Ban variables whose capability is unsound to alias

[jasoncarr0]

This PR introduces checks around variables and other unaliasing points, to reject programs which attempt to create variables whose capabilities are inherently unsound. The checks about comptability of intersections have been moved to this check after investigation of the origin, as it is not needed for soundness, but this can be reinstated in the original location if helpful for engineering purposes.

Fixes #3931

Some generic code may still produce unsoundness after instantiating, but this change is hopefully a step-forwarding to introducing the necessary constraints.

[SeanTAllen]

I don't really understand the usage of errorframe_append but it appears that the new code doesn't use it the same as the existing code.

[SeanTAllen]

I believe after reading the error closing for a while is that we are getting a fatal error like a segfault or something from some of the tests apparently perhaps when run in conjunction with others. It makes me think there's some memory clobbering or something going on.

[SeanTAllen]

Ok so StableTypeTest.EphemeralIsoParameter in my testing:

has a fatal error:

/home/sean/code/ponylang/ponyc/test/libponyc/util.cc:362: Failure
Expected equality of these values:
  (void*)__null
    Which is: NULL
  program
    Which is: 0x7ff5884b7d00
/home/sean/code/ponylang/ponyc/test/libponyc/stable_type.cc:186: Failure
Expected: test_error(src, "syntax") doesn't generate new fatal failures in the current thread.
  Actual: it does.

when I have it set to only go through the "syntax" path.

From this I conclude that the vast majority of the code in this PR "can't be at fault".

I don't know if the alias.c changes would impact if we go through syntax.
or the changes in cap.c
or the changes in viewpoint.c

So I'm left with a few possible conclusions given that the same code when compiled with ponyc works fine without a kaboom.

• This is somehow a weird interaction with other tests that arent part of the stable types suite.

It can't be internal to itself as I tried with only that test in the stable type tests.

• There's a bug in the changes in one of the 3 files above

But I don't think they impact at the syntax stage

• There's a bug in the test that we are triggering

• How we compile for the test harness is surfacing a bug that we don't get for ponyc

[SeanTAllen]

• This is somehow a weird interaction with other tests that arent part of the stable types suite.

It's not this as it still happens if it is THE ONLY test at all for libponyc.tests

[SeanTAllen]

This fails:

TEST_F(StableTypeTest, Foo)
{
  // parameters should reject even if never called
  const char* x =
    "interface Foo";

  DO(test_error(x, "syntax"));
}

So I'm horribly confused at this point. It fails by itself after make clean.

[SeanTAllen]

I started with a totally fresh new file in case "something weird in the file".

And I get this:

I have no idea how this could be the case and other tests work.

Given that the test is only "see if interface Foo compiles".

[SeanTAllen]

So the error we are getting back is...

i.e. we have a null ast after running

build_package(pass, src, _first_pkg_path, true, NULL, false);

because this goes boom

package = ast_child(program);

in

void PassTest::test_compile(const char* src, const char* pass)

[SeanTAllen]

Ok so test compile requires there to be a main actor. That explains some of that.

[SeanTAllen]

I think I know what might be going on.

This parameter code path isnt generating errors in the way expected.

[SeanTAllen]

Yup, issue confirmed look at the output when run with ponyc:

~/pony-scratch/stable-test ➜ /home/sean/code/ponylang/ponyc/build/debug/ponyc
Building builtin -> /home/sean/code/ponylang/ponyc/packages/builtin
Building . -> /home/sean/pony-scratch/stable-test
Generating
 Reachability
 Selector painting
 Data prototypes
 Data types
 Function prototypes
 Functions
 Descriptors
Optimising
Writing ./stable-test.o
Linking ./stable-test
Error:
/home/sean/pony-scratch/stable-test/main.pony:5:14: illegal type for parameter
  fun bad(a: A iso^) =>

We made it to link AND we reported an error. That means the error isnt reported correctly "as an error".

[SeanTAllen]

the return false here is the fix:

[SeanTAllen]

I need to do some stuff now, but Ill continue fixing up later and push changes.

[SeanTAllen]

Ok I have the tests passing.

[SeanTAllen]

I fixed what I believe was a bug in the new code in viewpoint.c.

You had

              a_with = consume_type(with, TK_NONE);
            {
              ast_t* c_with = consume_type(with, TK_NONE);
              if (c_with != NULL)
              {
                a_with = with;

but a_with is already with
so I changed to a_with = c_with

as I assume that was what you intended.

---

I removed the verify_definitions that you noted wasn't needed.

---

Did some small cleanup.

---

Added what appeared to be some missing frame appending for errors

---

There's still some cleanup but I think this should be much further along.

---

I've pushed to the branch so you'll need to pull.

[SeanTAllen]

I'll be doing the last of the fixes for this soon-ish.

[SeanTAllen]

@jasoncarr0 do you have time to give this a quick review to make sure it looks good? if not, i can move ahead as i believe i got everything from our conversations handled. i feel "pretty darn confident" on that.

[jasoncarr0]

Is this worth leaving in? Or should we revert

[SeanTAllen]

It is still used elsewhere.

[ponylang-main]

Hi @jasoncarr0,

The changelog - fixed label was added to this pull request; all PRs with a changelog label need to have release notes included as part of the PR. If you haven't added release notes already, please do.

Release notes are added by creating a uniquely named file in the .release-notes directory. We suggest you call the file 3953.md to match the number of this pull request.

The basic format of the release notes (using markdown) should be:

## Title

End user description of changes, why it's important,
problems it solves etc.

If a breaking change, make sure to include 1 or more
examples what code would look like prior to this change
and how to update it to work after this change.

Thanks.