Treat exceptions as capabilities

 1. Make CanThrow a @capability class
 2. Fix pure arrow handling in parser
 3. Avoid misleading type mismatch message
 4. Make map and filter conserve Const capturesets if there's no change
 5. Expand $throws clauses to context function types
 6. Exempt compiletime.erasedValue for "no '*'" checks
 7. Capability escape checking for try

Author: odersky

Diff for: compiler/src/dotty/tools/dotc/cc/CaptureSet.scala

@@ -173,7 +173,10 @@ sealed abstract class CaptureSet extends Showable:
     this -- ref.singletonCaptureSet
 
   def filter(p: CaptureRef => Boolean)(using Context): CaptureSet =
-    if this.isConst then Const(elems.filter(p))
+    if this.isConst then
+      val elems1 = elems.filter(p)
+      if elems1 == elems then this
+      else Const(elems.filter(p))
     else Filtered(asVar, p)
 
   /** capture set obtained by applying `f` to all elements of the current capture set
@@ -183,11 +186,15 @@ sealed abstract class CaptureSet extends Showable:
   def map(tm: TypeMap)(using Context): CaptureSet = tm match
     case tm: BiTypeMap =>
       val mappedElems = elems.map(tm.forward)
-      if isConst then Const(mappedElems)
+      if isConst then
+        if mappedElems == elems then this
+        else Const(mappedElems)
       else BiMapped(asVar, tm, mappedElems)
     case _ =>
       val mapped = mapRefs(elems, tm, tm.variance)
-      if isConst then mapped
+      if isConst then
+        if mapped.isConst && mapped.elems == elems then this
+        else mapped
       else Mapped(asVar, tm, tm.variance, mapped)
 
   def substParams(tl: BindingType, to: List[Type])(using Context) =

Diff for: compiler/src/dotty/tools/dotc/cc/CapturingType.scala

@@ -29,7 +29,7 @@ end CapturingType
 
 /** An extractor for types that will be capturing types at phase CheckCaptures. Also
  *  included are types that indicate captures on enclosing call-by-name parameters
- *  before phase ElimByName
+ *  before phase ElimByName.
  */
 object EventuallyCapturingType:
 

Diff for: compiler/src/dotty/tools/dotc/cc/Setup.scala

@@ -44,6 +44,29 @@ extends tpd.TreeTraverser:
         case _ =>
       traverseChildren(t)
 
+  /** Expand some aliases of function types to the underlying functions.
+   *  Right now, these are only $throws aliases, but this could be generalized.
+   */
+  def expandInlineAlias(tp: Type)(using Context) = tp match
+    case AppliedType(tycon, res :: exc :: Nil) if tycon.typeSymbol == defn.throwsAlias =>
+      // hard-coded expansion since $throws aliases in stdlib are defined with `?=>` rather than `?->`
+      defn.FunctionOf(defn.CanThrowClass.typeRef.appliedTo(exc) :: Nil, res, isContextual = true, isErased = true)
+    case _ => tp
+
+  private def expandInlineAliases(using Context) = new TypeMap:
+    def apply(t: Type) = t match
+      case _: AppliedType =>
+        val t1 = expandInlineAlias(t)
+        if t1 ne t then apply(t1) else mapOver(t)
+      case _: LazyRef =>
+        t
+      case t @ AnnotatedType(t1, ann) =>
+        // Don't map capture sets, since that would implicitly normalize sets that
+        // are not well-formed.
+        t.derivedAnnotatedType(apply(t1), ann)
+      case _ =>
+        mapOver(t)
+
   /** Perform the following transformation steps everywhere in a type:
     *  1. Drop retains annotations
     *  2. Turn plain function types into dependent function types, so that
@@ -143,7 +166,8 @@ extends tpd.TreeTraverser:
       try ts.mapConserve(this) finally isTopLevel = saved
 
     def apply(t: Type) =
-      val t1 = t match
+      val tp = expandInlineAlias(t)
+      val tp1 = tp match
         case AnnotatedType(parent, annot) if annot.symbol == defn.RetainsAnnot =>
           apply(parent)
         case tp @ AppliedType(tycon, args) =>
@@ -172,8 +196,8 @@ extends tpd.TreeTraverser:
             paramInfos = tp.paramInfos.mapConserve(cleanup(_).bounds),
             resType = this(tp.resType))
         case _ =>
-          mapOver(t)
-      addVar(addCaptureRefinements(t1))
+          mapOver(tp)
+      addVar(addCaptureRefinements(tp1))
   end mapInferred
 
