Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rules governing references to private types in public APIs not enforced in impls #28325

Closed
nikomatsakis opened this issue Sep 9, 2015 · 6 comments
Closed

Rules governing references to private types in public APIs not enforced in impls #28325

nikomatsakis opened this issue Sep 9, 2015 · 6 comments
Assignees
@aturon
Labels
P-high High priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Comments

@nikomatsakis
Copy link
Contributor

This code compiles, it should not:

mod x {
pub struct Foo { x: u32 }

struct Bar { x: u32 }

impl Foo {
    pub fn foo(&self, x: Self, y: Bar) { }
}
}

fn main() { }

cc @nrc
@nikomatsakis nikomatsakis added I-nominated T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Sep 9, 2015
@nikomatsakis
Copy link
Contributor Author

nominating, as this seems like a backcompat hazard.

@bluss
Copy link
Member

bluss commented Sep 9, 2015

See also #18082

@nikomatsakis
Copy link
Contributor Author

triage: P-high

@rust-highfive rust-highfive added P-high High priority and removed I-nominated labels Sep 17, 2015
@pnkfelix
Copy link
Member

(a slightly more complicated example that shows the privacy hole being exploited:

mod x {
    pub struct Foo { pub x: u32 }

    struct Bar { _x: u32 }

    impl Foo {
        pub fn foo(&self, _x: Self, _y: Bar) { }
        pub fn bar(&self) -> Bar { Bar { _x: self.x } }
    }
}

pub fn main() {
    let f = x::Foo { x: 4 };
    let b = f.bar();
    f.foo(x::Foo { x: 5 }, b);

}

)

@nikomatsakis nikomatsakis mentioned this issue Sep 17, 2015
Closed
@nrc nrc assigned aturon and unassigned nrc Oct 9, 2015
@jethrogb jethrogb mentioned this issue Nov 7, 2015
Closed
@nikomatsakis
Copy link
Contributor Author

@petrochenkov do you think your rewritten privacy pass will fix this?

@petrochenkov
Copy link
Contributor

Yes, it should.
(But this part isn't written yet)

@petrochenkov petrochenkov mentioned this issue Nov 21, 2015
Merged
bors added a commit that referenced this issue Dec 18, 2015
@bors
Auto merge of #29973 - petrochenkov:privinpub, r=nikomatsakis
ef91cdb 
Some notes:
This patch enforces the rules from [RFC 136](https://github.com/rust-lang/rfcs/blob/master/text/0136-no-privates-in-public.md) and makes "private in public" a module-level concept and not crate-level. Only `pub` annotations are used by the new algorithm, crate-level exported node set produced by `EmbargoVisitor` is not used. The error messages are tweaked accordingly and don't use the word "exported" to avoid confusing people (#29668).

The old algorithm tried to be extra smart with impls, but it mostly led to unpredictable behavior and bugs like #28325.
The new algorithm tries to be as simple as possible - an impl is considered public iff its type is public and its trait is public (if presents).
A type or trait is considered public if all its components are public, [complications](https://internals.rust-lang.org/t/limits-of-type-inference-smartness/2919) with private types leaking to other crates/modules through trait impls and type inference are deliberately ignored so far.

The new algorithm is not recursive and uses the nice new facility `Crate::visit_all_items`!

Obsolete pre-1.0 feature `visible_private_types` is removed.

This is a [breaking-change].
The two main vectors of breakage are type aliases (#28450) and impls (#28325).
I need some statistics from a crater run (cc @alexcrichton) to decide on the breakage mitigation strategy.
UPDATE: All the new errors are reported as warnings controlled by a lint `private_in_public` and lint group `future_incompatible`, but the intent is to make them hard errors eventually.

Closes #28325
Closes #28450
Closes #29524
Closes #29627
Closes #29668
Closes #30055

r? @nikomatsakis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aturon aturon

Labels
P-high High priority T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@nikomatsakis @pnkfelix @aturon @nrc @bluss @petrochenkov @rust-highfive