privacy: Fix regression in impl reachability

[petrochenkov]

Rollback to pre-#56878 logic of determining reachability.
reachability(impl Trait<Substs> for Type<Substs>) = reachability(Trait & Type), substs are ignored.

Fixes #57264

[petrochenkov]

r? @nikomatsakis

[arielb1]

I think the invariant the impl rule tries to rely on should be documented somewhere:

The invariant is that type-inference won't let you use an impl without knowing the "shallow" version of its self type (which requires reaching the DefIds in it).

I noted this is not handled correctly with projections, so I have an example that ICEs even older rustcs:

aux.rs:

mod inner {
    #[derive(Default)]
    pub struct PubUnnameable;
}

trait Mirror { type Image; }
impl<T> Mirror for T { type Image = T; }

pub enum Pub<T> { Nothing, Just(T) }
pub trait Aux {}
impl Aux for <Pub<inner::PubUnnameable> as Mirror>::Image {}

pub fn assert_aux<T: Aux>(_t: &T) {}

impl inner::PubUnnameable {
    pub fn pub_method(self) {}
}

main.rs:

extern crate aux;

fn get_default<T: Default>(_t: &aux::Pub<T>) -> T { T::default() }

fn main() {
    let pub_ = aux::Pub::Nothing;
    aux::assert_aux(&pub_);
    let def = get_default(&pub_);
    def.pub_method();
}

[arielb1]

I would rename RECURSE into !SHALLOW, and make sure that the few other recursive calls in visit_ty don't occur in shallow mode. Also document the invariant.

[arielb1]

r=me with these changes

[petrochenkov]

@arielb1

I noted this is not handled correctly with projections, so I have an example that ICEs even older rustcs

Projections are not necessary in that case, the root reason is a public trait that's implemented for a single type, so type inference can make conclusion "T: Trait => T = ThatType".
9503c56 has a further minimized example and a fix.

@bors r=arielb1

[bors]

📌 Commit 46d53e53bd20613e1921efbc529726b306732fd2 has been approved by arielb1

[bors]

💡 This pull request was already approved, no need to approve it again.

• There's another pull request that is currently being tested, blocking this pull request: Modify mismatched type error for functions with no return #57230

[bors]

📌 Commit 46d53e53bd20613e1921efbc529726b306732fd2 has been approved by arielb1

[arielb1]

I noted this is not handled correctly with projections, so I have an example that ICEs even older rustcs

Projections are not necessary in that case, the root reason is a public trait that's implemented for a single type, so type inference can make conclusion "T: Trait => T = ThatType".
9503c56 has a further minimized example and a fix.

Ok. And there's no inherent problem with projections because accessibility computation has to treat projections as public anyway.

@​bors r=arielb1

I would prefer you to not do a @​bors r=me after you make a change this size.

In any case:

Looking at the code, the one point that I think is missing an adequate explanation is the Ty::Opaque case where you are recurring into the contents. However, I think this is currently OK:

Treating opaque types with private predicates as private when computing the AccessLevel of impls is OK because:
1. First, I don't think we can have Ty::Opaque in the self-type of an impl, and if that becomes possible (abstract type), we'll have to rethink the privacy of pub abstract type MyType: PublicTrait + PrivateTrait anyway.
2. In any case, the privacy property we are checking is the privacy of the def id, not the privacy of the substs. If a user can get his hands on an instance of an Opaque, "inductively on the type-checking of the program" we can know that the def id of that Opaque is not private, which means that we won't mark it as private in our pass.

However, I think that is remarkable enough I'll want it as a comment.

@bors r-

[bors]

📌 Commit 46d53e53bd20613e1921efbc529726b306732fd2 has been approved by arielb1

[arielb1]

@bors r-

[arielb1]

r=me with a comment on ty::Opaque (it would be OK to copy what I wrote and put it in a comment).

(If you are only changing the comment, I'm ok with a @​bors r=arielb1).

[petrochenkov]

@arielb1
From privacy point of view impl Trait1 + Trait2 should be checked identically to dyn Trait1 + Trait2, so we are not even interested in the def-id of the opaque itself (which either doesn't have attached visibility or it's insignificant, like visibility of a type alias).
pub abstract type MyType: PublicTrait + PrivateTrait is equivalent to pub type MyType = dyn PublicTrait + PrivateTrait in this sense.
It's private if any trait in the list is private.

This intent is somewhat hidden because impl-Trait and dyn-Trait use such different structures in ty and we have to recurse to get the trait list in one case, but not in another.

[petrochenkov]

@bors r=arielb1

[bors]

📌 Commit fb00313 has been approved by arielb1

[bors]

⌛ Testing commit fb00313 with merge d39dddf...

[bors]

☀️ Test successful - status-appveyor, status-travis
Approved by: arielb1
Pushing d39dddf to master...