This is a somewhat odd place to put these checks, but the data tracked
by that pass, and the available functions, make it trivial to do such
a check there.
In code like "auto foo = fail", a type gets inferred for foo
depending on how it's used. However, fail still has type _|_ and
still should be treated that way: particularly, its value shouldn't
be copied. Fixed trans to reflect that.
Before, all aliases were implicitly mutable, and writing
&mutable was the same as writing &. Now, the two are
distinguished, and assignments to regular aliases are
no longer allowed.
Improve error message in the case where a use of a polymorphic tag has
insufficient type arguments given. Before, the typechecker was
just crashing with a bounds check error.
The old system tried to ensure that the location an alias pointed at
would retain its type. That turned out to not be strong enough in the
face of aliases to the inside of tags.
The new system instead proves that values pointed to by aliases are
not replaced (or invalidated in some other way) at all. It knows of
two sufficient conditions for this, and tries to prove at least of
them:
A) The alias is 'immutably rooted' in a local, and this local is not
reassigned for the lifetime of the alias. Immutably rooted means
the alias refers to the local itself, or to something reachable
from the local through immutable dereferencing.
B) No value whose type might include the type of the 'inner mutable
element' of the thing the alias refers to (for example, the box in
rec(mutable x = @mutable int)) is from the outer scope is accessed
for the lifetime of the alias. This means for functions, no other
argument types may include the alias's inner mutable type. For alt,
for each, and for, it means the body does not refer to any locals
originating from outside their scope that include this type.
The lifetime of an alias in an alt, for each, or for body is defined
as the range from its definition to its last use, not to the point
where it goes out of scope. This makes working around these
restrictions somewhat less annoying. For example, you can assign to
your alt-ed value you don't refer to any bindings afterwards.
The alias checker works by ensuring that any value to which an alias
is created is rooted in some way that ensures it outlives the alias.
It is now disallowed to create an alias to the content of a mutable
box, or to a box hanging off a mutable field. There is also machinery
in place to prevent assignment to local variables whenever they are
the root of a live alias.
A non-returning call should have a postcondition in which all predicates
are true -- not just a poststate. Otherwise, alt expressions where
one or more branches terminate in a non-returning call and others
initialize a variable get rejected.
Includes a test case.
Changed the typechecker to correctly typecheck the declared variable
type in a for or for-each loop against the vector element type (for
a for loop) or the iterator type (for a for-each loop). Added a
test case.
The test was meant to verify that the typechecker correctly
allows a _|_ value (break, here) to be used in any context.
However, the compiler fails with an LLVM assertion failure.
I xfailed it, but wanted it to be on the record anyway.
The typechecker had a number of special cases for unifying types
with _|_ (as with checking if and alt). But, a value of type _|_
should be usable in any context, as such a value always diverges,
and will never be used by its immediate context. Changed unify
accordingly, removed special cases.
The error message for (for example) "import vec;" without "use std;"
was "cyclic import", which was misleading because there were no
cycles. I changed it to "cyclic import or nonexistent module",
which doesn't break existing tests.
Previously, if you wrote
let @vec[int] foo = @[];
that would be a type error. That didn't seem right, so I changed
pushdown to unify the inner type in an unop application with the
argument type of the operator type.
This required quite a bit of tiresome plumbing about of spans.
On the bright side, now other errors can be converted to span_err too.
Includes test cases.
With the scheme used to translate 'else if' currently the if expression is
translated in a new (else) scope context. If that if expression wants to
result in a value that requires refcounting then it will need to drop the
refcount in the cleanups of the else block.
Blocks return in a copy of the result of their ending expression, not the
direct result of the ending expression, as that may be a local variable which
gets zeroed by drop_slot.
* Reorganized typestate into several modules.
* Made typestate check that any function with a non-nil return type
returns a value. For now, the check is a warning and not an error
(see next item).
* Added a "bot" type (prettyprinted as _|_), for constructs like be, ret, break, cont, and
fail that don't locally return a value that can be inspected. "bot"
is distinct from "nil". There is no concrete syntax for _|_, while
the concrete syntax for the nil type is ().
