Prevent leaking FreshCaps created for parameters

Author: odersky

compiler/src/dotty/tools/dotc/cc/Capability.scala

@@ -843,6 +843,7 @@ object Capabilities:
     case LambdaActual(restp: Type)
     case OverriddenType(member: Symbol)
     case DeepCS(ref: TypeRef)
+    case Parameter(param: Symbol)
     case Unknown
 
     def explanation(using Context): String = this match
@@ -876,6 +877,8 @@ object Capabilities:
         i" when instantiating upper bound of member overridden by $member"
       case DeepCS(ref: TypeRef) =>
         i" when computing deep capture set of $ref"
+      case Parameter(param) =>
+        i" of parameter $param of ${param.owner}"
       case Unknown =>
         ""
   end Origin
@@ -942,8 +945,8 @@ object Capabilities:
       CapToFresh(origin)(tp)
 
   /** Maps fresh to cap */
-  def freshToCap(tp: Type)(using Context): Type =
-    CapToFresh(Origin.Unknown).inverse(tp)
+  def freshToCap(param: Symbol, tp: Type)(using Context): Type =
+    CapToFresh(Origin.Parameter(param)).inverse(tp)
 
   /** Map top-level free existential variables one-to-one to Fresh instances */
   def resultToFresh(tp: Type, origin: Origin)(using Context): Type =

compiler/src/dotty/tools/dotc/cc/CaptureSet.scala

@@ -720,7 +720,7 @@ object CaptureSet:
     private def narrowClassifier(cls: ClassSymbol)(using Context): Unit =
       val newClassifier = leastClassifier(classifier, cls)
       if newClassifier == defn.NothingClass then
-        println(i"conflicting classifications for $this, was $classifier, now $cls")
+        capt.println(i"conflicting classifications for $this, was $classifier, now $cls")
       myClassifier = newClassifier
 
     override def adoptClassifier(cls: ClassSymbol)(using Context): Unit =

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -181,6 +181,9 @@ object CheckCaptures:
     check.traverse(tp)
   end disallowBadRootsIn
 
+  private def ownerStr(owner: Symbol)(using Context): String =
+    if owner.isAnonymousFunction then "enclosing function" else owner.show
+
   trait CheckerAPI:
     /** Complete symbol info of a val or a def */
     def completeDef(tree: ValOrDefDef, sym: Symbol, completer: LazyType)(using Context): Type
@@ -920,7 +923,7 @@ class CheckCaptures extends Recheck, SymTransformer:
             assert(params.hasSameLengthAs(argTypes), i"$mdef vs $pt, ${params}")
             for (argType, param) <- argTypes.lazyZip(params) do
               val paramTpt = param.asInstanceOf[ValDef].tpt
-              val paramType = freshToCap(paramTpt.nuType)
+              val paramType = freshToCap(param.symbol, paramTpt.nuType)
               checkConformsExpr(argType, paramType, param)
                 .showing(i"compared expected closure formal $argType against $param with ${paramTpt.nuType}", capt)
             if !pt.isInstanceOf[RefinedType]
@@ -1993,7 +1996,13 @@ class CheckCaptures extends Recheck, SymTransformer:
               case c: DerivedCapability =>
                 checkElem(c.underlying)
               case c: FreshCap =>
-                check(c.hiddenSet)
+                c.origin match
+                  case Origin.Parameter(param) =>
+                    report.error(
+                      em"Local $c created in type of $param leaks into capture scope of ${ownerStr(param.owner)}",
+                      tree.srcPos)
+                  case _ =>
+                    check(c.hiddenSet)
               case _ =>
 
         check(uses)

compiler/src/dotty/tools/dotc/cc/Setup.scala

@@ -636,17 +636,18 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
         def ownerChanges =
           ctx.owner.name.is(TryOwnerName)
 
-        def paramsToCap(mt: Type)(using Context): Type = mt match
+        def paramsToCap(psymss: List[List[Symbol]], mt: Type)(using Context): Type = mt match
           case mt: MethodType =>
             try
               mt.derivedLambdaType(
-                paramInfos = mt.paramInfos.map(freshToCap),
-                resType = paramsToCap(mt.resType))
+                paramInfos =
+                  psymss.head.lazyZip(mt.paramInfos).map(freshToCap),
+                resType = paramsToCap(psymss.tail, mt.resType))
             catch case ex: AssertionError =>
               println(i"error while mapping params ${mt.paramInfos} of $sym")
               throw ex
           case mt: PolyType =>
-            mt.derivedLambdaType(resType = paramsToCap(mt.resType))
+            mt.derivedLambdaType(resType = paramsToCap(psymss.tail, mt.resType))
           case _ => mt
 
         // If there's a change in the signature or owner, update the info of `sym`
@@ -658,7 +659,7 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
                 toResultInResults(sym, report.error(_, tree.srcPos)):
                   if sym.is(Method) then
                     inContext(ctx.withOwner(sym)):
-                      paramsToCap(methodType(paramSymss, localReturnType))
+                      paramsToCap(paramSymss, methodType(paramSymss, localReturnType))
                   else tree.tpt.nuType
               if tree.tpt.isInstanceOf[InferredTypeTree]
                   && !sym.is(Param) && !sym.is(ParamAccessor)

tests/neg-custom-args/captures/leak-problem-unboxed.scala

@@ -1,5 +1,4 @@
 import language.experimental.captureChecking
-import caps.use
 
 // Some capabilities that should be used locally
 trait Async:
@@ -19,16 +18,23 @@ def useBoxedAsync1[C^](x: Box[Async^{C}]): Unit = x.get.read() // ok
 def test(): Unit =
 
   val f: Box[Async^] => Unit = (x: Box[Async^]) => useBoxedAsync(x) // error
-  val t0: Box[Async^] => Unit = x => useBoxedAsync(x) // TODO hould be error!
+  val f0: Box[Async^] => Unit = x => useBoxedAsync(x) // // error
 
-  val t1: Box[Async^] => Unit = useBoxedAsync(_) // TODO should be error!
-  val t2: Box[Async^] => Unit = useBoxedAsync // TODO should be error!
-  val t3 = useBoxedAsync(_) // was error, now ok
-  val t4 = useBoxedAsync // was error, now ok
+  val f1: Box[Async^] => Unit = useBoxedAsync(_) // error
+  val f2: Box[Async^] => Unit = useBoxedAsync // error
+  val f3 = useBoxedAsync(_) // was error, now ok, but bang below fails
+  val f4 = useBoxedAsync // was error, now ok, but bang2 below fails
 
   def boom(x: Async^): () ->{f} Unit =
     () => f(Box(x))
 
   val leaked = usingAsync[() ->{f} Unit](boom)
 
-  leaked()  // scope violation
+  leaked()  // was scope violation
+
+  def bang(x: Async^) =
+    () => f3(Box(x)) // error
+
+  def bang2(x: Async^) =
+    () => f3(Box(x)) // error
+