Implement pub(restricted) privacy (RFC 1422)

[jseyfried]

This implements pub(restricted) privacy from rust-lang/rfcs#1422 (cc #32409) behind a feature gate.

pub(restricted) paths currently cannot use re-exported modules both for simplicity of implementation and for future compatibility with rust-lang/rfcs#1560 (cc #31783).

r? @nikomatsakis

[jseyfried]

I didn't allow pub(restricted) for tuple struct fields, as suggested here.

Also, pub(restricted) imports cannot be used in non-lexical scopes (like private imports) so that pub(self) and the absence of a visibility modifier are equivalent (as suggested here). Once RFC 1560 is accepted and #32213 lands, all imports will be usable in non-lexical scopes (provided that they are visible enough, of course).

[jseyfried]

cc @petrochenkov @pnkfelix

[petrochenkov]

This comment is no longer true after d1ef356?

[jseyfried]

Indeed, fixed.

[petrochenkov]

Foreign items seem to be missing.

[petrochenkov]

And HIR visibilities in librustc\hir\intravisit.rs are not visited.

[jseyfried]

Foreign items seem to be missing.

Good catch, I'll add them.

And HIR visibilities in librustc\hir\intravisit.rs are not visited.

There's no need to visit visibilities in the HIR currently -- do you think I should add a visit_vis method in intravisit anyway?

[petrochenkov]

do you think I should a visit_vis method in intravisit

Yes, default visitor functions just traverse the tree exhaustively, providing, well, correct defaults.
As an example, overridden visit_paths will not visit paths in visibilities if intravisit doesn't traverse visibilities by default.

[jseyfried]

Done.

[petrochenkov]

I've just noticed, default folders (fold.rs) have the same problems as visitors.
AST folders don't fold all visibilities and HIR folders don't fold visibilities at all.

[jseyfried]

Done.

[jseyfried]

I rebased and addressed @petrochenkov's comments.

[bors]

☔ The latest upstream changes (presumably #32814) made this pull request unmergeable. Please resolve the merge conflicts.

[nikomatsakis]

Meta note: Let's make a subdirectory for these tests.

Perhaps src/test/compile-fail/privacy? If we want to further designate tests aimed at the pub(restricted) RFC, then perhaps src/test/compile-fail/privacy/restricted?

[nikomatsakis]

This looks great. I suggest we move the privacy tests to a subdirectory. I want to start giving more structure to our compile-fail directory on new PRs. :) I'd also like to start maintaining a list that aims to show what is being tested (and, ideally, where). To that end, I drew up a list of stuff that I think we ought to test from this RFC and went through and checked off what you were already testing. The good news is that you got almost all of it! I'm going to write up my matrix here, maybe you can add tests for the remaining few items. In some cases, the tests are probably a bit redundant: I was just trying to think -- without reference to the impl -- of the various scenarios that might arise and try to be somewhat exhaustive about it.

So, here is my matrix. I've put an X for things that I thought you were testing, a - for cases that don't really apply, and left blank things that seem untested. I also added in an O in a few spots for the things I'd really like to see tests for. The rest I think you can add tests for if you think it makes sense.

pub(crate)                                              | X | X |
pub(super)                                              | X | X |
pub(other::path)                                        | X |   |
pub(bad::path)                                          | X | - |
pub(not::ancestor)                                      | X | - |
method calls                                            | X | X |
field access                                            | X | X |
struct literal where fields are private                 | X |   |
field lookup ignores fields with pub(foo)               | O | O |
method lookup ignores fields with pub(foo)              | O | O |
associated item notation (UFCS)                         |   |   |
  trait method (in scope, from parent)                  |   |   |
  inherent method (in scope, from parent)               |   |   |
  where trait is out of scope                           | O | O |
  where method is out of scope (inherent methods only)  | O | O |
reference of item in use statement                      | X | X |
reference of item in expression                         | X | X |
reference of item in type definition                    |   |   |
reference of trait in an impl                           |   |   |
reference of self-type in a trait impl                  |   |   |
reference of self-type in an inherent impl              |   |   |
feature-gate required                                   | X | - |
private type in public API:                             |   |   |
  fn arg                                                | X |   |
  other cases?                                          |   |   |

Eventually I'd like to have a system for tagging tests with what they test so we can easily construct matrices like this automatically to get some idea of test coverage. But we're not there yet.

r=me with suitable tests added.

[jseyfried]

@nikomatsakis
What are the columns? I'm guessing something like [ error emitted | no error emitted ].
Other than that, sounds good.

[nikomatsakis]

@jseyfried oh, I forgot to label those :) it was "intra-crate" and "cross-crate"

[nikomatsakis]

@jseyfried if you want me to review add'l tests, let me know, but if you feel like you've satisfied all the interesting points in that matrix, then r=me

[jseyfried]

Ok, makes sense. I'll add some more tests and r=you

[petrochenkov]

A note: visibilities do not expect type parameters in paths, but use parse_path for parsing, so paths with type parameters can be supplied to them with macros $p: path => pub($p), so visibilities need to be sanity-checked after expansion. I'll fix this as a part of #32875 (comment).

[jseyfried]

@petrochenkov interesting, sounds good.

[jseyfried]

@bors r=nikomatsakis

[bors]

📌 Commit e14504a has been approved by nikomatsakis

[bors]

⌛ Testing commit e14504a with merge ae33aa7...

[bors]

☀️ Test successful - auto-linux-32-nopt-t, auto-linux-32-opt, auto-linux-64-cargotest, auto-linux-64-debug-opt, auto-linux-64-nopt-t, auto-linux-64-opt, auto-linux-64-opt-mir, auto-linux-64-opt-rustbuild, auto-linux-64-x-android-t, auto-linux-64-x-armhf, auto-linux-64-x-armsf, auto-linux-64-x-freebsd, auto-linux-64-x-netbsd, auto-linux-cross-opt, auto-linux-musl-64-opt, auto-mac-32-opt, auto-mac-64-nopt-t, auto-mac-64-opt, auto-mac-64-opt-rustbuild, auto-mac-ios-opt, auto-win-gnu-32-nopt-t, auto-win-gnu-32-opt, auto-win-gnu-32-opt-rustbuild, auto-win-gnu-64-nopt-t, auto-win-gnu-64-opt, auto-win-msvc-32-cross-opt, auto-win-msvc-32-opt, auto-win-msvc-64-cargotest, auto-win-msvc-64-opt, auto-win-msvc-64-opt-mir, auto-win-msvc-64-opt-rustbuild