[TypeCheckAttr] Implement access control checking for the typeEraser

hborla · hborla · commit 3d18c076405c · 2020-02-20T10:57:10.000-08:00
attribute.
diff --git a/include/swift/AST/DiagnosticsSema.def b/include/swift/AST/DiagnosticsSema.def
@@ -4423,13 +4423,23 @@ ERROR(type_eraser_does_not_conform,none,
 ERROR(type_eraser_missing_init,none,
       "type eraser %0 must have an initializer of the form "
       "'init<T: %1>(erasing: T)'", (Type, Type))
+ERROR(type_eraser_not_accessible,none,
+      "%select{private|fileprivate|internal|public|open}0 type eraser %1 "
+      "cannot have more restrictive access than protocol %2 "
+      "(which is %select{private|fileprivate|internal|public|open}3)",
+      (AccessLevel, Identifier, Type, AccessLevel))
 
 NOTE(type_eraser_declared_here,none,
      "type eraser declared here",())
 NOTE(type_eraser_failable_init,none,
      "'init(erasing:)' cannot be failable",())
 NOTE(type_eraser_init_unsatisfied_requirements,none,
      "'init(erasing:)' has unsatisfied requirements",())
+NOTE(type_eraser_init_not_accessible,none,
+     "%select{private|fileprivate|internal|public|open}0 'init(erasing:)' "
+     "cannot have more restrictive access than protocol %1 "
+     "(which is %select{private|fileprivate|internal|public|open}2)",
+     (AccessLevel, Type, AccessLevel))
 
 //------------------------------------------------------------------------------
 // MARK: @available
diff --git a/lib/Sema/TypeCheckAttr.cpp b/lib/Sema/TypeCheckAttr.cpp
@@ -2398,14 +2398,23 @@ TypeEraserHasViableInitRequest::evaluate(Evaluator &evaluator,
   if (typeEraser->hasError())
     return false;
 
-  // 1. The type eraser must be a concrete nominal type
+  // The type eraser must be a concrete nominal type
   auto nominalTypeDecl = typeEraser->getAnyNominal();
   if (!nominalTypeDecl || isa<ProtocolDecl>(nominalTypeDecl)) {
     diags.diagnose(typeEraserLoc.getLoc(), diag::non_nominal_type_eraser);
     return false;
   }
 
-  // 2. The type eraser must conform to the annotated protocol
+  // The nominal type must be accessible wherever the protocol is accessible
+  if (nominalTypeDecl->getFormalAccess() < protocol->getFormalAccess()) {
+    diags.diagnose(typeEraserLoc.getLoc(), diag::type_eraser_not_accessible,
+                   nominalTypeDecl->getFormalAccess(), nominalTypeDecl->getName(),
+                   protocolType, protocol->getFormalAccess());
+    diags.diagnose(nominalTypeDecl->getLoc(), diag::type_eraser_declared_here);
+    return false;
+  }
+
+  // The type eraser must conform to the annotated protocol
   SmallVector<ProtocolConformance *, 2> conformances;
   if (!nominalTypeDecl->lookupConformance(dc->getParentModule(), protocol,
                                           conformances)) {
@@ -2415,14 +2424,15 @@ TypeEraserHasViableInitRequest::evaluate(Evaluator &evaluator,
     return false;
   }
 
-  // 3. The type eraser must have an init of the form init<T: Protocol>(erasing: T)
+  // The type eraser must have an init of the form init<T: Protocol>(erasing: T)
   auto lookupResult = TypeChecker::lookupMember(dc, typeEraser,
                                                 DeclNameRef::createConstructor());
 
   // Keep track of unviable init candidates for diagnostics
   enum class UnviableReason {
     Failable,
     UnsatisfiedRequirements,
+    Inaccessible,
   };
   SmallVector<std::pair<ConstructorDecl *, UnviableReason>, 2> unviable;
 
@@ -2481,6 +2491,11 @@ TypeEraserHasViableInitRequest::evaluate(Evaluator &evaluator,
       return false;
     }
 
+    if (init->getFormalAccess() < protocol->getFormalAccess()) {
+      unviable.push_back({init, UnviableReason::Inaccessible});
+      return false;
+    }
+
     return true;
   });
 
@@ -2503,6 +2518,11 @@ TypeEraserHasViableInitRequest::evaluate(Evaluator &evaluator,
         diags.diagnose(init->getLoc(),
                        diag::type_eraser_init_unsatisfied_requirements);
         break;
+      case UnviableReason::Inaccessible:
+        diags.diagnose(init->getLoc(), diag::type_eraser_init_not_accessible,
+                       init->getFormalAccess(), protocolType,
+                       protocol->getFormalAccess());
+        break;
       }
     }
     return false;
diff --git a/test/attr/typeEraser.swift b/test/attr/typeEraser.swift
@@ -100,3 +100,17 @@ class UnsatisfiedReq: D7 {
 }
 @_typeEraser(UnsatisfiedReq) // expected-error {{type eraser 'UnsatisfiedReq' must have an initializer of the form 'init<T: 'D7'>(erasing: T)'}}
 protocol D7 {}
+
+// MARK: - Type eraser and initializer cannot be more restrictive than the annotated protocol
+
+class MoreRestrictive: E1 { // expected-note {{type eraser declared here}}
+  init<T: E1>(erasing t: T) {}
+}
+@_typeEraser(MoreRestrictive) // expected-error {{internal type eraser 'MoreRestrictive' cannot have more restrictive access than protocol 'E1' (which is public)}}
+public protocol E1 {}
+
+public class MoreRestrictiveInit: E2 {
+  init<T: E2>(erasing t: T) {} // expected-note {{internal 'init(erasing:)' cannot have more restrictive access than protocol 'E2' (which is public)}}
+}
+@_typeEraser(MoreRestrictiveInit) // expected-error {{type eraser 'MoreRestrictiveInit' must have an initializer of the form 'init<T: 'E2'>(erasing: T)'}}
+public protocol E2 {}
