Fine-tune pruning for consume checks of arguments

Deduct explicit refs of actual as opposed to formal argument type.

Author: odersky

compiler/src/dotty/tools/dotc/cc/SepCheck.scala

@@ -567,24 +567,16 @@ class SepCheck(checker: CheckCaptures.CheckerAPI) extends tpd.TreeTraverser:
         if pos != null then consumeError(ref, pos, tree.srcPos)
   end checkUse
 
-  /** If `tp` denotes some version of a singleton type `x.type` the set `{x}`
+  /** If `tp` denotes some version of a singleton capture ref `x.type` the set `{x, x*}`
    *  otherwise the empty set.
    */
-  def explicitRefs(tp: Type): Refs = tp match
-    case tp: (TermRef | ThisType) => SimpleIdentitySet(tp)
+  def explicitRefs(tp: Type)(using Context): Refs = tp match
+    case tp: (TermRef | ThisType) if tp.isTrackableRef => SimpleIdentitySet(tp, tp.reach)
     case AnnotatedType(parent, _) => explicitRefs(parent)
     case AndType(tp1, tp2) => explicitRefs(tp1) ++ explicitRefs(tp2)
     case OrType(tp1, tp2) => explicitRefs(tp1) ** explicitRefs(tp2)
     case _ => emptyRefs
 
-  /** Deduct some elements from `refs` according to the role of the checked type `tpe`:
-   *   - If the the type apears as a (result-) type of a definition of `x`, deduct
-   *     `x` and `x*`.
-   *   - If `tpe` is morally a singleton type deduct it as well.
-   */
-  def prune(refs: Refs, tpe: Type, role: TypeRole)(using Context): Refs =
-    refs.deductSymFootprint(role.dclSym).deduct(explicitRefs(tpe))
-
   /** Check validity of consumed references `refsToCheck`. The references are consumed
    *  because they are hidden in a Fresh result type or they are referred
    *  to in an argument to a @consume parameter or in a prefix of a @consume method --
@@ -611,7 +603,7 @@ class SepCheck(checker: CheckCaptures.CheckerAPI) extends tpd.TreeTraverser:
   def checkConsumedRefs(refsToCheck: Refs, tpe: Type, role: TypeRole, descr: => String, pos: SrcPos)(using Context) =
     val badParams = mutable.ListBuffer[Symbol]()
     def currentOwner = role.dclSym.orElse(ctx.owner)
-    for hiddenRef <- prune(refsToCheck, tpe, role) do
+    for hiddenRef <- refsToCheck.deductSymRefs(role.dclSym).deduct(explicitRefs(tpe)) do
       if !hiddenRef.derivesFromSharedCapability then
         hiddenRef.pathRoot match
           case ref: TermRef =>
@@ -662,8 +654,17 @@ class SepCheck(checker: CheckCaptures.CheckerAPI) extends tpd.TreeTraverser:
    */
   def checkType(tpe: Type, pos: SrcPos, role: TypeRole)(using Context): Unit =
 
+    /** Deduct some elements from `refs` according to the role of the checked type `tpe`:
+     *   - If the the type apears as a (result-) type of a definition of `x`, deduct
+     *       `x` and `x*`.
+     *   - If the checked type (or, for arguments, the actual type of the argument)
+     *     is morally a singleton type `y.type` deduct `y` and `y*` as well.
+     */
     extension (refs: Refs) def pruned =
-      refs.deductSymRefs(role.dclSym).deduct(explicitRefs(tpe))
+      val deductedType = role match
+        case TypeRole.Argument(arg) => arg.tpe
+        case _ => tpe
+      refs.deductSymRefs(role.dclSym).deduct(explicitRefs(deductedType))
 
     def sepTypeError(parts: List[Type], genPart: Type, otherPart: Type): Unit =
       val captured = genPart.deepCaptureSet.elems

