Fix various issues with maximal capabilities

The subsumes check mistakenly allowed any capability to subsume `cap`, since `cap` is expanded
as `caps.cap`, and by the path subcapturing rule `caps.cap <: caps`, where the capture set of
`caps` is empty. This allowed quite a few hidden errors to go through. This commit fixes the
subcapturing issue and all downstream issues caused by that fix.

In particular:

 - Don't use path comparison for `x subsumes caps.cap`

 - Don't allow an opened existential on the left of a comparison to leak into a capture set on
   the right. This would give a "leak" error later in healCaptures.

 - Print pre-cc annotated capturing types with @retains annotations with `^`. The annotation is
   already rendered as a set in this case, but the `^` was missing.

 - Don't recheck `_` right hand sides of uninitialized variables. These were handled in ways
   that broke freshness checking. The new `uninitialied` scheme does not have this problem.

Author: odersky

compiler/src/dotty/tools/dotc/cc/CaptureOps.scala

@@ -46,6 +46,7 @@ object ccConfig:
    */
   def useSealed(using Context) =
     Feature.sourceVersion.stable != SourceVersion.`3.5`
+
 end ccConfig
 
 
@@ -629,6 +630,19 @@ class CleanupRetains(using Context) extends TypeMap:
         RetainingType(tp, Nil, byName = annot.symbol == defn.RetainsByNameAnnot)
       case _ => mapOver(tp)
 
+/** A typemap that follows aliases and keeps their transformed results if
+ *  there is a change.
+ */
+trait FollowAliasesMap(using Context) extends TypeMap:
+  var follow = true    // Used for debugging so that we can compare results with and w/o following.
+  def mapFollowingAliases(t: Type): Type =
+    val t1 = t.dealiasKeepAnnots
+    if follow && (t1 ne t) then
+      val t2 = apply(t1)
+      if t2 ne t1 then t2
+      else t
+    else mapOver(t)
+
 /** An extractor for `caps.reachCapability(ref)`, which is used to express a reach
  *  capability as a tree in a @retains annotation.
  */

compiler/src/dotty/tools/dotc/cc/CaptureRef.scala

@@ -83,7 +83,7 @@ trait CaptureRef extends TypeProxy, ValueType:
     else
       myCaptureSet = CaptureSet.Pending
       val computed = CaptureSet.ofInfo(this)
-      if !isCaptureChecking || underlying.isProvisional then
+      if !isCaptureChecking || ctx.mode.is(Mode.IgnoreCaptures) || underlying.isProvisional then
         myCaptureSet = null
       else
         myCaptureSet = computed
@@ -124,7 +124,7 @@ trait CaptureRef extends TypeProxy, ValueType:
     (this eq y)
     || this.isRootCapability
     || y.match
-        case y: TermRef =>
+        case y: TermRef if !y.isRootCapability =>
             y.prefix.match
               case ypre: CaptureRef =>
                 this.subsumes(ypre)

compiler/src/dotty/tools/dotc/cc/CaptureSet.scala

@@ -508,8 +508,13 @@ object CaptureSet:
           res.addToTrace(this)
 
     private def levelOK(elem: CaptureRef)(using Context): Boolean =
-      if elem.isRootCapability || Existential.isExistentialVar(elem) then
+      if elem.isRootCapability then
         !noUniversal
+      else if Existential.isExistentialVar(elem) then
+        !noUniversal
+        && !TypeComparer.isOpenedExistential(elem)
+          // Opened existentials on the left cannot be added to nested capture sets on the right
+          // of a comparison. Test case is open-existential.scala.
       else elem match
         case elem: TermRef if level.isDefined =>
           elem.prefix match
@@ -1065,13 +1070,12 @@ object CaptureSet:
 
   /** The capture set of the type underlying CaptureRef */
   def ofInfo(ref: CaptureRef)(using Context): CaptureSet = ref match
-    case ref: (TermRef | TermParamRef) if ref.isMaxCapability =>
-      if ref.isTrackableRef then ref.singletonCaptureSet
-      else CaptureSet.universal
     case ReachCapability(ref1) =>
       ref1.widen.deepCaptureSet(includeTypevars = true)
         .showing(i"Deep capture set of $ref: ${ref1.widen} = ${result}", capt)
-    case _ => ofType(ref.underlying, followResult = true)
+    case _ =>
+      if ref.isMaxCapability then ref.singletonCaptureSet
+      else ofType(ref.underlying, followResult = true)
 
   /** Capture set of a type */
   def ofType(tp: Type, followResult: Boolean)(using Context): CaptureSet =

compiler/src/dotty/tools/dotc/cc/Setup.scala

@@ -13,7 +13,7 @@ import ast.tpd, tpd.*
 import transform.{PreRecheck, Recheck}, Recheck.*
 import CaptureSet.{IdentityCaptRefMap, IdempotentCaptRefMap}
 import Synthetics.isExcluded
-import util.{Property, SimpleIdentitySet}
+import util.SimpleIdentitySet
 import reporting.Message
 import printing.{Printer, Texts}, Texts.{Text, Str}
 import collection.mutable
@@ -40,7 +40,7 @@ trait SetupAPI:
 
 object Setup:
 
