[r+] Add rules for negative implementations

[flaper87]

This PR adds rules for negative implementations. It follows pretty much what the RFC says with 1 main difference:

Instead of positive implementations override negative implementations, this have been implemented in a way that a negative implementation of Trait for T will overlap with a positive implementation, causing a coherence error.

@nikomatsakis r?

cc #13231

[breaking-change]

[rust-highfive]

r? @pcwalton

(rust_highfive has picked a reviewer for you, use r? to override)

[flaper87]

(running stage2 checks locally, stage1 rpass/cfail passed)

UPDATE:

passed :)

[bluss]

Isn't this redundant with raw pointers no longer being Send?

[flaper87]

It's redundant unless, for some reason, NonZero ends up implementing Send. It doesn't now and I don't think it will so we could probably remove it. Although, the extra negative impl is harmless.

[nikomatsakis]

I think it's good practice though to be explicit; it serves as documentation. It'd be good to add some comments to the impls though saying why Rc is not sendable/sync. something like

/// `Rc` instances cannot be sent to other threads because they contain a shared reference count which is modified without atomic instructions.
impl<T> !marker::Send for Rc<T> { }

/// `Rc` instances cannot be sent to other threads because they contain a shared reference count which is modified without atomic instructions.
impl<T> !marker::Sync for Rc<T> { }

[nikomatsakis]

An alternative, if we had such a thing, would be the equivalent of compile-fail unit tests though.

[nikomatsakis]

This seems a bit fishy. If there are only negative impls, it seems like the result will be the empty vec, but I think we just want the pos + the neg impls.

[flaper87]

If there are no positive impls - trait_impls is empty - the result would be an empty vec, yes. Although, trait_impls will never be empty, afaict.

[flaper87]

(by merging trait_impls and trait_negative_impls this won't be needed anymore)

[nikomatsakis]

So overall this looks really good. I'm happy about how small the diff became when we adopted the "unify pos and neg impl" approach. I feel like there should be more tests, but I'm not entirely sure what they ought to be. Maybe we can brainstorm some tricky scenarios. Here are some thoughts:

1. I'd like to see another slightly less trivial coherence overlap (e.g., unsafe impl<T> Send for MyType<T>; impl !Send for MyType<int>)
2. I'd like to see a test for coherence orphan rules (e.g., impl<T> !Send for Vec<T>)
3. I'd like to see a test where the "!send" thing is inside something else. Like, if Foo is !Send, test whether a struct Bar that wraps a Foo is send:

struct Foo;
struct Bar(Foo);
impl !Send for Foo;
fn is_send<T:Send>();
fn main() {
    is_send::<Bar>(); //~ ERROR ...
    is_send::<(int, Foo)>(); //~ ERROR ...
    is_send::<Box<Foo>>(); //~ ERROR ...
    is_send::<Box<Bar>>(); //~ ERROR ...

}

I put the one minor nit about keeping the pos/neg impls in one list instead of two -- do you think there is a good reason to keep them separated?

[flaper87]

@nikomatsakis thanks for the review :)

I believe traits-negative-impls.rs covers part of what you suggested in the third point but I'll extend it to cover cases with Box and nested types. I'll also add cases for 1 and 2

[nikomatsakis]

r+

[pythonesque]

Why don't positive implementations override negative implementations? I think this is pretty important for some uses of unsafe traits, no?

[flaper87]

@pythonesque I've updated the PR description with something that reflects the current implementation. The previous message corresponded to an older version of this implementation.

[nikomatsakis]

On Thu, Jan 15, 2015 at 08:45:23PM -0800, Joshua Yanovski wrote:

Why don't positive implementations override negative implementations? I think this is pretty important for some uses of unsafe traits, no?

It wasn't clear where this would be important. Do you have a use case?
Overall the code and rules worked out simpler this way, and it is
backwards compatible of course to extend later.

[pythonesque]

@nikomatsakis Maybe you are right and it doesn't, I think I had an example in mind but I can't remember what it was at the moment. I'll let you know if I remember.

[ghost]

It wasn't clear where this would be important. Do you have a use case?

@nikomatsakis there are some patterns involving type-level search that can't currently be expressed in Rust as far as I can tell, but might be possible with blanket negative impls allowing positive impl overrides (sealed traits with overlapping patterns would be another way).

One use case for that is generic programming with open sums (like the join type proposal). Another one would be statically checked dimensional analysis. Fancy database interfaces could also use that pattern for a number of things.

[nikomatsakis]

On Sun, Jan 18, 2015 at 10:38:12AM -0800, Darin Morrison wrote:

It wasn't clear where this would be important. Do you have a use case?

@nikomatsakis there are some patterns involving type-level search that can't currently be expressed in Rust as far as I can tell, but might be possible with blanket negative impls allowing positive impl overrides (sealed traits with overlapping patterns would be another way).

Interesting, I'd like to hear more details. Nonetheless, it feels good
to have the positive and negative impls follow a consistent set of
rules. I'd like to introduce some kind of support for specialization
which might also then apply across the board and allow support for
these patterns. Regardless the current semantics are conservative in
the sense that I believe we could change them in the future without
breaking code.

[ghost]

Interesting, I'd like to hear more details. Nonetheless, it feels good
to have the positive and negative impls follow a consistent set of
rules. I'd like to introduce some kind of support for specialization
which might also then apply across the board and allow support for
these patterns. Regardless the current semantics are conservative in
the sense that I believe we could change them in the future without
breaking code.

@nikomatsakis If I get a chance I'll try to put together some examples. Most of the ones I can think of at the moment can be encoded as a special case of a decidable equality on types by piggybacking on the definitional equality. Once equality predicates in where clauses are implemented, that might actually be enough, assuming they can be negated and that the coherence check could use that to determine disjointness of the implementations.

[flaper87]

@darinmorrison please, keep me in the loop and thanks for bringing this up! 👍