* Added support to the parser for a ! annotation on functions whose
result type is _|_. Such a function is required to have either a
fail or a call to another ! function that is reached in all control
flow paths. The point of this annotation is to mark functions like
unimpl() and span_err(), so that an alt with a call to err() in one
case isn't a false positive for the return-value checker. I haven't
actually annotated anything with it yet.
* Random bugfixes:
* * Fixed bug in trans::trans_binary that was throwing away the
cleanups for nested subexpressions of an and or or
(tests: box-inside-if and box-inside-if2).
** In typeck, unify the expected type arguments of a tag with the
actual specified arguments.
Ping me if you disagree, but I think that in a language that's as
in-flux as rust currently is, it is silly to try and enforce a single
future-compatibility. The reserved words didn't work well with the
parser refactor, so I dropped them for the time being. We can,
eventually, bring them back as type-only reserved words.
Module names no longer clash with type and value names. The
tokenizer/parser still needs to be taught to be more careful in
identifying keywords, so that we can use 'str' and 'vec' and so as
module names.
* Cleans up the algorithm
* Move first pass to walk (second still folds)
* Support part of a type/value namespace split
(crate metadata and module indices still need to be taught about this)
* Remove a few blatant inefficiencies (import tables being recreated for
every lookup, most importantly)
This finally allows the full lib-sha1 test to run in a reasonable amount of
time. Was 30s, now 3s. Trims a second or two from stage2/rustc. XFAIL lib-sha1
in stage0 since it will be very slow until the next snapshot.
This reduces the time to execute the new lib-str tests from 1:40ish to a few
seconds and will eventually allow the full lib-sha1 test to run in a
reasonable amount of time. XFAIL lib-str in stage0 - it will run very slowly
until the next snapshot.
Check that the operand in a constraint is an explicit name,
and that the operands are all local variables or literals. Still need
to check that the name refers to a pure function.
This ensures we don't get compile errors on unreachable code (see
test/run-pass/artificial-block.rs for an example of sane code that
wasn't compiling). In the future, we might want to warn about
non-trivial code appearing in an unreachable context, and/or avoid
generating unreachable code altogether (though I'm sure LLVM will weed
it out as well).
This giant commit changes the syntax of Rust to use "assert" for
"check" expressions that didn't mean anything to the typestate
system, and continue using "check" for checks that are used as
part of typestate checking.
Most of the changes are just replacing "check" with "assert" in test
cases and rustc.
In rustc, nested patterns were potentially matching when they shouldn't
match, because a loop index wasn't being incremented. Fixed it and added
one test case.
Added support for self_method, cont, chan, port, recv, send, be,
do_while, spawn, and ext; handled break and cont correctly.
(However, there are no non-xfailed test cases for ext or spawn in
stage0 currently.)
Although the standard library compiles and all test cases pass with
typestate enabled, I left typestate checking disabled as rustc
terminates abnormally when building the standard library if so,
even though it does generate code correctly.
Lots of work on typestate_check, seems to get a lot of the way
through checking the standard library.
* Added for, for_each, assign_op, bind, cast, put, check, break,
and cont. (I'm not sure break and cont are actually handled correctly.)
* Fixed side-effect bug in seq_preconds so that unioning the
preconditions of a sequence of statements or expressions
is handled correctly.
* Pass poststate correctly through a stmt_decl.
* Handle expr_ret and expr_fail properly (after execution of a ret
or fail, everything is true -- this is needed to handle ifs and alts
where one branch is a ret or fail)
* Fixed bug in set_prestate_ann where a thing that needed to be
mutated wasn't getting passed as an alias
* Fixed bug in how expr_alt was treated (zero is not the identity
for intersect, who knew, right?)
* Update logging to reflect log_err vs. log
* Fixed find_locals so as to return all local decls and exclude
function arguments.
* Make union_postconds work on an empty vector (needed to handle
empty blocks correctly)
* Added _vec.cat_options, which takes a list of option[T] to a list
of T, ignoring any Nones
* Added two test cases.
