Generate appropriate constraints for calls to functions with
preconditions, and reject calls where those constraints don't
hold true in the prestate.
...by which I mean that it works for one test case :-)
Before, all aliases were implicitly mutable, and writing
&mutable was the same as writing &. Now, the two are
distinguished, and assignments to regular aliases are
no longer allowed.
Changed function types to include a list of constraints. Added
code for parsing and pretty-printing constraints. This necessitated
splitting pprust into two files (pprust and ppaux) to break a
circulate dependency, as ty_to_str now needs to print out constraints,
which may include literals, but pprust depended on ty.
The old system tried to ensure that the location an alias pointed at
would retain its type. That turned out to not be strong enough in the
face of aliases to the inside of tags.
The new system instead proves that values pointed to by aliases are
not replaced (or invalidated in some other way) at all. It knows of
two sufficient conditions for this, and tries to prove at least of
them:
A) The alias is 'immutably rooted' in a local, and this local is not
reassigned for the lifetime of the alias. Immutably rooted means
the alias refers to the local itself, or to something reachable
from the local through immutable dereferencing.
B) No value whose type might include the type of the 'inner mutable
element' of the thing the alias refers to (for example, the box in
rec(mutable x = @mutable int)) is from the outer scope is accessed
for the lifetime of the alias. This means for functions, no other
argument types may include the alias's inner mutable type. For alt,
for each, and for, it means the body does not refer to any locals
originating from outside their scope that include this type.
The lifetime of an alias in an alt, for each, or for body is defined
as the range from its definition to its last use, not to the point
where it goes out of scope. This makes working around these
restrictions somewhat less annoying. For example, you can assign to
your alt-ed value you don't refer to any bindings afterwards.
Change ty_fn to have a controlflow field. A 'controlflow' is
essentially a bit of data that says whether or not this function
never returns to the caller (if it never returns, that means it calls
"fail" or another "never-returns" function on every control path).
Also add syntax for annotating functions that never return:
fn foo() -> ! {
fail;
}
for example. Functions marked with ! implicitly have a result type of
ty_bot, which is a new type that this commit also adds.
* Reorganized typestate into several modules.
* Made typestate check that any function with a non-nil return type
returns a value. For now, the check is a warning and not an error
(see next item).
* Added a "bot" type (prettyprinted as _|_), for constructs like be, ret, break, cont, and
fail that don't locally return a value that can be inspected. "bot"
is distinct from "nil". There is no concrete syntax for _|_, while
the concrete syntax for the nil type is ().
* Added support to the parser for a ! annotation on functions whose
result type is _|_. Such a function is required to have either a
fail or a call to another ! function that is reached in all control
flow paths. The point of this annotation is to mark functions like
unimpl() and span_err(), so that an alt with a call to err() in one
case isn't a false positive for the return-value checker. I haven't
actually annotated anything with it yet.
* Random bugfixes:
* * Fixed bug in trans::trans_binary that was throwing away the
cleanups for nested subexpressions of an and or or
(tests: box-inside-if and box-inside-if2).
** In typeck, unify the expected type arguments of a tag with the
actual specified arguments.
One step closer to removing fold and having a single, immutable AST.
Resolve still uses fold, because it has to detect and transform
expr_field expressions. If we go through on our plan of moving to a
different syntax for module dereferencing, the parser can spit out
expr_field expressions, and resolve can move to walk.
(I am truly sorry for the things I did in typestate_check.rs. I expect
we'll want to change that to walk as well in the near future, at which
point it should probably pass around a context record, which could
hold the def_map.)
This way, the tag assigned by the parser stays with the node.
I realize ann replacing is probably going away real soon, but
I needed this now for moving the resolve defs out of the AST.
* Cleans up the algorithm
* Move first pass to walk (second still folds)
* Support part of a type/value namespace split
(crate metadata and module indices still need to be taught about this)
* Remove a few blatant inefficiencies (import tables being recreated for
every lookup, most importantly)