tests/neg-custom-args/captures/sep-consume.check

@@ -1,28 +1,34 @@
--- Error: tests/neg-custom-args/captures/sep-consume.scala:17:2 --------------------------------------------------------
-17 |  x.put(42)  // error
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:19:2 --------------------------------------------------------
+19 |  x.put(42)  // error
    |  ^
    |  Separation failure: Illegal access to (x : Ref^), which was passed to a
-   |  @consume parameter or was used as a prefix to a @consume method on line 16
+   |  @consume parameter or was used as a prefix to a @consume method on line 18
    |  and therefore is no longer available.
--- Error: tests/neg-custom-args/captures/sep-consume.scala:18:2 --------------------------------------------------------
-18 |  x.get      // error
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:20:2 --------------------------------------------------------
+20 |  x.get      // error
    |  ^
    |  Separation failure: Illegal access to x.rd, which was passed to a
-   |  @consume parameter or was used as a prefix to a @consume method on line 16
+   |  @consume parameter or was used as a prefix to a @consume method on line 18
    |  and therefore is no longer available.
--- Error: tests/neg-custom-args/captures/sep-consume.scala:19:16 -------------------------------------------------------
-19 |  par(rx, () => x.put(42))  // error
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:21:16 -------------------------------------------------------
+21 |  par(rx, () => x.put(42))  // error
    |                ^
    |                Separation failure: Illegal access to (x : Ref^), which was passed to a
-   |                @consume parameter or was used as a prefix to a @consume method on line 16
+   |                @consume parameter or was used as a prefix to a @consume method on line 18
    |                and therefore is no longer available.
--- Error: tests/neg-custom-args/captures/sep-consume.scala:20:16 -------------------------------------------------------
-20 |  par(rx, () => x.get)  // error
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:22:16 -------------------------------------------------------
+22 |  par(rx, () => x.get)  // error
    |                ^
    |                Separation failure: Illegal access to x.rd, which was passed to a
-   |                @consume parameter or was used as a prefix to a @consume method on line 16
+   |                @consume parameter or was used as a prefix to a @consume method on line 18
    |                and therefore is no longer available.
--- Error: tests/neg-custom-args/captures/sep-consume.scala:24:16 -------------------------------------------------------
-24 |  def foo = bad(f) // error
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:26:16 -------------------------------------------------------
+26 |  def foo = bad(f) // error
    |                ^
    | Separation failure: argument to @consume parameter with type (f : () ->{x.rd} Unit) refers to non-local value f
+-- Error: tests/neg-custom-args/captures/sep-consume.scala:34:12 -------------------------------------------------------
+34 |  println(p.fst.get) // errorSep
+   |          ^^^^^
+   |          Separation failure: Illegal access to p.fst*, which was passed to a
+   |          @consume parameter or was used as a prefix to a @consume method on line 33
+   |          and therefore is no longer available.

tests/neg-custom-args/captures/sep-consume.scala

@@ -6,6 +6,8 @@ class Ref extends Mutable:
   def get: Int = _data
   mut def put(x: Int): Unit = _data = x
 
+case class Pair[+A, +B](fst: A, snd: B)
+
 // require f and g to be non-interfering
 def par(f: () => Unit, g: () => Unit): Unit = ???
 
@@ -24,3 +26,16 @@ def test3(@consume x: Ref^): Unit =
   def foo = bad(f) // error
   foo()
   foo()
+
+def test4(@consume @use p: Pair[Ref^, Ref^]): Unit =
+  val x: Ref^{p.fst*} = p.fst
+  val y: Ref^{p.snd*} = p.snd
+  badp(Pair(x, y))
+  println(p.fst.get) // errorSep
+
+def badp(@consume p: Pair[Ref^, Ref^]): Unit = ()
+
+def test5(@consume @use p: Pair[Ref^, Ref^]): Unit =
+  badp(p) // ok
+  println(p.fst.get) // ok, but should be error
+