[Sema] Improve type-checking of the use and exposability of SPIs

xymus · xymus · commit 26c6a18345d4 · 2020-03-04T16:43:05.000-08:00
diff --git a/include/swift/AST/Attr.def b/include/swift/AST/Attr.def
@@ -541,8 +541,9 @@ DECL_ATTR(derivative, Derivative,
   97)
 
 DECL_ATTR(_spi, SPIAccessControl,
-  OnFunc | OnExtension | OnGenericType | OnVar | OnSubscript | OnConstructor |
-  OnImport | AllowMultipleAttributes | UserInaccessible |
+  OnAbstractFunction | OnExtension | OnGenericType | OnVar | OnSubscript |
+  OnImport | OnAccessor | OnEnumElement |
+  AllowMultipleAttributes | UserInaccessible |
   ABIStableToAdd | ABIStableToRemove | APIBreakingToAdd | APIStableToRemove,
   98)
 
diff --git a/include/swift/AST/DiagnosticsSema.def b/include/swift/AST/DiagnosticsSema.def
@@ -143,17 +143,17 @@ FIXIT(insert_type_qualification,"%0.",(Type))
 
 ERROR(candidate_inaccessible,none,
       "%0 is inaccessible due to "
-      "'%select{private|fileprivate|internal|SPI|SPI}1' protection level",
+      "'%select{private|fileprivate|internal|@_spi|@_spi}1' protection level",
       (DeclBaseName, AccessLevel))
 
 NOTE(note_candidate_inaccessible,none,
      "%0 is inaccessible due to "
-     "'%select{private|fileprivate|internal|%error|%error}1' protection level",
+     "'%select{private|fileprivate|internal|@_spi|@_spi}1' protection level",
      (DeclName, AccessLevel))
 
 ERROR(init_candidate_inaccessible,none,
       "%0 initializer is inaccessible due to "
-      "'%select{private|fileprivate|internal|SPI|SPI}1' protection level",
+      "'%select{private|fileprivate|internal|@_spi|@_spi}1' protection level",
       (Type, AccessLevel))
 
 ERROR(cannot_pass_rvalue_mutating_subelement,none,
@@ -1649,15 +1649,15 @@ ERROR(function_type_access,none,
       "|cannot be declared "
       "%select{in this context|fileprivate|internal|public|open}1}0 "
       "because its %select{parameter|result}5 uses "
-      "%select{a private|a fileprivate|an internal|%error|%error}3 type",
+      "%select{a private|a fileprivate|an internal|an '@_spi'|an '@_spi'}3 type",
       (bool, AccessLevel, bool, AccessLevel, unsigned, bool))
 ERROR(function_type_spi,none,
       "%select{function|method|initializer}0 "
       "cannot be declared '@_spi' "
       "because its %select{parameter|result}1 uses "
-      "%select{a private|a fileprivate|an internal|%error|%error}2 type "
-      "without a compatible '@_spi'",
-      (unsigned, bool, AccessLevel))
+      "%select{a private|a fileprivate|an internal|a public|an open}2 type"
+      "%select{| that is not '@_spi'}3",
+      (unsigned, bool, AccessLevel, bool))
 WARNING(function_type_access_warn,none,
         "%select{function|method|initializer}4 "
         "%select{should be declared %select{private|fileprivate|internal|%error|%error}1"
@@ -2295,14 +2295,14 @@ ERROR(generic_param_access,none,
       "|cannot be declared "
       "%select{in this context|fileprivate|internal|public|open}2}1 "
       "because its generic %select{parameter|requirement}5 uses "
-      "%select{a private|a fileprivate|an internal|%error|%error}3 type",
+      "%select{a private|a fileprivate|an internal|an '@_spi'|an '@_spi'}3 type",
       (DescriptiveDeclKind, bool, AccessLevel, AccessLevel, bool, bool))
 WARNING(generic_param_access_warn,none,
         "%0 %select{should be declared "
         "%select{private|fileprivate|internal|%error|%error}3"
         "|should not be declared %select{in this context|fileprivate|internal|public|open}2}1 "
         "because its generic %select{parameter|requirement}5 uses "
-        "%select{a private|a fileprivate|an internal|%error|%error}3 type",
+        "%select{a private|a fileprivate|an internal|an '@_spi'|an '@_spi'}3 type",
         (DescriptiveDeclKind, bool, AccessLevel, AccessLevel, bool, bool))
 ERROR(generic_param_usable_from_inline,none,
       "type referenced from a "
@@ -3873,17 +3873,17 @@ ERROR(class_super_access,none,
       "%select{private|fileprivate|internal|%error|%error}1|private or fileprivate}3"
       "|cannot be declared %select{in this context|fileprivate|internal|public|open}1}0 "
       "because its superclass "
-      "%select{is %select{private|fileprivate|internal|%error|%error}2"
-      "|uses %select{a private|a fileprivate|an internal|%error|%error}2 "
+      "%select{is %select{private|fileprivate|internal|'@_spi'|'@_spi'}2"
+      "|uses %select{a private|a fileprivate|an internal|an '@_spi'|an '@_spi'}2 "
       "type as a generic parameter}4",
       (bool, AccessLevel, AccessLevel, bool, bool))
 WARNING(class_super_access_warn,none,
       "class %select{should be declared "
       "%select{private|fileprivate|internal|%error|%error}1"
       "|should not be declared %select{in this context|fileprivate|internal|public|open}1}0 "
       "because its superclass "
-      "%select{is %select{private|fileprivate|internal|%error|%error}2"
-      "|uses %select{a private|a fileprivate|an internal|%error|%error}2 "
+      "%select{is %select{private|fileprivate|internal|'@_spi'|'@_spi'}2"
+      "|uses %select{a private|a fileprivate|an internal|an '@_spi'|an '@_spi'}2 "
       "type as a generic parameter}4",
       (bool, AccessLevel, AccessLevel, bool, bool))
 ERROR(class_super_not_usable_from_inline,none,
@@ -4594,20 +4594,15 @@ ERROR(local_type_in_inlinable_function,
       (DeclName, unsigned))
 
