Modified typestate to throw away any constraints mentioning a
variable on the LHS of an assignment, recv, assign_op, or on
either side of a swap.
Some code cleanup as well.
If you use a function expecting an alias argument in a context that
expects a function expecting a value argument, or vice versa, the
previous error message complained that the number of arguments was
wrong. Fixed the error message to be accurate.
typestate now drops constraints correctly in the post-state of
a move expression or a declaration whose op is a move. It doesn't
yet drop constraints mentioning variables that get updated.
To do this, I had to change typestate to use trit-vectors instead
of bit-vectors, because for every constraint, there are three
possible values: known-to-be-false (e.g. after x <- y, init(y) is
known-to-be-false), known-to-be-true, and unknown. Before, we
conflated known-to-be-false with unknown. But move requires them
to be treated differently. Consider:
(program a)
(a1) x = 1;
(a2) y <- x;
(a3) log x;
(program b)
(b1) x = 1;
(b2) y <- z;
(b3) log x;
With only two values, the postcondition of statement a2 for
constraint init(x) is the same as that of b2: 0. But in (a2)'s
postcondition, init(x) *must* be false, but in (b2)'s condition,
it's just whatever it was in the postcondition of the preceding statement.
This code was causing a bounds check failure:
fn hd[U](&vec[U] v) -> U {
fn hd1(&vec[U] w) -> U {
ret w.(0);
}
ret hd1(v);
}
because in hd1, U was being treated as if it referred to a type
parameter of hd1, rather than referring to the lexically enclosing binding
for U that's part of hd.
I'm actually not sure whether this is a legit program or not. But I wanted
to get rid of the bounds check error, so I assumed that program shouldn't
compile and made it a proper error message.
This involved, in part, changing the ast::def type so that a def_fn
has a "purity" field. This lets the typechecker determine whether
functions defined in other crates are pure.
It also required updating some error messages in tests. As a test
for cross-crate constrained functions, I added a safe_slice function
to std::str (slice(), with one of the asserts replaced with a
function precondition) and some test cases (various versions of
fn-constraint.rs) that call it. Also, I changed "fn" to "pred" for
some of the boolean functions in std::uint.
I noticed that typestate was being lazier than it should be,
because it was only checking typestate for statements and
top-level expression (that is, the expression in a stmt_expr, but
not any subexpressions). So I rewrote the checks in tstate/ck.rs
to use walk, which exposed a few bugs in typestate that I fixed.
Also added some more test cases for if-check.
I don't currently know how to deal with syntax extensions that appear betweeen
an attribute and an item, so this test captures the error that occurs.
Issue #487
I added a "resolved" version of the ast::constr type -- ty::constr_def
-- that has a def_id field instead of an ann_field. This is more
consistent with other types and eliminates some checking.
Incidentally, I removed the def_map argument to the top-level function
in middle::alias, since the ty::ctxt already has a def_map field.
This is a somewhat odd place to put these checks, but the data tracked
by that pass, and the available functions, make it trivial to do such
a check there.
Before, all aliases were implicitly mutable, and writing
&mutable was the same as writing &. Now, the two are
distinguished, and assignments to regular aliases are
no longer allowed.
Improve error message in the case where a use of a polymorphic tag has
insufficient type arguments given. Before, the typechecker was
just crashing with a bounds check error.
The old system tried to ensure that the location an alias pointed at
would retain its type. That turned out to not be strong enough in the
face of aliases to the inside of tags.
The new system instead proves that values pointed to by aliases are
not replaced (or invalidated in some other way) at all. It knows of
two sufficient conditions for this, and tries to prove at least of
them:
A) The alias is 'immutably rooted' in a local, and this local is not
reassigned for the lifetime of the alias. Immutably rooted means
the alias refers to the local itself, or to something reachable
from the local through immutable dereferencing.
B) No value whose type might include the type of the 'inner mutable
element' of the thing the alias refers to (for example, the box in
rec(mutable x = @mutable int)) is from the outer scope is accessed
for the lifetime of the alias. This means for functions, no other
argument types may include the alias's inner mutable type. For alt,
for each, and for, it means the body does not refer to any locals
originating from outside their scope that include this type.
The lifetime of an alias in an alt, for each, or for body is defined
as the range from its definition to its last use, not to the point
where it goes out of scope. This makes working around these
restrictions somewhat less annoying. For example, you can assign to
your alt-ed value you don't refer to any bindings afterwards.
The alias checker works by ensuring that any value to which an alias
is created is rooted in some way that ensures it outlives the alias.
