Let FreshCaps in field types contribute to class captures

A fresh in the capture set of a class field now causes a fresh
to be added to the capture set of every instance of that class.

Author: odersky

compiler/src/dotty/tools/dotc/cc/Capability.scala

@@ -896,18 +896,26 @@ object Capabilities:
     else if cls2.isSubClass(cls1) then cls2
     else defn.NothingClass
 
-  def joinClassifiers(cs1: Classifiers, cs2: Classifiers)(using Context): Classifiers =
+  /** The smallest list D of class symbols in cs1 and cs2 such that
+   *  every class symbol in cs1 and cs2 is a subclass of a class symbol in D
+   */
+  def dominators(cs1: List[ClassSymbol], cs2: List[ClassSymbol])(using Context): List[ClassSymbol] =
     // Drop classes that subclass classes of the other set
     // @param proper  If true, only drop proper subclasses of a class of the other set
     def filterSub(cs1: List[ClassSymbol], cs2: List[ClassSymbol], proper: Boolean) =
       cs1.filter: cls1 =>
         !cs2.exists: cls2 =>
           cls1.isSubClass(cls2) && (!proper || cls1 != cls2)
+    filterSub(cs1, cs2, proper = true) ++ filterSub(cs2, cs1, proper = false)
+
+  def joinClassifiers(cs1: Classifiers, cs2: Classifiers)(using Context): Classifiers =
     (cs1, cs2) match
-      case (Unclassified, _) | (_, Unclassified) => Unclassified
-      case (UnknownClassifier, _) | (_, UnknownClassifier) => UnknownClassifier
+      case (Unclassified, _) | (_, Unclassified) =>
+        Unclassified
+      case (UnknownClassifier, _) | (_, UnknownClassifier) =>
+        UnknownClassifier
       case (ClassifiedAs(cs1), ClassifiedAs(cs2)) =>
-        ClassifiedAs(filterSub(cs1, cs2, proper = true) ++ filterSub(cs2, cs1, proper = false))
+        ClassifiedAs(dominators(cs1, cs2))
 
   /** The place of - and cause for - creating a fresh capability. Used for
    *  error diagnostics
@@ -920,7 +928,7 @@ object Capabilities:
     case ResultInstance(methType: Type, meth: Symbol)
     case UnapplyInstance(info: MethodType)
     case LocalInstance(restpe: Type)
-    case NewMutable(tp: Type)
+    case NewInstance(tp: Type)
     case NewCapability(tp: Type)
     case LambdaExpected(respt: Type)
     case LambdaActual(restp: Type)
@@ -950,6 +958,8 @@ object Capabilities:
         i" when instantiating argument of unapply with type $info"
       case LocalInstance(restpe) =>
         i" when instantiating expected result type $restpe of function literal"
+      case NewInstance(tp) =>
+        i" when constructing instance $tp"
       case NewCapability(tp) =>
         val kind = if tp.derivesFromMutable then "mutable" else "Capability instance"
         i" when constructing $kind $tp"

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -17,6 +17,7 @@ import typer.Checking.{checkBounds, checkAppliedTypesIn}
 import typer.ErrorReporting.{Addenda, NothingToAdd, err}
 import typer.ProtoTypes.{LhsProto, WildcardSelectionProto, SelectionProto}
 import util.{SimpleIdentitySet, EqHashMap, EqHashSet, SrcPos, Property}
+import util.chaining.tap
 import transform.{Recheck, PreRecheck, CapturedVars}
 import Recheck.*
 import scala.collection.mutable
@@ -247,6 +248,11 @@ class CheckCaptures extends Recheck, SymTransformer:
 
   val ccState1 = new CCState // Dotty problem: Rename to ccState ==> Crash in ExplicitOuter
 
+  /** A cache that stores for each class the classifiers of all fresh instances
+   *  in the types of its fields.
+   */
+  val knownFresh = new util.EqHashMap[Symbol, List[ClassSymbol]]
+
   class CaptureChecker(ictx: Context) extends Rechecker(ictx), CheckerAPI:
 