   private def expandAbbreviations(using Context) = new TypeMap:
@@ -232,8 +256,10 @@ extends tpd.TreeTraverser:
   private def transformExplicitType(tp: Type, boxed: Boolean)(using Context): Type =
     addBoxes.traverse(tp)
     if boxed then setBoxed(tp)
-    if ctx.settings.YccNoAbbrev.value then tp
-    else expandAbbreviations(tp)
+    val tp1 = expandInlineAliases(tp)
+    if tp1 ne tp then capt.println(i"expanded: $tp --> $tp1")
+    if ctx.settings.YccNoAbbrev.value then tp1
+    else expandAbbreviations(tp1)
 
   // Substitute parameter symbols in `from` to paramRefs in corresponding
   // method or poly types `to`. We use a single BiTypeMap to do everything.

Diff for: compiler/src/dotty/tools/dotc/parsing/Parsers.scala

@@ -426,7 +426,10 @@ object Parsers {
     /** Convert tree to formal parameter list
     */
     def convertToParams(tree: Tree): List[ValDef] =
-      val mods = if in.token == CTXARROW then Modifiers(Given) else EmptyModifiers
+      val mods =
+        if in.token == CTXARROW || in.isIdent(nme.PURECTXARROW)
+        then Modifiers(Given)
+        else EmptyModifiers
       tree match
         case Parens(t) =>
           convertToParam(t, mods) :: Nil
@@ -1511,7 +1514,7 @@ object Parsers {
                   commaSeparatedRest(t, funArgType)
             }
             accept(RPAREN)
-            if isValParamList || in.isArrow then
+            if isValParamList || in.isArrow || in.isPureArrow then
               functionRest(ts)
             else {
               val ts1 = ts.mapConserve { t =>

Diff for: compiler/src/dotty/tools/dotc/parsing/Scanners.scala

@@ -88,6 +88,9 @@ object Scanners {
 
     def isArrow =
       token == ARROW || token == CTXARROW
+
+    def isPureArrow =
+      isIdent(nme.PUREARROW) || isIdent(nme.PURECTXARROW)
   }
 
   abstract class ScannerCommon(source: SourceFile)(using Context) extends CharArrayReader with TokenData {

Diff for: compiler/src/dotty/tools/dotc/transform/Recheck.scala

@@ -337,7 +337,9 @@ abstract class Recheck extends Phase, IdentityDenotTransformer:
 
     def recheckFinish(tpe: Type, tree: Tree, pt: Type)(using Context): Type =
       checkConforms(tpe, pt, tree)
-      if keepTypes then tree.rememberType(tpe)
+      if keepTypes
+        || tree.isInstanceOf[Try]  // type needs tp be checked for * escapes
+      then tree.rememberType(tpe)
       tpe
 
     def recheck(tree: Tree, pt: Type = WildcardType)(using Context): Type =
@@ -363,6 +365,7 @@ abstract class Recheck extends Phase, IdentityDenotTransformer:
           || expected.isRepeatedParam
              && actual <:< expected.translateFromRepeated(toArray = tree.tpe.isRef(defn.ArrayClass))
         if !isCompatible then
+          recheckr.println(i"conforms failed for ${tree}: $tpe vs $expected")
           err.typeMismatch(tree.withType(tpe), expected)
         else if debugSuccesses then
           tree match

Diff for: compiler/src/dotty/tools/dotc/typer/CheckCaptures.scala

@@ -16,6 +16,7 @@ import transform.Recheck
 import Recheck.*
 import scala.collection.mutable
 import CaptureSet.withCaptureSetsExplained
+import reporting.trace
 
 object CheckCaptures:
   import ast.tpd.*
@@ -75,7 +76,15 @@ object CheckCaptures:
       if remaining.accountsFor(firstRef) then
         report.warning(em"redundant capture: $remaining already accounts for $firstRef", ann.srcPos)
 
