Let existential variables only subsume shared capabilities

Also, implement infrastructure to add a note to a type mismatch when a failure
to subsume occurs.

Author: odersky

compiler/src/dotty/tools/dotc/cc/CaptureOps.scala

@@ -84,6 +84,12 @@ class CCState:
    */
   var levelError: Option[CaptureSet.CompareResult.LevelError] = None
 
+  /** Optionally, a pair of an existential variable and another capability.
+   *  Set when a subsumes check decides that an existential variable cannot be
+   *  instantiated to the other capability.
+   */
+  var existentialSubsumesFailure: Option[(CaptureRef, CaptureRef)] = None
+
   /** Warnings relating to upper approximations of capture sets with
    *  existentially bound variables.
    */

compiler/src/dotty/tools/dotc/cc/CaptureRef.scala

@@ -263,10 +263,11 @@ trait CaptureRef extends TypeProxy, ValueType:
         vs.ifNotSeen(this)(hidden.elems.exists(_.subsumes(y)))
         || !y.stripReadOnly.isCap && !yIsExistential && canAddHidden && vs.addHidden(hidden, y)
       case Existential.Vble(binder) =>
-        y.stripReadOnly match
-          case Existential.Vble(binder1) => false
-          case Fresh(_) => false
-          case _ => true
+        if y.derivesFromSharedCapability then true
+        else
+          ccState.existentialSubsumesFailure =
+            ccState.existentialSubsumesFailure.orElse(Some(this, y))
+          false
       case _ =>
         this.isCap && !yIsExistential && canAddHidden && vs != VarState.HardSeparate
         || y.match

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -1218,6 +1218,19 @@ class CheckCaptures extends Recheck, SymTransformer:
               |
               |Note that ${msg.toString}"""
 
+    private def existentialSubsumesFailureAddenda(using Context): Addenda =
+      ccState.existentialSubsumesFailure match
+        case Some((ex @ Existential.Vble(binder), other)) =>
+          new Addenda:
+            override def toAdd(using Context): List[String] =
+              val ann = ex.annot.asInstanceOf[Fresh.Annot]
+              i"""
+                |
+                |Note that the existential capture root in ${ann.originalBinder.resType}
+                |cannot subsume the capability $other"""
+              :: Nil
+        case _ => NothingToAdd
+
     /** Addendas for error messages that show where we have under-approximated by
      *  mapping a a capture ref in contravariant position to the empty set because
      *  the original result type of the map was not itself a capture ref.
@@ -1257,6 +1270,7 @@ class CheckCaptures extends Recheck, SymTransformer:
       if actualBoxed eq actual then
         // Only `addOuterRefs` when there is no box adaptation
         expected1 = addOuterRefs(expected1, actual, tree.srcPos)
+      ccState.existentialSubsumesFailure = None
       if isCompatible(actualBoxed, expected1) then
         if debugSuccesses then tree match
             case Ident(_) =>
@@ -1268,7 +1282,10 @@ class CheckCaptures extends Recheck, SymTransformer:
         inContext(Fresh.printContext(actualBoxed, expected1)):
           err.typeMismatch(tree.withType(actualBoxed), expected1,
               addApproxAddenda(
-                addenda ++ CaptureSet.levelErrors ++ boxErrorAddenda(boxErrors),
+                addenda
+                ++ CaptureSet.levelErrors
+                ++ boxErrorAddenda(boxErrors)
+                ++ existentialSubsumesFailureAddenda,
                 expected1))
         actual
     end checkConformsExpr

compiler/src/dotty/tools/dotc/cc/Fresh.scala

@@ -31,8 +31,15 @@ object Fresh:
     override def tree(using Context) = New(symbol.typeRef, Nil)
     override def derivedAnnotation(tree: Tree)(using Context): Annotation = this
 
