Handle reach capabilities correctly in markFree

The correct point to address charging reach capabilities is in markFree itself:
When a reach capability goes out of scope, and that capability is not a parameter,
we need to continue with the underlying capture set. With this fix, we don't need
any special provisions to compute deep capture sets anymore.

Author: odersky

compiler/src/dotty/tools/dotc/cc/CaptureOps.scala

@@ -226,20 +226,15 @@ extension (tp: Type)
    *  covariant capture sets embedded in the widened type, as computed by
    *  `CaptureSet.ofTypeDeeply`. If that set is nonempty, and the type is
    *  a singleton capability `x` or a reach capability `x*`, the deep capture
-   *  set can be narrowed to`{x*}`. However, A deep capture set should not be
-   *  narrowed to a reach capability `x*` if there are elements in the underlying
-   *  set that live longer than `x`. See `delayedRunops.scala` for a test case.
+   *  set can be narrowed to`{x*}`.
    */
   def deepCaptureSet(using Context): CaptureSet =
     val dcs = CaptureSet.ofTypeDeeply(tp.widen.stripCapturing)
-    def reachCanSubsumDcs =
-      dcs.isUniversal
-      || dcs.elems.forall(c => c.pathOwner.isContainedIn(tp.pathOwner))
     if dcs.isAlwaysEmpty then tp.captureSet
     else tp match
-      case tp @ ReachCapability(_) if reachCanSubsumDcs =>
+      case tp @ ReachCapability(_) =>
         tp.singletonCaptureSet
-      case tp: SingletonCaptureRef if tp.isTrackableRef && reachCanSubsumDcs =>
+      case tp: SingletonCaptureRef if tp.isTrackableRef =>
         tp.reach.singletonCaptureSet
       case _ =>
         tp.captureSet ++ dcs
@@ -297,6 +292,13 @@ extension (tp: Type)
     case tp1: ThisType => tp1.cls
     case _ => NoSymbol
 
+  final def isParamPath(using Context): Boolean = tp.dealias match
+    case tp1: NamedType =>
+      tp1.prefix match
+        case _: ThisType | NoPrefix => tp1.symbol.isOneOf(Param | ParamAccessor)
+        case prefix => prefix.isParamPath
+    case _ => false
+
   /** If this is a unboxed capturing type with nonempty capture set, its boxed version.
    *  Or, if type is a TypeBounds of capturing types, the version where the bounds are boxed.
    *  The identity for all other types.

compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala

@@ -328,20 +328,22 @@ class CheckCaptures extends Recheck, SymTransformer:
         then CaptureSet.Var(sym.owner, level = sym.ccLevel)
         else CaptureSet.empty)
 
-    /** For all nested environments up to `limit` or a closed environment perform `op`,
-     *  but skip environmenrts directly enclosing environments of kind ClosureResult.
+    /** The next environment enclosing `env` that needs to be charged
+     *  with free references.
+     *  Skips environments directly enclosing environments of kind ClosureResult.
+     *  @param included Whether an environment is included in the range of
+     *                  environments to charge. Once `included` is false, no
+     *                  more environments need to be charged.
      */
-    def forallOuterEnvsUpTo(limit: Symbol)(op: Env => Unit)(using Context): Unit =
-      def recur(env: Env, skip: Boolean): Unit =
-        if env.isOpen && env.owner != limit then
-          if !skip then op(env)
-          if !env.isOutermost then
-            var nextEnv = env.outer
-            if env.owner.isConstructor then
-              if nextEnv.owner != limit && !nextEnv.isOutermost then
-                nextEnv = nextEnv.outer
-            recur(nextEnv, skip = env.kind == EnvKind.ClosureResult)
-      recur(curEnv, skip = false)
+    def nextEnvToCharge(env: Env, included: Env => Boolean)(using Context): Env =
+      var nextEnv = env.outer
+      if env.owner.isConstructor then
+        if included(nextEnv) then nextEnv = nextEnv.outer
+      if env.kind == EnvKind.ClosureResult then
+        // skip this one
+        nextEnvToCharge(nextEnv, included)
+      else
+        nextEnv
 