 ERROR(resilience_decl_unavailable,
-      none, DECL_OR_ACCESSOR "4 %1 is %select{private|fileprivate|internal|%error|%error}2 and "
+      none, DECL_OR_ACCESSOR "4 %1 is %select{private|fileprivate|internal|'@_spi'|'@_spi'}2 and "
       "cannot be referenced from " FRAGILE_FUNC_KIND "3",
       (DescriptiveDeclKind, DeclName, AccessLevel, unsigned, bool))
 
 WARNING(resilience_decl_unavailable_warn,
-        none, DECL_OR_ACCESSOR "4 %1 is %select{private|fileprivate|internal|%error|%error}2 and "
+        none, DECL_OR_ACCESSOR "4 %1 is %select{private|fileprivate|internal|'@_spi'|'@_spi'}2 and "
         "should not be referenced from " FRAGILE_FUNC_KIND "3",
         (DescriptiveDeclKind, DeclName, AccessLevel, unsigned, bool))
 
-ERROR(resilience_decl_unavailable_spi,
-      none, DECL_OR_ACCESSOR "4 %1 is imported as SPI; "
-      "it cannot be referenced from " FRAGILE_FUNC_KIND "3",
-      (DescriptiveDeclKind, DeclName, AccessLevel, unsigned, bool))
-
 ERROR(inlinable_decl_ref_from_hidden_module,
       none, "%0 %1 cannot be used in " FRAGILE_FUNC_KIND "2 "
       "because %select{%3 was imported implementation-only|"
diff --git a/lib/AST/Decl.cpp b/lib/AST/Decl.cpp
@@ -3189,8 +3189,7 @@ static AccessLevel getMaximallyOpenAccessFor(const ValueDecl *decl) {
 static AccessLevel getAdjustedFormalAccess(const ValueDecl *VD,
                                            AccessLevel access,
                                            const DeclContext *useDC,
-                                           bool treatUsableFromInlineAsPublic,
-                                           bool treatSPIAsPublic) {
+                                           bool treatUsableFromInlineAsPublic) {
   // If access control is disabled in the current context, adjust
   // access level of the current declaration to be as open as possible.
   if (useDC && VD->getASTContext().isAccessControlDisabled())
@@ -3209,9 +3208,6 @@ static AccessLevel getAdjustedFormalAccess(const ValueDecl *VD,
     if (!useSF) return access;
     if (useSF->hasTestableOrPrivateImport(access, VD))
       return getMaximallyOpenAccessFor(VD);
-  } else if (!treatSPIAsPublic && VD->isSPI()) {
-    // Restrict access to SPI decls.
-    return AccessLevel::Internal;
   }
 