+    private var myOriginalBinder = binder
+    def originalBinder: MethodType = myOriginalBinder.asInstanceOf[MethodType]
+
     def derivedAnnotation(binder: MethodType | NoType.type)(using Context): Annotation =
-      if this.binder eq binder then this else Annot(hidden, binder)
+      if this.binder eq binder then this
+      else
+        val ann = Annot(hidden, binder)
+        ann.myOriginalBinder = myOriginalBinder
+        ann
 
     override def hash: Int = hidden.hashCode
     override def eql(that: Annotation) = that match
@@ -70,6 +77,7 @@ object Fresh:
     val hiddenSet = CaptureSet.HiddenSet(NoSymbol)
     val res = AnnotatedType(defn.captureRoot.termRef, Annot(hiddenSet, binder))
     hiddenSet.owningCap = res
+    //assert(hiddenSet.id != 9, binder.show)
     res
 
   /** The initial elements (either 0 or 1) of a hidden set created for given `owner`.

tests/neg-custom-args/captures/cc-existential-conformance.check

@@ -14,6 +14,9 @@
   |                             Found:    (y : A -> A -> B^)
   |                             Required: A -> (x: A) -> B^
   |
+  |                             Note that the existential capture root in B^
+  |                             cannot subsume the capability cap
+  |
   | longer explanation available when compiling with `-explain`
 -- [E007] Type Mismatch Error: tests/neg-custom-args/captures/cc-existential-conformance.scala:13:19 -------------------
 13 |  val y: Fun[B^] = x // error
@@ -31,4 +34,7 @@
    |                        Found:    (y : A -> B^)
    |                        Required: (x: A) -> B^
    |
+   |                        Note that the existential capture root in B^
+   |                        cannot subsume the capability cap
+   |
    | longer explanation available when compiling with `-explain`

tests/neg-custom-args/captures/erased-methods2.check

@@ -0,0 +1,29 @@
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/erased-methods2.scala:21:9 -------------------------------
+21 |     ?=> (x$2: CT[Ex2]^)        // error
+   |         ^
+   |         Found:    (erased x$2: CT[Ex2]^) ?->{x$1} Unit
+   |         Required: (erased x$2: CT[Ex2]^) ?->? Unit
+   |
+   |         Note that the existential capture root in (erased x$2: CT[Ex2]^) ?=> Unit
+   |         cannot subsume the capability x$1.type
+22 |     ?=>
+23 |      //given (CT[Ex3]^) = x$1
+24 |      Throw(new Ex3)
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/erased-methods2.scala:32:9 -------------------------------
+32 |     ?=> (erased x$2: CT[Ex2]^)  // error
+   |         ^
+   |  Found:    (erased x$2: CT[Ex2]^) ?->{x$1} (erased x$2: CT[Ex1]^) ?->{x$1} Unit
+   |  Required: (erased x$1²: CT[Ex2]^) ?->? (erased x$2: CT[Ex1]^) ?->? Unit
+   |
+   |  where:    x$1  is a parameter in an anonymous function in method foo10a
+   |            x$1² is a reference to a value parameter
+   |
+   |
+   |  Note that the existential capture root in (erased x$1: CT[Ex2]^) ?=> (erased x$2: CT[Ex1]^) ?->{localcap} Unit
+   |  cannot subsume the capability x$1.type
+33 |     ?=> (erased x$3: CT[Ex1]^)
+34 |     ?=> Throw(new Ex3)
+   |
+   | longer explanation available when compiling with `-explain`

tests/pos-custom-args/captures/erased-methods2.scala renamed to tests/neg-custom-args/captures/erased-methods2.scala