-  val name: String = "ccSetup"
+  val name: String = "setupCC"
   val description: String = "prepare compilation unit for capture checking"
 
   /** Recognizer for `res $throws exc`, returning `(res, exc)` in case of success */
@@ -192,11 +192,12 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
     *  3. Refine other class types C by adding capture set variables to their parameter getters
     *     (see addCaptureRefinements), provided `refine` is true.
     *  4. Add capture set variables to all types that can be tracked
+    *  5. Perform normalizeCaptures
     *
     *  Polytype bounds are only cleaned using step 1, but not otherwise transformed.
     */
   private def transformInferredType(tp: Type)(using Context): Type =
-    def mapInferred(refine: Boolean): TypeMap = new TypeMap:
+    def mapInferred(refine: Boolean): TypeMap = new TypeMap with FollowAliasesMap:
       override def toString = "map inferred"
 
       /** Refine a possibly applied class type C where the class has tracked parameters
@@ -299,9 +300,10 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
    *   3. Add universal capture sets to types deriving from Capability
    *   4. Map `cap` in function result types to existentially bound variables.
    *   5. Schedule deferred well-formed tests for types with retains annotations.
+   *  6. Perform normalizeCaptures
    */
   private def transformExplicitType(tp: Type, tptToCheck: Tree = EmptyTree)(using Context): Type =
-    val toCapturing = new DeepTypeMap:
+    val toCapturing = new DeepTypeMap with FollowAliasesMap:
       override def toString = "expand aliases"
 
       /** Expand $throws aliases. This is hard-coded here since $throws aliases in stdlib
@@ -337,7 +339,6 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
         case tp @ CapturingType(parent, refs)
         if (refs eq defn.universalCSImpliedByCapability) && !tp.isBoxedCapturing =>
           parent
-        case tp @ CapturingType(parent, refs) => tp
         case _ => tp
 
       def apply(t: Type) =
@@ -819,7 +820,8 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
       CapturingType(OrType(parent1, tp2, tp.isSoft), refs1, tp1.isBoxed)
     case tp @ OrType(tp1, tp2 @ CapturingType(parent2, refs2)) =>
       CapturingType(OrType(tp1, parent2, tp.isSoft), refs2, tp2.isBoxed)
-    case tp @ AppliedType(tycon, args) if !defn.isFunctionClass(tp.dealias.typeSymbol) =>
+    case tp @ AppliedType(tycon, args)
+    if !defn.isFunctionClass(tp.dealias.typeSymbol) =>
       tp.derivedAppliedType(tycon, args.mapConserve(box))
     case tp: RealTypeBounds =>
       tp.derivedTypeBounds(tp.lo, box(tp.hi))

compiler/src/dotty/tools/dotc/core/TypeComparer.scala

@@ -2845,6 +2845,9 @@ class TypeComparer(@constructorOnly initctx: Context) extends ConstraintHandling
         false
     Existential.isExistentialVar(tp1) && canInstantiateWith(assocExistentials)
 
+  def isOpenedExistential(ref: CaptureRef)(using Context): Boolean =
+    openedExistentials.contains(ref)
+
   /** bi-map taking existentials to the left of a comparison to matching
    *  existentials on the right. This is not a bijection. However
    *  we have `forwards(backwards(bv)) == bv` for an existentially bound `bv`.
@@ -3476,6 +3479,9 @@ object TypeComparer {
 
   def subsumesExistentially(tp1: TermParamRef, tp2: CaptureRef)(using Context) =
     comparing(_.subsumesExistentially(tp1, tp2))
+
+  def isOpenedExistential(ref: CaptureRef)(using Context) =
+    comparing(_.isOpenedExistential(ref))
 }
 
 object MatchReducer:

compiler/src/dotty/tools/dotc/printing/PlainPrinter.scala

@@ -15,7 +15,7 @@ import util.SourcePosition
 import scala.util.control.NonFatal
 import scala.annotation.switch
 import config.{Config, Feature}
-import cc.{CapturingType, RetainingType, CaptureSet, ReachCapability, MaybeCapability, isBoxed, retainedElems, isRetainsLike}
+import cc.*
 
 class PlainPrinter(_ctx: Context) extends Printer {
 
@@ -297,7 +297,10 @@ class PlainPrinter(_ctx: Context) extends Printer {
         else if (annot.symbol == defn.IntoAnnot || annot.symbol == defn.IntoParamAnnot)
             && !printDebug
         then atPrec(GlobalPrec)( Str("into ") ~ toText(tpe) )
-        else toTextLocal(tpe) ~ " " ~ toText(annot)
+        else if annot.isInstanceOf[CaptureAnnotation] then
+          toTextLocal(tpe) ~ "^" ~ toText(annot)
+        else
+          toTextLocal(tpe) ~ " " ~ toText(annot)
       case FlexibleType(_, tpe) =>
         "(" ~ toText(tpe) ~ ")?"
       case tp: TypeVar =>

