Refactor object-safety into its own (cached) module so that we can

check it more easily; also extend object safety to cover sized types
as well as static methods.  This makes it sufficient so that we can
always ensure that `Foo : Foo` holds for any trait `Foo`.

Author: nikomatsakis

src/librustc/middle/traits/mod.rs

@@ -29,6 +29,10 @@ pub use self::fulfill::{FulfillmentContext, RegionObligation};
 pub use self::project::MismatchedProjectionTypes;
 pub use self::project::normalize;
 pub use self::project::Normalized;
+pub use self::object_safety::is_object_safe;
+pub use self::object_safety::object_safety_violations;
+pub use self::object_safety::ObjectSafetyViolation;
+pub use self::object_safety::MethodViolationCode;
 pub use self::select::SelectionContext;
 pub use self::select::SelectionCache;
 pub use self::select::{MethodMatchResult, MethodMatched, MethodAmbiguous, MethodDidNotMatch};
@@ -45,6 +49,7 @@ mod coherence;
 mod error_reporting;
 mod fulfill;
 mod project;
+mod object_safety;
 mod select;
 mod util;
 

src/librustc/middle/traits/object_safety.rs

@@ -0,0 +1,302 @@
+// Copyright 2014 The Rust Project Developers. See the COPYRIGHT
+// file at the top-level directory of this distribution and at
+// http://rust-lang.org/COPYRIGHT.
+//
+// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
+// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
+// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
+// option. This file may not be copied, modified, or distributed
+// except according to those terms.
+
+//! "Object safety" refers to the ability for a trait to be converted
+//! to an object. In general, traits may only be converted to an
+//! object if all of their methods meet certain criteria. In particular,
+//! they must:
+//!
+//!   - have a suitable receiver from which we can extract a vtable;
+//!   - not reference the erased type `Self` except for in this receiver;
+//!   - not have generic type parameters
+
+use super::supertraits;
+use super::elaborate_predicates;
+
+use middle::subst::{mod, SelfSpace};
+use middle::traits;
+use middle::ty::{mod, Ty};
+use std::rc::Rc;
+use syntax::ast;
+use util::ppaux::Repr;
+
+pub enum ObjectSafetyViolation<'tcx> {
+    /// Self : Sized declared on the trait
+    SizedSelf,
+
+    /// Method has someting illegal
+    Method(Rc<ty::Method<'tcx>>, MethodViolationCode),
+}
+
+/// Reasons a method might not be object-safe.
+#[deriving(Copy,Clone,Show)]
+pub enum MethodViolationCode {
+    /// fn(self),
+    ByValueSelf,
+
+    // fn foo()
+    StaticMethod,
+
+    // fn foo(&self, x: Self)
+    // fn foo(&self) -> Self
+    ReferencesSelf,
+
+    // fn foo<A>(),
+    Generic,
+}
+
+pub fn is_object_safe<'tcx>(tcx: &ty::ctxt<'tcx>,
+                            trait_ref: ty::PolyTraitRef<'tcx>)
+                            -> bool
+{
+    // Because we query yes/no results frequently, we keep a cache:
+    let cached_result =
+        tcx.object_safety_cache.borrow().get(&trait_ref.def_id()).map(|&r| r);
+
+    let result =
+        cached_result.unwrap_or_else(|| {
+            let result = object_safety_violations(tcx, trait_ref.clone()).is_empty();
+
+            // Record just a yes/no result in the cache; this is what is
+            // queried most frequently. Note that this may overwrite a
+            // previous result, but always with the same thing.
+            tcx.object_safety_cache.borrow_mut().insert(trait_ref.def_id(), result);
+
+            result
+        });
+
+    debug!("is_object_safe({}) = {}", trait_ref.repr(tcx), result);
+
+    result
+}
+
+pub fn object_safety_violations<'tcx>(tcx: &ty::ctxt<'tcx>,
+                                      sub_trait_ref: ty::PolyTraitRef<'tcx>)
+                                      -> Vec<ObjectSafetyViolation<'tcx>>
+{
+    supertraits(tcx, sub_trait_ref)
+        .flat_map(|tr| object_safety_violations_for_trait(tcx, tr.def_id()).into_iter())
+        .collect()
+}
+
+fn object_safety_violations_for_trait<'tcx>(tcx: &ty::ctxt<'tcx>,
+                                            trait_def_id: ast::DefId)