     /** A description where this environment comes from */
     private def provenance(env: Env)(using Context): String =
@@ -355,7 +357,6 @@ class CheckCaptures extends Recheck, SymTransformer:
       else
         i"\nof the enclosing ${owner.showLocated}"
 
-
     /** Include `sym` in the capture sets of all enclosing environments nested in the
      *  the environment in which `sym` is defined.
      */
@@ -364,9 +365,12 @@ class CheckCaptures extends Recheck, SymTransformer:
 
     def markFree(sym: Symbol, ref: TermRef, pos: SrcPos)(using Context): Unit =
       if sym.exists && ref.isTracked then
-        forallOuterEnvsUpTo(sym.enclosure): env =>
-          capt.println(i"Mark $sym with cs ${ref.captureSet} free in ${env.owner}")
-          checkElem(ref, env.captured, pos, provenance(env))
+        def recur(env: Env): Unit =
+          if env.isOpen && env.owner != sym.enclosure then
+            capt.println(i"Mark $sym with cs ${ref.captureSet} free in ${env.owner}")
+            checkElem(ref, env.captured, pos, provenance(env))
+            recur(nextEnvToCharge(env, _.owner != sym.enclosure))
+        recur(curEnv)
 
     /** Make sure (projected) `cs` is a subset of the capture sets of all enclosing
      *  environments. At each stage, only include references from `cs` that are outside
@@ -381,20 +385,30 @@ class CheckCaptures extends Recheck, SymTransformer:
         else
           !sym.isContainedIn(env.owner)
 
-      def checkSubsetEnv(cs: CaptureSet, env: Env)(using Context): Unit =
-        // Only captured references that are visible from the environment
-        // should be included.
-        val included = cs.filter: c =>
-          c.stripReach.pathRoot match
-            case ref: NamedType => isVisibleFromEnv(ref.symbol.owner, env)
-            case ref: ThisType => isVisibleFromEnv(ref.cls, env)
-            case _ => false
-        checkSubset(included, env.captured, pos, provenance(env))
-        capt.println(i"Include call or box capture $included from $cs in ${env.owner} --> ${env.captured}")
-
-      if !cs.isAlwaysEmpty then
-        forallOuterEnvsUpTo(ctx.owner.topLevelClass): env =>
-          checkSubsetEnv(cs, env)
+      def recur(cs: CaptureSet, env: Env)(using Context): Unit =
+        if env.isOpen && !env.owner.isStaticOwner && !cs.isAlwaysEmpty then
+          // Only captured references that are visible from the environment
+          // should be included.
+          val included = cs.filter: c =>
+            val isVisible = c.stripReach.pathRoot match
+              case ref: NamedType => isVisibleFromEnv(ref.symbol.owner, env)
+              case ref: ThisType => isVisibleFromEnv(ref.cls, env)
+              case _ => false
+            c match
+              case ReachCapability(c1) if !isVisible && !c1.isParamPath =>
+                // When a reach capabilty x* where `x` is not a parameter goes out
+                // of scope, we need to continue with `x`'s underlying deep capture set.
+                // The same is not an issue for normal capabilities since in a local
+                // definition `val x = e`, the capabilities of `e` have already been charged.
+                val underlying = CaptureSet.ofTypeDeeply(c1.widen)
+                capt.println(i"Widen reach $c to $underlying in ${env.owner}")
+                recur(underlying, env)
+              case _ =>
+            isVisible
+          checkSubset(included, env.captured, pos, provenance(env))
+          capt.println(i"Include call or box capture $included from $cs in ${env.owner} --> ${env.captured}")
+          recur(included, nextEnvToCharge(env, !_.owner.isStaticOwner))
+      recur(cs, curEnv)
     end markFree
 