It is now disallowed to create an alias to the content of a mutable
box, or to a box hanging off a mutable field. There is also machinery
in place to prevent assignment to local variables whenever they are
the root of a live alias.
Changed the typechecker to correctly typecheck the declared variable
type in a for or for-each loop against the vector element type (for
a for loop) or the iterator type (for a for-each loop). Added a
test case.
The error message for (for example) "import vec;" without "use std;"
was "cyclic import", which was misleading because there were no
cycles. I changed it to "cyclic import or nonexistent module",
which doesn't break existing tests.
Previously, if you wrote
let @vec[int] foo = @[];
that would be a type error. That didn't seem right, so I changed
pushdown to unify the inner type in an unop application with the
argument type of the operator type.
This required quite a bit of tiresome plumbing about of spans.
On the bright side, now other errors can be converted to span_err too.
Includes test cases.
* Reorganized typestate into several modules.
* Made typestate check that any function with a non-nil return type
returns a value. For now, the check is a warning and not an error
(see next item).
* Added a "bot" type (prettyprinted as _|_), for constructs like be, ret, break, cont, and
fail that don't locally return a value that can be inspected. "bot"
is distinct from "nil". There is no concrete syntax for _|_, while
the concrete syntax for the nil type is ().
* Added support to the parser for a ! annotation on functions whose
result type is _|_. Such a function is required to have either a
fail or a call to another ! function that is reached in all control
flow paths. The point of this annotation is to mark functions like
unimpl() and span_err(), so that an alt with a call to err() in one
case isn't a false positive for the return-value checker. I haven't
actually annotated anything with it yet.
* Random bugfixes:
* * Fixed bug in trans::trans_binary that was throwing away the
cleanups for nested subexpressions of an and or or
(tests: box-inside-if and box-inside-if2).
** In typeck, unify the expected type arguments of a tag with the
actual specified arguments.
Ping me if you disagree, but I think that in a language that's as
in-flux as rust currently is, it is silly to try and enforce a single
future-compatibility. The reserved words didn't work well with the
parser refactor, so I dropped them for the time being. We can,
eventually, bring them back as type-only reserved words.
Module names no longer clash with type and value names. The
tokenizer/parser still needs to be taught to be more careful in
identifying keywords, so that we can use 'str' and 'vec' and so as
module names.
* Cleans up the algorithm
* Move first pass to walk (second still folds)
* Support part of a type/value namespace split
(crate metadata and module indices still need to be taught about this)
* Remove a few blatant inefficiencies (import tables being recreated for
every lookup, most importantly)
Check that the operand in a constraint is an explicit name,
and that the operands are all local variables or literals. Still need
to check that the name refers to a pure function.
Added support for self_method, cont, chan, port, recv, send, be,
do_while, spawn, and ext; handled break and cont correctly.
(However, there are no non-xfailed test cases for ext or spawn in
stage0 currently.)
Although the standard library compiles and all test cases pass with
typestate enabled, I left typestate checking disabled as rustc
terminates abnormally when building the standard library if so,
even though it does generate code correctly.
Summary says it all. Actually, only nested objects and functions
are handled, but that's better than before. The fold that I was using
before to traverse a crate wasn't working correctly, because annotations
have to reflect the number of local variables of the nearest enclosing
function (in turn, because annotations are represented as bit vectors).
The fold was traversing the AST in the wrong order, first filling in
the annotations correctly, but then re-traversing them with the bit
vector length for any outer nested functions, and so on.
Remedying this required writing a lot of tedious boilerplate code
because I scrapped the idea of using a fold altogether.
I also made typestate_check handle unary, field, alt, and fail.
Also, some miscellaneous changes:
* added annotations to blocks in typeck
* fix pprust so it can handle spawn
* added more logging functions in util.common
* fixed _vec.or
* added maybe and from_maybe in option
* removed fold_block field from ast_fold, since it was never used
module, we should look for 'b' *just* in the module 'a' and then continue
resolving b.c in the environment created by updating *with* a.
Still not 100% correct, but getting there.
* If an import was unused we would never print any errors for it.
* We would keep the existing environment in scope when descending 'foo.bar'
and would find 'bar' in the global environment if there was no 'bar' in
'foo'.
ast.ml - modified arm types for easier polymorphism
- fixed a bug in fmt_type_arm
dead.ml - modified arm types for easier polymorphism
common.ml - added 'either'
- added some useful auxiliary functions
item.ml - modified arm code to be more polymorphic and handle both alt-tag and alt-type, also fixed the problematic case in bad-alt.rs
Makefile - added XFAIL for new alt-type test
bad-alt.rs - added test for invalid alt syntax
alt-type-simple.rs - added simple test for alt type