodeSet::new(),
public_items: NodeSet::new(),
reexports: NodeSet::new(),
middle: resolve: fix inconsistencies around ExportMap and remove the 2 suffix.
2014-12-18 12:27:17 -06:00
export_map: export_map,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
prev_exported: true,
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
prev_public: true,
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
};
loop {
let before = visitor.exported_items.len();
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_crate(&mut visitor, krate);
Move more of the exportation burden into privacy I added a test case which does not compile today, and required changes on privacy's side of things to get right. Additionally, this moves a good bit of logic which did not belong in reachability into privacy. All of reachability should solely be responsible for determining what the reachable surface area of a crate is given the exported surface area (where the exported surface area is that which is usable by external crates). Privacy will now correctly figure out what's exported by deeply looking through reexports. Previously if a module were reexported under another name, nothing in the module would actually get exported in the executable. I also consolidated the phases of privacy to be clearer about what's an input to what. The privacy checking pass no longer uses the notion of an "all public" path, and the embargo visitor is no longer an input to the checking pass. Currently the embargo visitor is built as a saturating analysis because it's unknown what portions of the AST are going to get re-exported.
2013-11-20 17:15:34 -06:00
if before == visitor.exported_items.len() {
break
}
Forbid pub/priv where it has no effect Closes #5495
2013-08-09 03:25:24 -05:00
}
make missing_doc lint respect the visibility rules Previously, the `exported_items` set created by the privacy pass was incomplete. Specifically, it did not include items that had been defined at a private path but then `pub use`d at a public path. This commit finds all crate exports during the privacy pass. Consequently, some code in the reachable pass and in rustdoc is no longer necessary. This commit then removes the separate `MissingDocLintVisitor` lint pass, opting to check missing_doc lint in the same pass as the other lint checkers using the visibility result computed by the privacy pass. Fixes #9777.
2013-11-11 22:17:47 -06:00
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
let EmbargoVisitor { exported_items, public_items, .. } = visitor;
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
{
let mut visitor = VisiblePrivateTypesVisitor {
tcx: tcx,
exported_items: &exported_items,
Un-feature gate struct variants Struct variant field visibility is now inherited. Remove `pub` keywords from declarations. Closes #18641 [breaking-change]
2014-11-15 19:57:54 -06:00
public_items: &public_items,
in_variant: false,
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
};
Remove largely unused context from Visitor.
2014-09-12 05:10:30 -05:00
visit::walk_crate(&mut visitor, krate);
rustc: implement a lint for publicly visible private types. These are types that are in exported type signatures, but are not exported themselves, e.g. struct Foo { ... } pub fn bar() -> Foo { ... } will warn about the Foo. Such types are not listed in documentation, and cannot be named outside the crate in which they are declared, which is very user-unfriendly. cc #10573
2014-02-27 01:33:03 -06:00
}
Inline reexports in rustdoc If a reexport comes from a non-public module, then the documentation for the reexport will be inlined into the module that exports it, but if the reexport is targeted at a public type (like the prelude), then it is not inlined but rather hyperlinked.
2014-01-07 20:46:16 -06:00
return (exported_items, public_items);
Forbid pub/priv where it has no effect Closes #5495
2013-08-09 03:25:24 -05:00
}
Reference in New Issue Copy Permalink