   return access;
@@ -3221,18 +3217,15 @@ static AccessLevel getAdjustedFormalAccess(const ValueDecl *VD,
 /// adjust.
 static AccessLevel
 getAdjustedFormalAccess(const ValueDecl *VD, const DeclContext *useDC,
-                        bool treatUsableFromInlineAsPublic,
-                        bool treatSPIAsPublic) {
+                        bool treatUsableFromInlineAsPublic) {
   return getAdjustedFormalAccess(VD, VD->getFormalAccess(), useDC,
-                                 treatUsableFromInlineAsPublic,
-                                 treatSPIAsPublic);
+                                 treatUsableFromInlineAsPublic);
 }
 
 AccessLevel ValueDecl::getEffectiveAccess() const {
   auto effectiveAccess =
     getAdjustedFormalAccess(this, /*useDC=*/nullptr,
-                            /*treatUsableFromInlineAsPublic=*/true,
-                            /*treatSPIAsPublic=*/true);
+                            /*treatUsableFromInlineAsPublic=*/true);
 
   // Handle @testable/@_private(sourceFile:)
   switch (effectiveAccess) {
@@ -3299,8 +3292,7 @@ bool ValueDecl::hasOpenAccess(const DeclContext *useDC) const {
 
   AccessLevel access =
       getAdjustedFormalAccess(this, useDC,
-                              /*treatUsableFromInlineAsPublic*/false,
-                              /*treatSPIAsPublic=*/false);
+                              /*treatUsableFromInlineAsPublic*/false);
   return access == AccessLevel::Open;
 }
 
@@ -3316,8 +3308,7 @@ getAccessScopeForFormalAccess(const ValueDecl *VD,
                               const DeclContext *useDC,
                               bool treatUsableFromInlineAsPublic) {
   AccessLevel access = getAdjustedFormalAccess(VD, formalAccess, useDC,
-                                               treatUsableFromInlineAsPublic,
-                                               /*treatSPIAsPublic=*/false);
+                                               treatUsableFromInlineAsPublic);
   const DeclContext *resultDC = VD->getDeclContext();
 
   while (!resultDC->isModuleScopeContext()) {
@@ -3332,8 +3323,7 @@ getAccessScopeForFormalAccess(const ValueDecl *VD,
     if (auto enclosingNominal = dyn_cast<GenericTypeDecl>(resultDC)) {
       auto enclosingAccess =
           getAdjustedFormalAccess(enclosingNominal, useDC,
-                                  treatUsableFromInlineAsPublic,
-                                  /*treatSPIAsPublic=*/false);
+                                  treatUsableFromInlineAsPublic);
       access = std::min(access, enclosingAccess);
 
     } else if (auto enclosingExt = dyn_cast<ExtensionDecl>(resultDC)) {
@@ -3343,8 +3333,7 @@ getAccessScopeForFormalAccess(const ValueDecl *VD,
         if (nominal->getParentModule() == enclosingExt->getParentModule()) {
           auto nominalAccess =
               getAdjustedFormalAccess(nominal, useDC,
-                                      treatUsableFromInlineAsPublic,
-                                      /*treatSPIAsPublic=*/false);
+                                      treatUsableFromInlineAsPublic);
           access = std::min(access, nominalAccess);
         }
       }
@@ -3364,14 +3353,8 @@ getAccessScopeForFormalAccess(const ValueDecl *VD,
   case AccessLevel::Internal:
     return AccessScope(resultDC->getParentModule());
   case AccessLevel::Public:
-  case AccessLevel::Open: {
-    if (useDC) {
-      auto *useSF = dyn_cast<SourceFile>(useDC->getModuleScopeContext());
-      if (useSF && VD->isSPI() && !useSF->isImportedAsSPI(VD))
-        return AccessScope(VD->getModuleContext(), /*private*/false);
-    }
-    return AccessScope::getPublic();
-  }
+  case AccessLevel::Open:
+    return AccessScope::getPublic(VD->isSPI());
   }
 