+                                            -> Vec<ObjectSafetyViolation<'tcx>>
+{
+    // Check methods for violations.
+    let mut violations: Vec<_> =
+        ty::trait_items(tcx, trait_def_id).iter()
+        .flat_map(|item| {
+            match *item {
+                ty::MethodTraitItem(ref m) => {
+                    object_safety_violations_for_method(tcx, trait_def_id, &**m)
+                        .map(|code| ObjectSafetyViolation::Method(m.clone(), code))
+                        .into_iter()
+                }
+                ty::TypeTraitItem(_) => {
+                    None.into_iter()
+                }
+            }
+        })
+        .collect();
+
+    // Check the trait itself.
+    if trait_has_sized_self(tcx, trait_def_id) {
+        violations.push(ObjectSafetyViolation::SizedSelf);
+    }
+
+    debug!("object_safety_violations_for_trait(trait_def_id={}) = {}",
+           trait_def_id.repr(tcx),
+           violations.repr(tcx));
+
+    violations
+}
+
+fn trait_has_sized_self<'tcx>(tcx: &ty::ctxt<'tcx>,
+                              trait_def_id: ast::DefId)
+                              -> bool
+{
+    let trait_def = ty::lookup_trait_def(tcx, trait_def_id);
+    let param_env = ty::construct_parameter_environment(tcx,
+                                                        &trait_def.generics,
+                                                        ast::DUMMY_NODE_ID);
+    let predicates = param_env.caller_bounds.predicates.as_slice().to_vec();
+    let sized_def_id = match tcx.lang_items.sized_trait() {
+        Some(def_id) => def_id,
+        None => { return false; /* No Sized trait, can't require it! */ }
+    };
+
+    // Search for a predicate like `Self : Sized` amongst the trait bounds.
+    elaborate_predicates(tcx, predicates)
+        .any(|predicate| {
+            match predicate {
+                ty::Predicate::Trait(ref trait_pred) if trait_pred.def_id() == sized_def_id => {
+                    let self_ty = trait_pred.0.self_ty();
+                    match self_ty.sty {
+                        ty::ty_param(ref data) => data.space == subst::SelfSpace,
+                        _ => false,
+                    }
+                }
+                ty::Predicate::Projection(..) |
+                ty::Predicate::Trait(..) |
+                ty::Predicate::Equate(..) |
+                ty::Predicate::RegionOutlives(..) |
+                ty::Predicate::TypeOutlives(..) => {
+                    false
+                }
+            }
+        })
+}
+
+fn object_safety_violations_for_method<'tcx>(tcx: &ty::ctxt<'tcx>,
+                                             trait_def_id: ast::DefId,
+                                             method: &ty::Method<'tcx>)
+                                             -> Option<MethodViolationCode>
+{
+    // The method's first parameter must be something that derefs to
+    // `&self`. For now, we only accept `&self` and `Box<Self>`.
+    match method.explicit_self {
+        ty::ByValueExplicitSelfCategory => {
+            return Some(MethodViolationCode::ByValueSelf);
+        }
+
+        ty::StaticExplicitSelfCategory => {
+            return Some(MethodViolationCode::StaticMethod);
+        }
+
+        ty::ByReferenceExplicitSelfCategory(..) |
+        ty::ByBoxExplicitSelfCategory => {
+        }
+    }
+
+    // The `Self` type is erased, so it should not appear in list of
+    // arguments or return type apart from the receiver.
+    let ref sig = method.fty.sig;
+    for &input_ty in sig.0.inputs[1..].iter() {
+        if contains_illegal_self_type_reference(tcx, trait_def_id, input_ty) {
+            return Some(MethodViolationCode::ReferencesSelf);
+        }
+    }
+    if let ty::FnConverging(result_type) = sig.0.output {
+        if contains_illegal_self_type_reference(tcx, trait_def_id, result_type) {
+            return Some(MethodViolationCode::ReferencesSelf);
+        }
+    }
+
+    // We can't monomorphize things like `fn foo<A>(...)`.
+    if !method.generics.types.is_empty_in(subst::FnSpace) {
+        return Some(MethodViolationCode::Generic);