     // println(i"checking ${ictx.source}"(using ictx))
@@ -620,9 +626,7 @@ class CheckCaptures extends Recheck, SymTransformer:
           fn.tpe.widenDealias match
             case tl: TypeLambda => tl.paramNames
             case ref: AppliedType if ref.typeSymbol.isClass => ref.typeSymbol.typeParams.map(_.name)
-            case t =>
-              println(i"parent type: $t")
-              args.map(_ => EmptyTypeName)
+            case t => args.map(_ => EmptyTypeName)
 
         for case (arg: TypeTree, pname) <- args.lazyZip(paramNames) do
           def where = if sym.exists then i" in an argument of $sym" else ""
@@ -870,7 +874,7 @@ class CheckCaptures extends Recheck, SymTransformer:
         var allCaptures: CaptureSet =
           if core.derivesFromCapability
           then initCs ++ FreshCap(Origin.NewCapability(core)).singletonCaptureSet
-          else initCs
+          else initCs ++ impliedByFields(core)
         for (getterName, argType) <- mt.paramNames.lazyZip(argTypes) do
           val getter = cls.info.member(getterName).suchThat(_.isRefiningParamAccessor).symbol
           if !getter.is(Private) && getter.hasTrackedParts then
@@ -894,20 +898,53 @@ class CheckCaptures extends Recheck, SymTransformer:
           val (refined, cs) = addParamArgRefinements(core, initCs)
           refined.capturing(cs)
 
-      /*
-      def impliedFresh: CaptureSet =
-        cls.info.fields.foldLeft(CaptureSet.empty: CaptureSet): (cs, field) =>
-          if !cs.isAlwaysEmpty || field.symbol.is(ParamAccessor) then
-            cs
-          else
-            val fieldFreshCaps = field.info.spanCaptureSet.elems.filter(_.isTerminalCapability)
-            if fieldFreshCaps.isEmpty then cs
-            else
-              val classFresh = FreshCap(ctx.owner, NoPrefix, )
-              if fieldFreshCaps.forall(_.isReadOnly)
-              then cs + classFresh.readOnly
-              else cs + classFresh
-      */
+      /** The additional capture set implied by the capture sets of its fields. This
+       *  is either empty or, if some fields have a terminal capability in their span
+       *  capture sets, it consists of a single fresh cap that subsumes all these terminal
+       *  capabiltities. Class parameters are not counted.
+       */
+      def impliedByFields(core: Type): CaptureSet =
+        var infos: List[String] = Nil
+        def pushInfo(msg: => String) =
+          if ctx.settings.YccVerbose.value then infos = msg :: infos
+
+        /** The classifiers of the fresh caps in the span capture sets of all fields
+         *  in the given class `cls`.
+         */
+        def impliedClassifiers(cls: Symbol): List[ClassSymbol] = cls match
+          case cls: ClassSymbol =>
+            val fieldClassifiers =
+              for
+                sym <- cls.info.decls.toList
+                if sym.isField && !sym.isOneOf(DeferredOrTermParamOrAccessor)
+                    && !sym.hasAnnotation(defn.UntrackedCapturesAnnot)
+                case fresh: FreshCap <- sym.info.spanCaptureSet.elems
+                  .filter(_.isTerminalCapability)
+                  .map(_.stripReadOnly)
+                  .toList
+                _ = pushInfo(i"Note: ${sym.showLocated} captures a $fresh")
+              yield fresh.hiddenSet.classifier
+            val parentClassifiers =
+              cls.parentSyms.map(impliedClassifiers).filter(_.nonEmpty)
+            if fieldClassifiers.isEmpty && parentClassifiers.isEmpty
+            then Nil
+            else parentClassifiers.foldLeft(fieldClassifiers.distinct)(dominators)
+          case _ => Nil
+
+        def fresh =
+          FreshCap(Origin.NewInstance(core)).tap: fresh =>
+            if ctx.settings.YccVerbose.value then
+              pushInfo(i"Note: instance of $cls captures a $fresh that comes from a field")
+              report.echo(infos.mkString("\n"), ctx.owner.srcPos)
+
+        knownFresh.getOrElseUpdate(cls, impliedClassifiers(cls)) match
+          case Nil => CaptureSet.empty
+          case cl :: Nil =>
+            val result = fresh
+            result.hiddenSet.adoptClassifier(cl)
+            result.singletonCaptureSet
+          case _ => fresh.singletonCaptureSet
+      end impliedByFields
 
