Use the whole selection tree for markFree

Needed for use checking, since if we just take the leftmost prefix
we sometimes end up with a `this`.

Author: odersky

compiler/src/dotty/tools/dotc/cc/CaptureSet.scala

@@ -966,8 +966,7 @@ object CaptureSet:
       case elem: FreshCap
       if !nestedOK
           && !elems.contains(elem)
-          && !owner.isAnonymousFunction
-          && ccConfig.newScheme =>
+          && !owner.isAnonymousFunction =>
         def fail = i"attempting to add $elem to $this"
         def hideIn(fc: FreshCap): Unit =
           assert(elem.tryClassifyAs(fc.hiddenSet.classifier), fail)

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -102,7 +102,7 @@ object CheckCaptures:
   end SubstParamsMap
 
   /** A prototype that indicates selection with an immutable value */
-  class PathSelectionProto(val sym: Symbol, val pt: Type)(using Context) extends WildcardSelectionProto
+  class PathSelectionProto(val select: Select, val pt: Type)(using Context) extends WildcardSelectionProto
 
   /** Check that a @retains annotation only mentions references that can be tracked.
    *  This check is performed at Typer.
@@ -653,11 +653,15 @@ class CheckCaptures extends Recheck, SymTransformer:
         // If ident refers to a parameterless method, charge its cv to the environment
         includeCallCaptures(sym, sym.info, tree)
       else if !sym.isStatic then
-        markFree(sym, pathRef(sym.termRef, pt), tree)
+        if ccConfig.newScheme && sym.exists
+        then markPathFree(sym.termRef, pt, tree)
+        else markFree(sym, pathRef(sym.termRef, pt), tree)
       mapResultRoots(super.recheckIdent(tree, pt), tree.symbol)
 
     override def recheckThis(tree: This, pt: Type)(using Context): Type =
-      markFree(pathRef(tree.tpe.asInstanceOf[ThisType], pt), tree)
+      if ccConfig.newScheme
+      then markPathFree(tree.tpe.asInstanceOf[ThisType], pt, tree)
+      else markFree(pathRef(tree.tpe.asInstanceOf[ThisType], pt), tree)
       super.recheckThis(tree, pt)
 
     /** Add all selections and also any `.rd modifier implied by the expected
@@ -668,18 +672,38 @@ class CheckCaptures extends Recheck, SymTransformer:
     private def pathRef(base: TermRef | ThisType, pt: Type)(using Context): Capability =
       def addSelects(ref: TermRef | ThisType, pt: Type): Capability = pt match
         case pt: PathSelectionProto if ref.isTracked =>
-          if pt.sym.isReadOnlyMethod then
+          if pt.select.symbol.isReadOnlyMethod then
             ref.readOnly
           else
             // if `ref` is not tracked then the selection could not give anything new
             // class SerializationProxy in stdlib-cc/../LazyListIterable.scala has an example where this matters.
-            addSelects(ref.select(pt.sym).asInstanceOf[TermRef], pt.pt)
+            addSelects(ref.select(pt.select.symbol).asInstanceOf[TermRef], pt.pt)
         case _ => ref
       val ref: Capability = addSelects(base, pt)
       if ref.derivesFromMutable && pt.isValueType && !pt.isMutableType
       then ref.readOnly
       else ref
 
+    /** Add all selections and also any `.rd modifier implied by the expected
+     *  type `pt` to `base`. Example:
+     *  If we have `x` and the expected type says we select that with `.a.b`
+     *  where `b` is a read-only method, we charge `x.a.b.rd` instead of `x`.
+     */
+    private def markPathFree(ref: TermRef | ThisType, pt: Type, tree: Tree)(using Context): Unit =
+      pt match
+        case pt: PathSelectionProto if ref.isTracked =>
+          // if `ref` is not tracked then the selection could not give anything new
+          // class SerializationProxy in stdlib-cc/../LazyListIterable.scala has an example where this matters.
+          if pt.select.symbol.isReadOnlyMethod then
+            markFree(ref.readOnly, tree)
+          else
+            markPathFree(ref.select(pt.select.symbol).asInstanceOf[TermRef], pt.pt, pt.select)
+        case _ =>
+          if ref.derivesFromMutable && pt.isValueType && !pt.isMutableType then
+            markFree(ref.readOnly, tree)
+          else
+            markFree(ref, tree)
+
     /** The expected type for the qualifier of a selection. If the selection
      *  could be part of a capability path or is a a read-only method, we return
      *  a PathSelectionProto.
@@ -688,7 +712,7 @@ class CheckCaptures extends Recheck, SymTransformer:
       val sym = tree.symbol
       if !sym.isOneOf(UnstableValueFlags) && !sym.isStatic
           || sym.isReadOnlyMethod
-      then PathSelectionProto(sym, pt)
+      then PathSelectionProto(tree, pt)
       else super.selectionProto(tree, pt)
 
     /** A specialized implementation of the selection rule.
@@ -1820,7 +1844,7 @@ class CheckCaptures extends Recheck, SymTransformer:
     private def noWiden(actual: Type, expected: Type)(using Context): Boolean =
       actual.isSingleton
       && expected.match
-          case expected: PathSelectionProto => !expected.sym.isOneOf(UnstableValueFlags)
+          case expected: PathSelectionProto => !expected.select.symbol.isOneOf(UnstableValueFlags)
           case _ => expected.stripCapturing.isSingleton || expected == LhsProto
 