+    }
+
+    None
+}
+
+fn contains_illegal_self_type_reference<'tcx>(tcx: &ty::ctxt<'tcx>,
+                                              trait_def_id: ast::DefId,
+                                              ty: Ty<'tcx>)
+                                              -> bool
+{
+    // This is somewhat subtle. In general, we want to forbid
+    // references to `Self` in the argument and return types,
+    // since the value of `Self` is erased. However, there is one
+    // exception: it is ok to reference `Self` in order to access
+    // an associated type of the current trait, since we retain
+    // the value of those associated types in the object type
+    // itself.
+    //
+    // ```rust
+    // trait SuperTrait {
+    //     type X;
+    // }
+    //
+    // trait Trait : SuperTrait {
+    //     type Y;
+    //     fn foo(&self, x: Self) // bad
+    //     fn foo(&self) -> Self // bad
+    //     fn foo(&self) -> Option<Self> // bad
+    //     fn foo(&self) -> Self::Y // OK, desugars to next example
+    //     fn foo(&self) -> <Self as Trait>::Y // OK
+    //     fn foo(&self) -> Self::X // OK, desugars to next example
+    //     fn foo(&self) -> <Self as SuperTrait>::X // OK
+    // }
+    // ```
+    //
+    // However, it is not as simple as allowing `Self` in a projected
+    // type, because there are illegal ways to use `Self` as well:
+    //
+    // ```rust
+    // trait Trait : SuperTrait {
+    //     ...
+    //     fn foo(&self) -> <Self as SomeOtherTrait>::X;
+    // }
+    // ```
+    //
+    // Here we will not have the type of `X` recorded in the
+    // object type, and we cannot resolve `Self as SomeOtherTrait`
+    // without knowing what `Self` is.
+
+    let mut supertraits: Option<Vec<ty::PolyTraitRef<'tcx>>> = None;
+    let mut error = false;
+    ty::maybe_walk_ty(ty, |ty| {
+        match ty.sty {
+            ty::ty_param(ref param_ty) => {
+                if param_ty.space == SelfSpace {
+                    error = true;
+                }
+
+                false // no contained types to walk
+            }
+
+            ty::ty_projection(ref data) => {
+                // This is a projected type `<Foo as SomeTrait>::X`.
+
+                // Compute supertraits of current trait lazilly.
+                if supertraits.is_none() {
+                    let trait_def = ty::lookup_trait_def(tcx, trait_def_id);
+                    let trait_ref = ty::Binder(trait_def.trait_ref.clone());
+                    supertraits = Some(traits::supertraits(tcx, trait_ref).collect());
+                }
+
+                // Determine whether the trait reference `Foo as
+                // SomeTrait` is in fact a supertrait of the
+                // current trait. In that case, this type is
+                // legal, because the type `X` will be specified
+                // in the object type.  Note that we can just use
+                // direct equality here because all of these types
+                // are part of the formal parameter listing, and
+                // hence there should be no inference variables.
+                let projection_trait_ref = ty::Binder(data.trait_ref.clone());
+                let is_supertrait_of_current_trait =
+                    supertraits.as_ref().unwrap().contains(&projection_trait_ref);
+
+                if is_supertrait_of_current_trait {
+                    false // do not walk contained types, do not report error, do collect $200
+                } else {
+                    true // DO walk contained types, POSSIBLY reporting an error
+                }
+            }
+
+            _ => true, // walk contained types, if any
+        }
+    });
+
+    error
+}
+
+impl<'tcx> Repr<'tcx> for ObjectSafetyViolation<'tcx> {
+    fn repr(&self, tcx: &ty::ctxt<'tcx>) -> String {
+        match *self {
+            ObjectSafetyViolation::SizedSelf =>
+                format!("SizedSelf"),
+            ObjectSafetyViolation::Method(ref m, code) =>
+                format!("Method({},{})", m.repr(tcx), code),
+        }
+    }
+}