       augmentConstructorType(resType, capturedVars(cls))
         .showing(i"constr type $mt with $argTypes%, % in $constr = $result", capt)

library/src/scala/caps/package.scala

@@ -173,10 +173,23 @@ end internal
 
 @experimental
 object unsafe:
-  /**
-   * Marks the constructor parameter as untracked.
-   * The capture set of this parameter will not be included in
-   * the capture set of the constructed object.
+  /** Two usages:
+   *
+   *   1. Marks the constructor parameter as untracked.
+   *      The capture set of this parameter will not be included in
+   *      the capture set of the constructed object.
+   *
+   *   2. Marks a class field that has a cap in its capture set, so that
+   *      the cap is not contributed to the class instance.
+   *      Exampple:
+   *
+   *          class A { val b B^ = ... }; new A()
+   *
+   *      has type A^ since b contributes a cap. But
+   *
+   *          class A { @untrackedCaptures val b: B^ = ... }; new A()
+   *
+   *      has type A. The `b` field does not contribute its cap.
    *
    * @note This should go into annotations. For now it is here, so that we
    *  can experiment with it quickly between minor releases

library/src/scala/collection/Iterator.scala

@@ -18,6 +18,7 @@ import scala.collection.mutable.{ArrayBuffer, ArrayBuilder, Builder, ImmutableBu
 import scala.annotation.tailrec
 import scala.annotation.unchecked.uncheckedVariance
 import scala.runtime.Statics
+import caps.unsafe.untrackedCaptures
 
 /** Iterators are data structures that allow to iterate over a sequence
   * of elements. They have a `hasNext` method for checking
@@ -917,7 +918,12 @@ trait Iterator[+A] extends IterableOnce[A] with IterableOnceOps[A, Iterator, Ite
     */
   def patch[B >: A](from: Int, patchElems: Iterator[B]^, replaced: Int): Iterator[B]^{this, patchElems} =
     new AbstractIterator[B] {
-      private[this] var origElems: Iterator[B]^ = self
+      // TODO We should be able to prove that origElems is safe even though it is
+      // declared as Iterator[B]^. We could show that origElems is never assigned a
+      // freh cap. Maybe we can invent another annotation that is checked and that
+      // shows that the `^` is just used as an upper bound for concete non-fresh
+      // capabilities.
+      @untrackedCaptures private[this] var origElems: Iterator[B]^ = self
       // > 0  => that many more elems from `origElems` before switching to `patchElems`
       //   0  => need to drop elems from `origElems` and start using `patchElems`
       //  -1  => have dropped elems from `origElems`, will be using `patchElems` until it's empty

library/src/scala/collection/generic/IsIterable.scala

@@ -15,6 +15,7 @@ package generic
 
 import scala.language.`2.13`
 import language.experimental.captureChecking
+import caps.unsafe.untrackedCaptures
 
 /** A trait which can be used to avoid code duplication when defining extension
  *  methods that should be applicable both to existing Scala collections (i.e.,
@@ -123,6 +124,7 @@ transparent trait IsIterable[Repr] extends IsIterableOnce[Repr] {
   type C
 
   @deprecated("'conversion' is now a method named 'apply'", "2.13.0")
+  @untrackedCaptures
   override val conversion: Repr => IterableOps[A, Iterable, C] = apply(_)
 
   /** A conversion from the type `Repr` to `IterableOps[A, Iterable, C]` */

library/src/scala/collection/generic/IsIterableOnce.scala

@@ -16,6 +16,7 @@ package generic
 
 import scala.language.`2.13`
 import language.experimental.captureChecking
+import caps.unsafe.untrackedCaptures
 
 /** Type class witnessing that a collection representation type `Repr` has
  *  elements of type `A` and has a conversion to `IterableOnce[A]`.
@@ -46,6 +47,7 @@ transparent trait IsIterableOnce[Repr] {
   type A
 
   @deprecated("'conversion' is now a method named 'apply'", "2.13.0")
+  @untrackedCaptures
   val conversion: Repr => IterableOnce[A] = apply(_)
 
   /** A conversion from the representation type `Repr` to a `IterableOnce[A]`. */

library/src/scala/collection/generic/IsSeq.scala

@@ -15,6 +15,7 @@ package generic
 
 import scala.language.`2.13`
 import language.experimental.captureChecking
+import caps.unsafe.untrackedCaptures
 
 import scala.reflect.ClassTag
 
@@ -31,6 +32,7 @@ import scala.reflect.ClassTag
 transparent trait IsSeq[Repr] extends IsIterable[Repr] {
 