-  private inline val disallowGlobal = true
+  /** Does this function allow type arguments carrying the universal capability?
+   *  Currently this is true only for `erasedValue` since this function is magic in
+   *  that is allows to conjure global capabilies from nothing (aside: can we find a
+   *  more controlled way to achieve this?).
+   *  But it could be generalized to other functions that so that they can take capability
+   *  classes as arguments.
+   */
+  private def allowUniversalArguments(fn: Tree)(using Context): Boolean =
+    fn.symbol == defn.Compiletime_erasedValue
 
 class CheckCaptures extends Recheck:
   thisPhase =>
@@ -305,13 +314,13 @@ class CheckCaptures extends Recheck:
         .traverse(ctx.compilationUnit.tpdTree)
       withCaptureSetsExplained {
         super.checkUnit(unit)
-        PostRefinerCheck.traverse(unit.tpdTree)
+        PostCheck.traverse(unit.tpdTree)
         if ctx.settings.YccDebug.value then
           show(unit.tpdTree) // this dows not print tree, but makes its variables visible for dependency printing
       }
 
-    def checkNotGlobal(tree: Tree, tp: Type, allArgs: Tree*)(using Context): Unit =
-      for ref <-tp.captureSet.elems do
+    def checkNotGlobal(tree: Tree, tp: Type, isVar: Boolean, allArgs: Tree*)(using Context): Unit =
+      for ref <- tp.captureSet.elems do
         val isGlobal = ref match
           case ref: TermRef => ref.isRootCapability
           case _ => false
@@ -320,7 +329,7 @@ class CheckCaptures extends Recheck:
           val notAllowed = i" is not allowed to capture the $what capability $ref"
           def msg =
             if allArgs.isEmpty then
-              i"type of mutable variable ${tree.knownType}$notAllowed"
+              i"${if isVar then "type of mutable variable" else "result type"} ${tree.knownType}$notAllowed"
             else tree match
               case tree: InferredTypeTree =>
                 i"""inferred type argument ${tree.knownType}$notAllowed
@@ -330,12 +339,11 @@ class CheckCaptures extends Recheck:
           report.error(msg, tree.srcPos)
 
     def checkNotGlobal(tree: Tree, allArgs: Tree*)(using Context): Unit =
-      if disallowGlobal then
-        tree match
-          case LambdaTypeTree(_, restpt) =>
-            checkNotGlobal(restpt, allArgs*)
-          case _ =>
-            checkNotGlobal(tree, tree.knownType, allArgs*)
+      tree match
+        case LambdaTypeTree(_, restpt) =>
+          checkNotGlobal(restpt, allArgs*)
+        case _ =>
+          checkNotGlobal(tree, tree.knownType, isVar = false, allArgs*)
 
     def checkNotGlobalDeep(tree: Tree)(using Context): Unit =
       val checker = new TypeTraverser:
@@ -346,12 +354,12 @@ class CheckCaptures extends Recheck:
               case _ =>
           case tp: TermRef =>
           case _ =>
-            checkNotGlobal(tree, tp)
+            checkNotGlobal(tree, tp, isVar = true)
             traverseChildren(tp)
       checker.traverse(tree.knownType)
 
-    object PostRefinerCheck extends TreeTraverser:
-      def traverse(tree: Tree)(using Context) =
+    object PostCheck extends TreeTraverser:
+      def traverse(tree: Tree)(using Context) = trace{i"post check $tree"} {
         tree match
           case _: InferredTypeTree =>
           case tree: TypeTree if !tree.span.isZeroExtent =>
@@ -362,7 +370,7 @@ class CheckCaptures extends Recheck:
                 checkWellformedPost(annot.tree)
               case _ =>
             }
-          case tree1 @ TypeApply(fn, args) if disallowGlobal =>
+          case tree1 @ TypeApply(fn, args) if !allowUniversalArguments(fn) =>
             for arg <- args do
               //println(i"checking $arg in $tree: ${tree.knownType.captureSet}")
               checkNotGlobal(arg, args*)
@@ -390,11 +398,14 @@ class CheckCaptures extends Recheck:
               inferred.foreachPart(checkPure, StopAt.Static)
           case t: ValDef if t.symbol.is(Mutable) =>
             checkNotGlobalDeep(t.tpt)
+          case t: Try =>
+            checkNotGlobal(t)
           case _ =>
         traverseChildren(tree)
+      }
 