src/librustc/middle/ty.rs

@@ -827,6 +827,9 @@ pub struct ctxt<'tcx> {
     /// parameters are never placed into this cache, because their
     /// results are dependent on the parameter environment.
     pub type_impls_sized_cache: RefCell<HashMap<Ty<'tcx>,bool>>,
+
+    /// Caches whether traits are object safe
+    pub object_safety_cache: RefCell<DefIdMap<bool>>,
 }
 
 // Flags that we track on types. These flags are propagated upwards
@@ -2384,6 +2387,7 @@ pub fn mk_ctxt<'tcx>(s: Session,
         repr_hint_cache: RefCell::new(DefIdMap::new()),
         type_impls_copy_cache: RefCell::new(HashMap::new()),
         type_impls_sized_cache: RefCell::new(HashMap::new()),
+        object_safety_cache: RefCell::new(DefIdMap::new()),
    }
 }
 

src/librustc_driver/pretty.rs

@@ -141,7 +141,7 @@ impl PpSourceMode {
     }
 }
 
-trait PrinterSupport<'ast>: pprust::PpAnn + Sized {
+trait PrinterSupport<'ast>: pprust::PpAnn {
     /// Provides a uniform interface for re-extracting a reference to a
     /// `Session` from a value that now owns it.
     fn sess<'a>(&'a self) -> &'a Session;
@@ -154,7 +154,7 @@ trait PrinterSupport<'ast>: pprust::PpAnn + Sized {
     ///
     /// (Rust does not yet support upcasting from a trait object to
     /// an object for one of its super-traits.)
-    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn { self as &pprust::PpAnn }
+    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn;
 }
 
 struct NoAnn<'ast> {
@@ -168,6 +168,8 @@ impl<'ast> PrinterSupport<'ast> for NoAnn<'ast> {
     fn ast_map<'a>(&'a self) -> Option<&'a ast_map::Map<'ast>> {
         self.ast_map.as_ref()
     }
+
+    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn { self }
 }
 
 impl<'ast> pprust::PpAnn for NoAnn<'ast> {}
@@ -183,6 +185,8 @@ impl<'ast> PrinterSupport<'ast> for IdentifiedAnnotation<'ast> {
     fn ast_map<'a>(&'a self) -> Option<&'a ast_map::Map<'ast>> {
         self.ast_map.as_ref()
     }
+
+    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn { self }
 }
 
 impl<'ast> pprust::PpAnn for IdentifiedAnnotation<'ast> {
@@ -232,6 +236,8 @@ impl<'ast> PrinterSupport<'ast> for HygieneAnnotation<'ast> {
     fn ast_map<'a>(&'a self) -> Option<&'a ast_map::Map<'ast>> {
         self.ast_map.as_ref()
     }
+
+    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn { self }
 }
 
 impl<'ast> pprust::PpAnn for HygieneAnnotation<'ast> {
@@ -265,6 +271,8 @@ impl<'tcx> PrinterSupport<'tcx> for TypedAnnotation<'tcx> {
     fn ast_map<'a>(&'a self) -> Option<&'a ast_map::Map<'tcx>> {
         Some(&self.analysis.ty_cx.map)
     }
+
+    fn pp_ann<'a>(&'a self) -> &'a pprust::PpAnn { self }
 }
 
 impl<'tcx> pprust::PpAnn for TypedAnnotation<'tcx> {