Use DefIds instead of NodeIds for pub(restricted) visibilities
#38490
Conversation
| @@ -200,7 +200,7 @@ pub struct TraitImpls { | |||
| #[derive(RustcEncodable, RustcDecodable)] | |||
| pub struct Entry<'tcx> { | |||
| pub kind: EntryKind<'tcx>, | |||
| pub visibility: ty::Visibility, | |||
| pub visibility: Lazy<ty::Visibility>, | |||
There was a problem hiding this comment.
I had to change this to Lazy so that we don't try to decode a DefId before we have access to the cnum_map (causing a panic).
cc @eddyb
There was a problem hiding this comment.
This makes sense, I only had it like that because it was always just an enum discriminant IIRC.
What is privacy checking hygienic intercrate name resolutions exactly? Is there any pre-RFC or other text in work? |
jseyfried
force-pushed
the
def_id_vis
branch
from
a7d0c54
to
a85266d
Compare
|
@petrochenkov (cc @nrc)
For example, mod foo {
pub(super) fn bar() {} // (i)
fn baz() {} // (ii)
fn f() { super::m!(); } // (example invocation of `m`)
}
pub macro m() {
foo::bar(); // This should always resolve to (i), regardless of where `m` is invoked.
foo::baz(); // This should always be a privacy error, regardless of where `m` is invoked.
}More generally, consider a macro pub macro m($e:expr) {
... foo ... $e ... bar ... //< definition body
}and an invocation of that macro I think hygiene should provide the following dual guarantees:
Just assuming these guarantees almost entirely specifies hygiene 2.0, including hygiene for items, imports, methods, fields, privacy, etc. I'm working on a prototype of hygiene 2.0 that will satisfy these guarantees (modulo an escape hatch). The prototype should be ready next week, and it will include a comprehensive suite of tests/examples as well as some more exposition and motivation. |
|
☔ The latest upstream changes (presumably #38499) made this pull request unmergeable. Please resolve the merge conflicts. |
| /// Not visible anywhere in the local crate. This is the visibility of private external items. | ||
| PrivateExternal, | ||
| Empty, |
There was a problem hiding this comment.
I'm not sure about this rename - why does Empty make sense for a visibility?
There was a problem hiding this comment.
How about Invisible?
|
@jseyfried Macros don't have interfaces to check them for private types. |
Good point. I think the best way forward here is to fix #30476, make the fix hygienic in the prototype, and then assess what further restrictions we need for macros. I believe we can fix #30476 by improving privacy checks for method calls. For example, I think EDIT: We would also have to similarly improve privacy checks for uses of generic functions that monomorphize into less visible types. Is this the solution you had in mind? If we fix #30476 as I am proposing, it would still be possible to get a private type from a macro (e.g. If we want to also forbid getting a private type from a macro (even given that the only thing we can do with it is pass it into another macro), we could check that
In what way? |
jseyfried
force-pushed
the
def_id_vis
branch
3 times, most recently
from
7e2c51b
to
95285af
Compare
I haven't found the prototype you're mentioning, https://github.com/jseyfried/rust/tree/hygiene looks similar, but incomplete. My primary message is that all this stuff needs some text to discuss before jumping into implementation (but I'm still all for prototyping, groundwork, etc). |
Right, I haven't made the late privacy checks public yet; they'll be in that branch by next week.
What do you mean by "privacy-skipping autoderef"? Autoderef has taken privacy into account since #31938.
Hmm, I'm not sure that's such a bad thing. Without it, we wouldn't be able to support e.g. mod foo {
struct S;
impl S {
fn f(&self) {}
}
pub macro m() {
S.f();
}
}
... foo::m!(); ...which would break hygiene, at least according to the definition from #38490 (comment).
Right, I think this is worth it. It will certainly need more discussion though, including potential compromises to simplify implementation or avoid exporting too many symbols.
Agreed, perhaps it was premature to label this PR "groundwork for hygiene 2.0" before we agree that we actually want hygienic privacy for intercrate name resolutions. I think this is a better way to implement visibility anyway though. |
Just bad wording, I meant autoderef skipping inaccessible fields.
It moves macros further and further away from the "purely syntactic" ideal, manually expanded code becomes less and less self-sufficient, compilation stages become more and more intermingled - first macros leaked into resolve, now they start leaking into type checking. I agree it may worth in the end if macros turn into some non-syntactic, but self-consistent (and practical) feature, something like fancy inline functions. |
I don't think this is the ideal, since it precludes any hygiene at all (unless I'm misunderstanding) -- even hygienic local variables require "leakage" into resolve.
This sounds close to my vision of fully hygienic macros 2.0, but I wouldn't call it "non-syntactic" (maybe "epi-syntactic", meaning syntax plus hygiene info). For example, procedural macros operate on tokens but the tokens have normative hygiene information attached ( |
|
☔ The latest upstream changes (presumably #38232) made this pull request unmergeable. Please resolve the merge conflicts. |
jseyfried
force-pushed
the
def_id_vis
branch
from
95285af
to
41f1e18
Compare
|
@bors r=nrc |
|
📌 Commit 41f1e18 has been approved by |
Use `DefId`s instead of `NodeId`s for `pub(restricted)` visibilities This is groundwork for hygiene 2.0, specifically privacy checking hygienic intercrate name resolutions. r? @nrc
|
💥 Test timed out |
|
@bors retry |
Use `DefId`s instead of `NodeId`s for `pub(restricted)` visibilities This is groundwork for hygiene 2.0, specifically privacy checking hygienic intercrate name resolutions. r? @nrc
This is groundwork for hygiene 2.0, specifically privacy checking hygienic intercrate name resolutions.
r? @nrc