     /** Include references captured by the called method in the current environment stack */

compiler/src/dotty/tools/dotc/cc/Setup.scala

@@ -751,7 +751,8 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
             report.warning(em"redundant capture: $dom already accounts for $ref", pos)
 
         if ref.captureSetOfInfo.elems.isEmpty && !ref.derivesFrom(defn.Caps_Capability) then
-          report.error(em"$ref cannot be tracked since its capture set is empty", pos)
+          val deepStr = if ref.isReach then " deep" else ""
+          report.error(em"$ref cannot be tracked since its$deepStr capture set is empty", pos)
         check(parent.captureSet, parent)
 
         val others =

tests/neg-custom-args/captures/delayedRunops.check

@@ -3,3 +3,13 @@
    |             ^^^^
    |             reference ops* is not included in the allowed capture set {}
    |             of an enclosing function literal with expected type () -> Unit
+-- Error: tests/neg-custom-args/captures/delayedRunops.scala:21:13 -----------------------------------------------------
+21 |      runOps(ops1)  // error
+   |             ^^^^
+   |             reference (caps.cap : caps.Capability) is not included in the allowed capture set {}
+   |             of an enclosing function literal with expected type () -> Unit
+-- Error: tests/neg-custom-args/captures/delayedRunops.scala:27:13 -----------------------------------------------------
+27 |      runOps(ops1)  // error
+   |             ^^^^
+   |             reference ops* is not included in the allowed capture set {}
+   |             of an enclosing function literal with expected type () -> Unit

tests/neg-custom-args/captures/delayedRunops.scala

@@ -13,3 +13,15 @@ import language.experimental.captureChecking
     () =>
       val ops1 = ops
       runOps(ops1)  // error
+
+  // unsound: impure operation pretended pure
+  def delayedRunOps2(ops: List[() => Unit]): () ->{} Unit =
+    () =>
+      val ops1: List[() => Unit] = ops
+      runOps(ops1)  // error
+
+  // unsound: impure operation pretended pure
+  def delayedRunOps3(ops: List[() => Unit]): () ->{} Unit =
+    () =>
+      val ops1: List[() ->{ops*} Unit] = ops
+      runOps(ops1)  // error

tests/neg-custom-args/captures/delayedRunops2.scala

@@ -47,8 +47,8 @@
 -- Error: tests/neg-custom-args/captures/reaches.scala:60:31 -----------------------------------------------------------
 60 |  val leaked = usingFile[File^{id*}]: f => // error
    |                               ^^^
-   |                               id* cannot be tracked since its capture set is empty
+   |                               id* cannot be tracked since its deep capture set is empty
 -- Error: tests/neg-custom-args/captures/reaches.scala:61:18 -----------------------------------------------------------
 61 |    val f1: File^{id*} = id(f) // error, since now id(f): File^ // error
    |                  ^^^
-   |                  id* cannot be tracked since its capture set is empty
+   |                  id* cannot be tracked since its deep capture set is empty

tests/neg-custom-args/captures/reaches.check

@@ -0,0 +1,4 @@
+-- Error: tests/neg-custom-args/captures/wf-reach-1.scala:2:17 ---------------------------------------------------------
+2 |  val y: Object^{x*} = ??? // error
+  |                 ^^
+  |                 x* cannot be tracked since its deep capture set is empty

tests/neg-custom-args/captures/wf-reach-1.check

@@ -0,0 +1,2 @@
+def test(x: List[() -> Unit]) =
+  val y: Object^{x*} = ??? // error

tests/neg-custom-args/captures/wf-reach-1.scala

@@ -27,8 +27,8 @@ def test(): Unit =
     t1.read()
 
   val xsLambda2 = () => useBoxedAsync2(xs)
-  val _: () ->{xs*} Unit = xsLambda
-  val _: () -> Unit = xsLambda // error
+  val _: () ->{xs*} Unit = xsLambda2
+  val _: () -> Unit = xsLambda2 // error
 
   val f: Box[Async^] => Unit = (x:  Box[Async^]) => useBoxedAsync(x)