   llvm_unreachable("unknown access level");
@@ -3400,8 +3383,14 @@ static bool checkAccessUsingAccessScopes(const DeclContext *useDC,
   AccessScope accessScope =
       getAccessScopeForFormalAccess(VD, access, useDC,
                                     /*treatUsableFromInlineAsPublic*/false);
-  return accessScope.getDeclContext() == useDC ||
-         AccessScope(useDC).isChildOf(accessScope);
+  if (accessScope.getDeclContext() == useDC) return true;
+  if (!AccessScope(useDC).isChildOf(accessScope)) return false;
+
+  // Check SPI access
+  if (!useDC || !VD->isSPI()) return true;
+  auto useSF = dyn_cast<SourceFile>(useDC->getModuleScopeContext());
+  return !useSF || useSF->isImportedAsSPI(VD) ||
+         VD->getDeclContext()->getParentModule() == useDC->getParentModule();
 }
 
 /// Checks if \p VD may be used from \p useDC, taking \@testable and \@_spi
@@ -3477,10 +3466,9 @@ static bool checkAccess(const DeclContext *useDC, const ValueDecl *VD,
   }
   case AccessLevel::Public:
   case AccessLevel::Open: {
-    if (useDC) {
+    if (useDC && VD->isSPI()) {
       auto *useSF = dyn_cast<SourceFile>(useDC->getModuleScopeContext());
-      if (useSF && VD->isSPI() && !useSF->isImportedAsSPI(VD))
-        return false;
+      return !useSF || useSF->isImportedAsSPI(VD);
     }
     return true;
   }
diff --git a/lib/Sema/ResilienceDiagnostics.cpp b/lib/Sema/ResilienceDiagnostics.cpp
@@ -127,9 +127,10 @@ bool TypeChecker::diagnoseInlinableDeclRefAccess(SourceLoc loc,
   if (D->getDeclContext()->isLocalContext())
     return false;
 
-  // Public declarations are OK.
+  // Public non-SPI declarations are OK.
   if (D->getFormalAccessScope(/*useDC=*/nullptr,
-                              TreatUsableFromInlineAsPublic).isPublic())
+                              TreatUsableFromInlineAsPublic).isPublic() &&
+      !D->isSPI())
     return false;
 
   auto &Context = DC->getASTContext();
@@ -184,11 +185,6 @@ bool TypeChecker::diagnoseInlinableDeclRefAccess(SourceLoc loc,
   if (downgradeToWarning == DowngradeToWarning::Yes)
     diagID = diag::resilience_decl_unavailable_warn;
 
-  // If SPI, don't mention the access level.
-  const SourceFile *SF = DC->getParentSourceFile();
-  if (SF && SF->isImportedAsSPI(D))
-    diagID = diag::resilience_decl_unavailable_spi;
-
   Context.Diags.diagnose(
            loc, diagID,
            D->getDescriptiveKind(), diagName,
diff --git a/lib/Sema/TypeCheckAccess.cpp b/lib/Sema/TypeCheckAccess.cpp
@@ -204,9 +204,6 @@ void AccessControlCheckerBase::checkTypeAccessImpl(
     const DeclContext *useDC, bool mayBeInferred, FromSPI fromSPI,
     llvm::function_ref<CheckTypeAccessCallback> diagnose) {
 
