[AST] Decl::is*AccessibleFrom methods should respect access control…
#21783
Conversation
|
@jrose-apple It crashes because there are asserts in diagnostics which validate results of lookup. Also checking flag in |
|
|
|
Arguably that would make things even worse because there are N callees and M possible invariants to check, done by callees (assuming that callees are even aware what they are, in this particular case it wasn't the case) makes it N * M checks required (both I think it's perfectly reasonable for |
|
If we do decide to go with this approach, it might make some of the existing places that test the |
|
@slavapestov Indeed, there are a bunch of places where it's possible to remove that check which makes it a lot more consistent, because most methods in |
|
I'm preparing the patch, just need to run tests locally. |
|
@slavapestov I've moved |
|
@swift-ci please test |
|
Build failed |
|
Build failed |
|
@swift-ci please test Linux platform |
|
Not all access checking goes through these entry points, and by doing this there's still a bunch of extra work being done to check accesses even though the result of the check is going to be ignored. The existing principle is "AST just performs the query you ask it, Sema decides what it means". |
|
By
It seems to me that this principle is not strictly followed, because when I was refactoring use of |
Where are you seeing this? The only ones I see are in NameLookup.cpp and ModuleNameLookup.cpp, which, admittedly, violate my library-based rule, but which are higher-level concepts than the accessors on Decl. |
|
The ones in lookup, in TypeCheckProtocol.cpp, TypeCheckAccess.cpp and in couple in |
|
Those are in Sema. |
|
The most interesting use is in |
|
I have moved Since multiple methods in type-checker already use this approach and I elaborated on why I think it's better than asking callees to validate that invariant, I'm going to go ahead and merge this PR soon if there are no other significant reasons not to do this. |
|
Sorry, why is this better? Please do not merge this when I've brought up significant objections. You haven't demonstrated why this is better, and you haven't shown any cases where it actually causes errors in LLDB to do it the other way. |
To be honest, I am still to see one expect "this is how I want it to be". I listed reasons why doing checks in callee makes this N * M check problem. I think one of the objections was about extra work which I addressed.
If you like it better I can add a parameter e.g.
Minimum it simplifies a bunch of users of |
… flag Otherwise integrated REPL and other tools like LLDB would produce incorrect results or crash. Resolves: rdar://problem/30933988
…s*AccessibleFrom`
|
I made it so |
|
We have talked offline today and agree that this a good thing to do, I'm also going to look at improving logic related to |
|
@swift-ci please test |
|
Build failed |
|
Additional notes for anyone following along: Pavel convinced me that (1) the conceptual purity line between AST and Sema wasn't buying us enough in practice, especially since we keep adding code without thinking about DisableAccessControl mode, and (2) the amount of work we could have saved is still something we could only save in DisableAccessControl mode, which means normal compilation is still doing it. However, we also spotted another place to make this change: the |
|
Build failed |
…mum openness This is a follow-up to swiftlang#21783 which made `is{Setter}AccessibleFrom` respect `-disable-access-control` flag. Now it's `getAdjustedFormalAccess` turn to do the same.
… flag
Otherwise integrated REPL and other tools like LLDB would produce
incorrect results or crash.
Resolves: rdar://problem/30933988