-    def postRefinerCheck(tree: tpd.Tree)(using Context): Unit =
-      PostRefinerCheck.traverse(tree)
+    def postCheck(tree: tpd.Tree)(using Context): Unit =
+      PostCheck.traverse(tree)
 
   end CaptureChecker
 end CheckCaptures

Diff for: compiler/src/dotty/tools/dotc/typer/ErrorReporting.scala

@@ -125,13 +125,25 @@ object ErrorReporting {
     def typeMismatch(tree: Tree, pt: Type, implicitFailure: SearchFailureType = NoMatchingImplicits): Tree = {
       val normTp = normalize(tree.tpe, pt)
       val normPt = normalize(pt, pt)
+      
+      def contextFunctionCount(tp: Type): Int = tp.stripped match
+        case defn.ContextFunctionType(_, restp, _) => 1 + contextFunctionCount(restp)
+        case _ => 0
+      def strippedTpCount = contextFunctionCount(tree.tpe) - contextFunctionCount(normTp)
+      def strippedPtCount = contextFunctionCount(pt) - contextFunctionCount(normPt)
+      
       val (treeTp, expectedTp) =
-        if (normTp <:< normPt) (tree.tpe, pt) else (normTp, normPt)
-        // use normalized types if that also shows an error, original types otherwise
+        if normTp <:< normPt || strippedTpCount != strippedPtCount
+        then (tree.tpe, pt)
+        else (normTp, normPt)
+        // use normalized types if that also shows an error, and both sides stripped
+        // the same number of context functions. Use original types otherwise.
+        
       def missingElse = tree match
         case If(_, _, elsep @ Literal(Constant(()))) if elsep.span.isSynthetic =>
           "\nMaybe you are missing an else part for the conditional?"
         case _ => ""
+        
       errorTree(tree, TypeMismatch(treeTp, expectedTp, Some(tree), implicitFailure.whyNoConversion, missingElse))
     }
 

Diff for: compiler/src/dotty/tools/dotc/typer/Typer.scala

@@ -2412,7 +2412,7 @@ class Typer(@constructorOnly nestingLevel: Int = 0) extends Namer
       //todo: make sure dependent method types do not depend on implicits or by-name params
   }
 
-  /** (1) Check that the signature of the class mamber does not return a repeated parameter type
+  /** (1) Check that the signature of the class member does not return a repeated parameter type
    *  (2) If info is an erased class, set erased flag of member
    */
   private def postProcessInfo(sym: Symbol)(using Context): Unit =

Diff for: compiler/src/dotty/tools/dotc/util/SimpleIdentitySet.scala

@@ -38,6 +38,10 @@ abstract class SimpleIdentitySet[+Elem <: AnyRef] {
       ((SimpleIdentitySet.empty: SimpleIdentitySet[E]) /: this) { (s, x) =>
         if (that.contains(x)) s else s + x
       }
+
+  def == [E >: Elem <: AnyRef](that: SimpleIdentitySet[E]): Boolean =
+    this.size == that.size && forall(that.contains)
+
   override def toString: String = toList.mkString("{", ", ", "}")
 }
 

Diff for: library/src/scala/CanThrow.scala

@@ -1,12 +1,12 @@
 package scala
 import language.experimental.erasedDefinitions
-import annotation.{implicitNotFound, experimental}
+import annotation.{implicitNotFound, experimental, capability}
 
 /** A capability class that allows to throw exception `E`. When used with the
  *  experimental.saferExceptions feature, a `throw Ex()` expression will require
  *  a given of class `CanThrow[Ex]` to be available.
  */
-@experimental
+@experimental @capability
 @implicitNotFound("The capability to throw exception ${E} is missing.\nThe capability can be provided by one of the following:\n - Adding a using clause `(using CanThrow[${E}])` to the definition of the enclosing method\n - Adding `throws ${E}` clause after the result type of the enclosing method\n - Wrapping this piece of code with a `try` block that catches ${E}")
 erased class CanThrow[-E <: Exception]
 

Diff for: tests/neg-custom-args/captures/real-try.check

@@ -0,0 +1,8 @@
+-- Error: tests/neg-custom-args/captures/real-try.scala:10:2 -----------------------------------------------------------
+10 |  try  // error
+   |  ^
+   |  result type {*} () -> Unit is not allowed to capture the universal capability *.type
+11 |    () => foo(1)
+12 |  catch
+13 |    case _: Ex1 => ???
+14 |    case _: Ex2 => ???

Diff for: tests/neg-custom-args/captures/real-try.scala

@@ -0,0 +1,14 @@
+import language.experimental.saferExceptions
+
+class Ex1 extends Exception("Ex1")
+class Ex2 extends Exception("Ex2")
+
+def foo(i: Int): (CanThrow[Ex1], CanThrow[Ex2]) ?-> Unit =
+  if i > 0 then throw new Ex1 else throw new Ex2
+
+def test() =
+  try  // error
+    () => foo(1)
+  catch
+    case _: Ex1 => ???
+    case _: Ex2 => ???