     /** Adapt `actual` type to `expected` type. This involves:

compiler/src/dotty/tools/dotc/cc/SepCheck.scala

@@ -431,6 +431,7 @@ class SepCheck(checker: CheckCaptures.CheckerAPI) extends tpd.TreeTraverser:
   def sepUseError(tree: Tree, clashingDef: ValOrDefDef | Null, used: Refs, hidden: Refs)(using Context): Unit =
     if clashingDef != null then
       def resultStr = if clashingDef.isInstanceOf[DefDef] then " result" else ""
+      //println(i"sep use error: previous ${clashingDef.tpt.nuType}, ref = $used")
       report.error(
         em"""Separation failure: Illegal access to ${overlapStr(hidden, used)} which is hidden by the previous definition
             |of ${clashingDef.symbol} with$resultStr type ${clashingDef.tpt.nuType}.
@@ -568,22 +569,30 @@ class SepCheck(checker: CheckCaptures.CheckerAPI) extends tpd.TreeTraverser:
       val usedPeaks = used.allPeaks
       val overlap = defsShadow.allPeaks.sharedPeaks(usedPeaks)
       if !defsShadow.allPeaks.sharedPeaks(usedPeaks).isEmpty then
-        val sym = tree.symbol
-
+        // Drop all Selects unless they select from a `this`
+        def pathRoot(tree: Tree): Tree = tree match
+          case Select(This(_), _) => tree
+          case Select(prefix, _) => pathRoot(prefix)
+          case _ => tree
+          
+        val rootSym = pathRoot(tree).symbol
+        
         def findClashing(prevDefs: List[DefInfo]): Option[DefInfo] = prevDefs match
           case prevDef :: prevDefs1 =>
-            if prevDef.symbol == sym then Some(prevDef)
+            if prevDef.symbol == rootSym then Some(prevDef)
             else if !prevDef.hiddenPeaks.sharedPeaks(usedPeaks).isEmpty then Some(prevDef)
             else findClashing(prevDefs1)
           case Nil =>
             None
 
         findClashing(previousDefs) match
           case Some(clashing) =>
-            if clashing.symbol != sym then
+            //println(i"check use $tree, $used, $rootSym, ${clashing.symbol}")
+            if clashing.symbol != rootSym then
               sepUseError(tree, clashing.tree, used, clashing.hidden)
           case None =>
             sepUseError(tree, null, used, defsShadow)
+      end if
 
       for ref <- used do
         val pos = consumed.clashing(ref)

tests/neg-custom-args/captures/fresh-counter.check

@@ -0,0 +1,16 @@
+-- Error: tests/neg-custom-args/captures/fresh-counter.scala:22:6 ------------------------------------------------------
+22 |  par(i, d) // error: separation failure
+   |      ^
+   |Separation failure: argument of type  (i : () ->{c.incr} Unit)
+   |to method par: (p1: () => Unit, p2: () => Unit): Unit
+   |corresponds to capture-polymorphic formal parameter p1 of type  () => Unit
+   |and hides capabilities  {i}.
+   |Some of these overlap with the captures of the second argument with type  (d : () ->{c.decr} Unit).
+   |
+   |  Hidden set of current argument        : {i}
+   |  Hidden footprint of current argument  : {i, c.incr, c.count}
+   |  Capture set of second argument        : {d}
+   |  Footprint set of second argument      : {d, c.decr, c.count}
+   |  The two sets overlap at               : {c.count}
+   |
+   |where:    => refers to a fresh root capability created in method test when checking argument to parameter p1 of method par

tests/neg-custom-args/captures/fresh-counter.scala

@@ -0,0 +1,23 @@
+import caps.Mutable
+import caps.cap
+
+class Ref extends Mutable:
+  var x = 0
+  def get: Int = x
+  update def put(y: Int): Unit = x = y
+
+class Counter:
+  private val count: Ref^ = Ref()
+  val incr = () =>
+    count.put(count.get + 1)
+  val decr = () =>
+    count.put(count.get - 1)
+
+def par(p1: () => Unit, p2: () => Unit) = ()
+
+def test() =
+  val c = Counter()
+  val i = c.incr
+  val d = c.decr
+  par(i, d) // error: separation failure
+

tests/neg-custom-args/captures/sep-pairs-unboxed.check

@@ -68,17 +68,17 @@
    |          ^² refers to a fresh root capability classified as Mutable in the type of value snd
    |          ^³ refers to a fresh root capability in the type of value two
    |          ^⁴ refers to a fresh root capability created in value twisted when checking argument to parameter x of method swapped
--- Error: tests/neg-custom-args/captures/sep-pairs-unboxed.scala:58:22 -------------------------------------------------
+-- Error: tests/neg-custom-args/captures/sep-pairs-unboxed.scala:58:26 -------------------------------------------------
 58 |  val twoOther = Pair(two.fst, two.snd)  // error // error
-   |                      ^^^
+   |                      ^^^^^^^
    |                      Separation failure: Illegal access to {two.fst} which is hidden by the previous definition
    |                      of value twoCopy with type Pair^.
    |                      This type hides capabilities  {two.fst, two.snd}
    |
    |                      where:    ^ refers to a fresh root capability in the type of value twoCopy
--- Error: tests/neg-custom-args/captures/sep-pairs-unboxed.scala:58:31 -------------------------------------------------
+-- Error: tests/neg-custom-args/captures/sep-pairs-unboxed.scala:58:35 -------------------------------------------------
 58 |  val twoOther = Pair(two.fst, two.snd)  // error // error
-   |                               ^^^
+   |                               ^^^^^^^
    |                      Separation failure: Illegal access to {two.snd} which is hidden by the previous definition
    |                      of value twoCopy with type Pair^.
    |                      This type hides capabilities  {two.fst, two.snd}