@@ -16,19 +16,19 @@ def foo8a(i: Int) =
 def foo9a(i: Int)
   : (x$1: CT[Ex3]^)
     ?=> (x$2: CT[Ex2]^)
-    ?-> {x$1, caps.cap} Unit
+    ?=> Unit
   = (x$1: CT[Ex3]^)
-     ?=> (x$2: CT[Ex2]^)
+     ?=> (x$2: CT[Ex2]^)        // error
      ?=>
       //given (CT[Ex3]^) = x$1
       Throw(new Ex3)
 
 def foo10a(i: Int)
   : (erased x$0: CT[Ex3]^)
     ?=> (erased x$1: CT[Ex2]^)
-    ?-> {x$0, caps.cap} (erased x$2: CT[Ex1]^)
-    ?-> {x$0, x$1, caps.cap} Unit
+    ?=> (erased x$2: CT[Ex1]^)
+    ?=> Unit
   = (erased x$1: CT[Ex3]^)
-     ?=> (erased x$2: CT[Ex2]^)
+     ?=> (erased x$2: CT[Ex2]^)  // error
      ?=> (erased x$3: CT[Ex1]^)
      ?=> Throw(new Ex3)

tests/neg-custom-args/captures/heal-tparam-cs.check

@@ -0,0 +1,39 @@
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/heal-tparam-cs.scala:15:13 -------------------------------
+15 |    localCap { c =>  // error
+   |    ^
+   |    Found:    (x$0: Capp^) ->? () ->{x$0} Unit
+   |    Required: (c: Capp^) -> () ->{localcap} Unit
+   |
+   |    Note that the existential capture root in () => Unit
+   |    cannot subsume the capability x$0.type
+16 |      (c1: Capp^) => () => { c1.use() }
+17 |    }
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/heal-tparam-cs.scala:25:13 -------------------------------
+25 |    localCap { c =>  // error
+   |    ^
+   |    Found:    (x$0: Capp^{io}) ->? () ->{x$0} Unit
+   |    Required: (c: Capp^{io}) -> () ->{net} Unit
+26 |      (c1: Capp^{io}) => () => { c1.use() }
+27 |    }
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/heal-tparam-cs.scala:41:10 -------------------------------
+41 |    io => () => io.use()  // error
+   |          ^^^^^^^^^^^^^^
+   |          Found:    () ->{io} Unit
+   |          Required: () ->? Unit
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/heal-tparam-cs.scala:44:10 -------------------------------
+44 |    io => () => io.use()  // error
+   |          ^^^^^^^^^^^^^^
+   |          Found:    () ->{io} Unit
+   |          Required: () ->? Unit
+   |
+   | longer explanation available when compiling with `-explain`
+-- Error: tests/neg-custom-args/captures/heal-tparam-cs.scala:10:14 ----------------------------------------------------
+10 |  val test1 = localCap { c => // error
+   |              ^^^^^^^^
+   |              local reference c leaks into outer capture set of type parameter T of method localCap

tests/neg-custom-args/captures/heal-tparam-cs.scala

@@ -12,7 +12,7 @@ def main(io: Capp^, net: Capp^): Unit = {
   }
 
   val test2: (c: Capp^) -> () => Unit =
-    localCap { c =>  // ok
+    localCap { c =>  // error
       (c1: Capp^) => () => { c1.use() }
     }
 

tests/neg-custom-args/captures/reaches.check

@@ -51,6 +51,16 @@
    |                         Required: File^{id*}
    |
    | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/reaches.scala:67:37 --------------------------------------
+67 |  val id: (x: File^) -> File^ = x => x // error
+   |                                     ^
+   |                                     Found:    (x : File^)
+   |                                     Required: File^?
+   |
+   |                                     Note that the existential capture root in File^
+   |                                     cannot subsume the capability x.type
+   |
+   | longer explanation available when compiling with `-explain`
 -- [E007] Type Mismatch Error: tests/neg-custom-args/captures/reaches.scala:71:27 --------------------------------------
 71 |    val f1: File^{id*} = id(f) // error // error
    |                         ^^^^^

tests/neg-custom-args/captures/reaches.scala

@@ -64,7 +64,7 @@ def attack2 =
     f1
 
 def attack3 =
-  val id: (x: File^) -> File^ = x => x
+  val id: (x: File^) -> File^ = x => x // error
     // val id: File^ -> EX C.File^C
 
   val leaked = usingFile[File^{id*}]: f => // error