compiler/src/dotty/tools/dotc/transform/Recheck.scala

@@ -255,7 +255,10 @@ abstract class Recheck extends Phase, SymTransformer:
 
     def recheckValDef(tree: ValDef, sym: Symbol)(using Context): Type =
       val resType = recheck(tree.tpt)
-      if tree.rhs.isEmpty then resType
+      def isUninitWildcard = tree.rhs match
+        case Ident(nme.WILDCARD) => tree.symbol.is(Mutable)
+        case _ => false
+      if tree.rhs.isEmpty || isUninitWildcard then resType
       else recheck(tree.rhs, resType)
 
     def recheckDefDef(tree: DefDef, sym: Symbol)(using Context): Type =

tests/neg-custom-args/captures/box-adapt-cases.check

@@ -0,0 +1,14 @@
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/box-adapt-cases.scala:14:4 -------------------------------
+14 |  x(cap => cap.use())  // error
+   |    ^^^^^^^^^^^^^^^^
+   |    Found:    (cap: box Cap^?) ->{io} Int
+   |    Required: (cap: box Cap^{io}) -> Int
+   |
+   | longer explanation available when compiling with `-explain`
+-- [E007] Type Mismatch Error: tests/neg-custom-args/captures/box-adapt-cases.scala:28:4 -------------------------------
+28 |  x(cap => cap.use())  // error
+   |    ^^^^^^^^^^^^^^^^
+   |    Found:    (cap: box Cap^?) ->{io, fs} Int
+   |    Required: (cap: box Cap^{io, fs}) ->{io} Int
+   |
+   | longer explanation available when compiling with `-explain`

tests/pos-custom-args/captures/boxmap-paper.scala

@@ -1,7 +1,13 @@
 
-type Cell[+T] = [K] -> (T => K) -> K
+type Cell_orig[+T] = [K] -> (T => K) -> K
 
-def cell[T](x: T): Cell[T] =
+def cell_orig[T](x: T): Cell_orig[T] =
+  [K] => (k: T => K) => k(x)
+
+class Cell[+T](val value: [K] -> (T => K) -> K):
+  def apply[K]: (T => K) -> K = value[K]
+
+def cell[T](x: T): Cell[T] = Cell:
   [K] => (k: T => K) => k(x)
 
 def get[T](c: Cell[T]): T = c[T](identity)
@@ -22,6 +28,10 @@ def test(io: IO^) =
 
   val loggedOne: () ->{io} Int = () => { io.print("1"); 1 }
 
+  // We have a leakage of io because type arguments to alias type `Cell` are not boxed.
+  val c_orig: Cell[() ->{io} Int]^{io}
+      = cell[() ->{io} Int](loggedOne)
+
   val c: Cell[() ->{io} Int]
       = cell[() ->{io} Int](loggedOne)
 

tests/pos-custom-args/captures/cc-cast.scala

@@ -0,0 +1,12 @@
+import annotation.unchecked.uncheckedCaptures
+import compiletime.uninitialized
+
+def foo(x: Int => Int) = ()
+
+
+object Test:
+  def test(x: Object) =
+    foo(x.asInstanceOf[Int => Int])
+
+  @uncheckedCaptures var x1: Object^ = uninitialized
+  @uncheckedCaptures var x2: Object^ = _

tests/pos/cc-ex-unpack.scala renamed to tests/pos-custom-args/captures/ex-fun-aliases.scala.disabled

@@ -11,8 +11,12 @@ type EX3 = () -> (c: Exists) -> () -> C^{c}
 
 type EX4 = () -> () -> (c: Exists) -> C^{c}
 
+type FUN1 = (c: C^) ->  (C^{c}, C^{c})
+
 def Test =
   def f =
     val ex1: EX1 = ???
     val c1 = ex1
+    val fun1: FUN1 = c => (c, c)
+    val fun2 = fun1
     c1

tests/pos-custom-args/captures/i20237-explicit.scala

@@ -0,0 +1,15 @@
+import language.experimental.captureChecking
+
+class Cap extends caps.Capability:
+  def use[T](body: Cap => T) = body(this)
+
+class Box[T](body: Cap => T):
+  def open(cap: Cap) = cap.use(body)
+
+object Box:
+  def make[T](body: Cap => T)(cap: Cap): Box[T]^{body} = Box(x => body(x))
+
+def main =
+  val givenCap: Cap = new Cap
+  val xx: Cap => Int = y => 1
+  val box = Box.make[Int](xx)(givenCap).open

tests/pos/i20237.scala renamed to tests/pos-custom-args/captures/i20237.scala

@@ -0,0 +1,15 @@
+trait Async extends caps.Capability
+
+class Future[+T](x: () => T)(using val a: Async)
+
+class Collector[T](val futs: Seq[Future[T]^]):
+  def add(fut: Future[T]^{futs*}) = ???
+
+def main() =
+  given async: Async = ???
+  val futs = (1 to 20).map(x => Future(() => x))
+  val col = Collector(futs)
+  val col1: Collector[Int] { val futs: Seq[Future[Int]^{async}] }
+    = Collector(futs)
+
+