type privacy: Check constructor types in tuple struct patterns

[petrochenkov]

This fixes a hole in type privacy checker that was noticed in #137623.

In TupleStruct(something) expression the TupleStruct part has its type recorded and we are checking it, but in patterns only type of the whole pattern is kept, so we were missing the constructor's type in the privacy check.

[rustbot]

r? @lcnr

rustbot has assigned @lcnr.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

[petrochenkov]

@bors try

[compiler-errors]

Changes LGTM, but presumably this needs a crater run and T-lang signoff? If there's no fallout should be an easy decision.

[bors]

⌛ Trying commit 3ded370 with merge 95e9ab4...

[bors]

☀️ Try build successful - checks-actions
Build commit: 95e9ab4 (95e9ab49d74e667fcb64e516805be34889d463f8)

[compiler-errors]

@craterbot check

[craterbot]

🚨 Error: database is locked

🆘 If you have any trouble with Crater please ping @rust-lang/infra!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[compiler-errors]

@craterbot check

[petrochenkov]

@craterbot check

[craterbot]

🚨 Error: missing start toolchain

🆘 If you have any trouble with Crater please ping @rust-lang/infra!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[petrochenkov]

@bors try

[bors]

⌛ Trying commit 819edd9 with merge 26ad8a8...

[bors]

☀️ Try build successful - checks-actions
Build commit: 26ad8a8 (26ad8a85dc4eed299af809e52f278da81e284602)

[petrochenkov]

@craterbot check

[craterbot]

👌 Experiment pr-138458 created and queued.
🤖 Automatically detected try build 26ad8a8
🔍 You can check out the queue and this experiment's details.

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🚧 Experiment pr-138458 is now running

ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[craterbot]

🎉 Experiment pr-138458 is completed!
📊 5 regressed and 7 fixed (599281 total)
📰 Open the full report.

⚠️ If you notice any spurious failure please add them to the denylist!
ℹ️ Crater is a tool to run experiments across parts of the Rust ecosystem. Learn more

[petrochenkov]

All the regressions are unrelated to this change.
I'll write a description for the lang team tomorrow.
@rustbot author

[petrochenkov]

Change description

This PR makes using wild card tuple struct and tuple variant patterns an error, if the struct or variant has a private field.

mod m {
  struct Priv;
  pub struct TupleStruct(pub Priv);
  pub enum Enum { TupleVariant(Priv) }
}

match something {
  m::TupleStruct(..) => {} // ERROR `TupleStruct` has private type
}
match something {
  m::Enum::TupleVariant(..) => {} // ERROR `Enum::TupleVariant` has private type
}

To reproduce this you have to #[allow(private_interfaces)] for the struct and variant definitions first.

This now works according to the type privacy rules and reports a type privacy error because the types of constructors TupleStruct and Enum::TupleVariant are private due to private arguments in the signatures.
I don't think you could actually leak anything private this way, but if there's a consistent rule, then let's just follow it.

[traviscross]

We talked about this on Wednesday and it turned out to not be an easy call for us. It'd probably help if you could walk us through how this is either specified by the RFC 2145 rules or falls out from them, and in those terms, if you could walk through how we'd distinguish (or not) the case you propose to disallow from other uses in the type namespace, e.g.:

#![allow(private_interfaces, unreachable_code)]

mod m {
    struct Priv;
    pub struct TupleStruct(pub Priv);
}

fn main() {
    let _: m::TupleStruct = loop {}; //~ OK
    let m::TupleStruct { .. } = loop {}; //~ OK
    let m::TupleStruct(..) = loop {}; //~ OK?
    // In the value namespace, the use clearly
    // should be (and is) an error.
    let _ = m::TupleStruct; //~ ERROR
}

[petrochenkov]

@traviscross
The examples in detail.

#![allow(private_interfaces, unreachable_code)]

mod m {
    struct Priv;
    pub struct TupleStruct(pub Priv);
}

fn main() {
    // There's one type here - `m::TupleStruct`, it is public, no error.
    // There are also two values here
    //  - `_` (its type `m::TupleStruct` is public, no errror),
    //  - `loop {}` (its types are `!` and `m::TupleStruct` before and after coercion, both public, no error).
    let _: m::TupleStruct = loop {}; // OK
    // There's one type here - `m::TupleStruct`, it is public, no error.
    // There are also two values here
    //  - `m::TupleStruct { .. }` (its type `m::TupleStruct` is public, no error)
    //  - `loop {}` (same as above, no error).
    let m::TupleStruct { .. } = loop {}; // OK
    // There are no types here.
    // There are three values here
    //  - `m::TupleStruct` (its type `fn(Priv) -> m::TupleStruct` is private due to `Priv` in the signature, error)
    //  - `m::TupleStruct(..)` (its type `m::TupleStruct` is public, no error)
    //  - `loop {}` (same as above, no error).
    let m::TupleStruct(..) = loop {}; // ERROR
    // There are no types here.
    // There are two values here
    //  - `m::TupleStruct` (its type `fn(Priv) -> m::TupleStruct` is private due to `Priv` in the signature, error)
    //  - `_` (its type `fn(Priv) -> m::TupleStruct` is private due to `Priv` in the signature, error).
    let _ = m::TupleStruct; // ERROR
}

[petrochenkov]

The relevant RFC part is https://github.com/rust-lang/rfcs/blob/master/text/2145-type-privacy.md#the-type-privacy-rule.

I guess the only point of doubt here is whether TupleStruct in a tuple pattern is "really a value".
In the compiler type checker does consider it a value when inferring types, but that's one of the cases in which the value's type is thrown away and not saved into type checking result tables, that's why privacy checker didn't see it and didn't report the error.