   @deprecated("'conversion' is now a method named 'apply'", "2.13.0")
+  @untrackedCaptures
   override val conversion: Repr => SeqOps[A, Iterable, C] = apply(_)
 
   /** A conversion from the type `Repr` to `SeqOps[A, Iterable, C]`

library/src/scala/collection/immutable/LazyListIterable.scala

@@ -25,6 +25,7 @@ import scala.collection.generic.SerializeEnd
 import scala.collection.mutable.{Builder, ReusableBuilder, StringBuilder}
 import scala.language.implicitConversions
 import scala.runtime.Statics
+import caps.unsafe.untrackedCaptures
 
 /**  This class implements an immutable linked list. We call it "lazy"
   *  because it computes its elements only when they are needed.
@@ -1374,7 +1375,7 @@ object LazyListIterable extends IterableFactory[LazyListIterable] {
 
   private final class WithFilter[A] private[LazyListIterable](lazyList: LazyListIterable[A]^, p: A => Boolean)
     extends collection.WithFilter[A, LazyListIterable] {
-    private[this] val filtered = lazyList.filter(p)
+    @untrackedCaptures private[this] val filtered = lazyList.filter(p)
     def map[B](f: A => B): LazyListIterable[B]^{this, f} = filtered.map(f)
     def flatMap[B](f: A => IterableOnce[B]^): LazyListIterable[B]^{this, f} = filtered.flatMap(f)
     def foreach[U](f: A => U): Unit = filtered.foreach(f)

tests/neg-custom-args/captures/cc-this.check

@@ -18,4 +18,4 @@
 -- Error: tests/neg-custom-args/captures/cc-this.scala:33:8 ------------------------------------------------------------
 33 |  def c3 = c2.y // error
    |        ^
-   |      Separation failure: method c3's inferred result type C{val x: () => Int}^{cc} hides non-local parameter cc
+   |        Separation failure: method c3's inferred result type C{val x: () => Int}^ hides non-local parameter cc

tests/neg-custom-args/captures/fresh-fields.check

@@ -0,0 +1,60 @@
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/fresh-fields.scala:25:13 ---------------------------------
+25 |  val _: B = b // error
+   |             ^
+   |             Found:    (b : B^)
+   |             Required: B
+   |
+   |             Note that capability cap is not included in capture set {}.
+   |
+   |             where:    ^   refers to a fresh root capability in the type of value b
+   |                       cap is a fresh root capability in the type of value b
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/fresh-fields.scala:27:13 ---------------------------------
+27 |  val _: C = c // error
+   |             ^
+   |             Found:    (c : C^)
+   |             Required: C
+   |
+   |             Note that capability cap is not included in capture set {}.
+   |
+   |             where:    ^   refers to a fresh root capability in the type of value c
+   |                       cap is a fresh root capability in the type of value c
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/fresh-fields.scala:29:13 ---------------------------------
+29 |  val _: D = d // error
+   |             ^
+   |             Found:    (d : D^)
+   |             Required: D
+   |
+   |             Note that capability cap is not included in capture set {}.
+   |
+   |             where:    ^   refers to a fresh root capability in the type of value d
+   |                       cap is a fresh root capability in the type of value d
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/fresh-fields.scala:31:13 ---------------------------------
+31 |  val _: E = e // error
+   |             ^
+   |           Found:    (e : E^)
+   |           Required: E
+   |
+   |           Note that capability cap is not included in capture set {}.
+   |
+   |           where:    ^   refers to a fresh root capability classified as SharedCapability in the type of value e
+   |                     cap is a fresh root capability classified as SharedCapability in the type of value e
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/fresh-fields.scala:33:13 ---------------------------------
+33 |  val _: F = f // error
+   |             ^
+   |             Found:    (f : F^)
+   |             Required: F
+   |
+   |             Note that capability cap is not included in capture set {}.
+   |
+   |             where:    ^   refers to a fresh root capability in the type of value f
+   |                       cap is a fresh root capability in the type of value f
+   |
+   | longer explanation available when compiling with `-explain`