-  if (fromSPI == FromSPI::Yes)
-    contextAccessScope = AccessScope::getPublic();
-
   auto &Context = useDC->getASTContext();
   if (Context.isAccessControlDisabled())
     return;
@@ -250,7 +247,13 @@ void AccessControlCheckerBase::checkTypeAccessImpl(
         contextAccessScope.isChildOf(*typeReprAccessScope)) {
       // Only if both the Type and the TypeRepr follow the access rules can
       // we exit; otherwise we have to emit a diagnostic.
-      return;
+
+      if (typeReprAccessScope->isPublic() != contextAccessScope.isPublic() ||
+          !typeReprAccessScope->isSPI() ||
+          contextAccessScope.isSPI()) {
+        // And we exit only if there is no SPI violation.
+        return;
+      }
     }
     problematicAccessScope = *typeReprAccessScope;
 
@@ -282,15 +285,6 @@ void AccessControlCheckerBase::checkTypeAccessImpl(
   const TypeRepr *complainRepr = TypeAccessScopeDiagnoser::findTypeWithScope(
       typeRepr, problematicAccessScope, useDC, checkUsableFromInline);
 
-  if (fromSPI == FromSPI::Yes) {
-    // If in SPI mode, don't report SPI use from within the same module.
-    if (auto CITR = dyn_cast<ComponentIdentTypeRepr>(complainRepr)) {
-      const ValueDecl *VD = CITR->getBoundDecl();
-      if (useDC->getParentModule() == VD->getModuleContext() && VD->isSPI())
-        return;
-    }
-  }
-
   diagnose(problematicAccessScope, complainRepr, downgradeToWarning);
 }
 
@@ -368,7 +362,8 @@ void AccessControlCheckerBase::checkGenericParamAccess(
         (thisDowngrade == DowngradeToWarning::No &&
          downgradeToWarning == DowngradeToWarning::Yes) ||
         (!complainRepr &&
-         typeAccessScope.hasEqualDeclContextWith(minAccessScope))) {
+         typeAccessScope.hasEqualDeclContextWith(minAccessScope)) ||
+         typeAccessScope.isSPI()) {
       minAccessScope = typeAccessScope;
       complainRepr = thisComplainRepr;
       accessControlErrorKind = callbackACEK;
@@ -397,7 +392,7 @@ void AccessControlCheckerBase::checkGenericParamAccess(
                            const_cast<GenericContext *>(ownerCtx)),
                          accessScope, DC, callback);
 
-  if (minAccessScope.isPublic())
+  if (minAccessScope.isPublic() && !minAccessScope.isSPI())
     return;
 
   // FIXME: Promote these to an error in the next -swift-version break.
@@ -980,7 +975,7 @@ class AccessControlChecker : public AccessControlCheckerBase,
       });
     }
 
-    if (!minAccessScope.isPublic()) {
+    if (!minAccessScope.isPublic() || minAccessScope.isSPI()) {
       auto minAccess = minAccessScope.accessLevelForDiagnostics();
       auto functionKind = isa<ConstructorDecl>(fn)
         ? FK_Initializer
@@ -995,14 +990,11 @@ class AccessControlChecker : public AccessControlCheckerBase,
       // Report as an SPI problem if the type is at least as public as the decl.
       AccessScope contextAccessScope =
         fn->getFormalAccessScope(fn->getDeclContext(), checkUsableFromInline);
-      auto restrictedBySPI = !minAccessScope.isChildOf(contextAccessScope);
-      assert((!restrictedBySPI ||
-              fn->getAttrs().hasAttribute<SPIAccessControlAttr>()) &&
-             "There should be SPI attributes on this decl");
 
-      if (restrictedBySPI) {
+      if (contextAccessScope.isSPI()) {
         auto diag = fn->diagnose(diag::function_type_spi, functionKind,
-                                 problemIsResult, minAccess);
+                                 problemIsResult, minAccess,
+                                 minAccess >= AccessLevel::Public);
         highlightOffendingType(diag, complainRepr);
       } else {
         auto diagID = diag::function_type_access;
@@ -1709,7 +1701,7 @@ class ExportabilityChecker : public DeclVisitor<ExportabilityChecker> {
     AccessScope accessScope =
         VD->getFormalAccessScope(nullptr,
                                  /*treatUsableFromInlineAsPublic*/true);
-    if (accessScope.isPublic())
+    if (accessScope.isPublic() && !accessScope.isSPI())
       return false;
 
     // Is this a stored property in a non-resilient struct or class?
