Update CC Docs Until scoped-caps.md #24677
Open
+377
−111
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
bracevac
force-pushed
the
ob-cc-docs2
branch
2 times, most recently
from
8f6cf6a to
d73dd15
Compare
bracevac
force-pushed
the
ob-cc-docs2
branch
2 times, most recently
from
b3da99d to
e8699e3
Compare
bracevac
force-pushed
the
ob-cc-docs2
branch
from
48d825e to
a7bcfbb
Compare
natsukagami
reviewed
Dec 17, 2025
| signature expresses that the cumulative capture set of the input futures is preserved in the | ||
| resulting stream: | ||
| ```scala | ||
| def collect[T, C^](fs: Set[Future[T]]^{C})(using Async^): Stream[Future[T]^{C}] = |
Contributor
There was a problem hiding this comment.
Suggested change
| def collect[T, C^](fs: Set[Future[T]]^{C})(using Async^): Stream[Future[T]^{C}] = | |
| def collect[T, C^](fs: Set[Future[T]^{C}])(using Async^): Stream[Future[T]^{C}] = |
natsukagami
reviewed
Dec 17, 2025
Comment on lines
+115
to
+125
| #### Tracking the evolution of mutable objects | ||
| A common use case for explicit capture parameters is when a mutable object’s reachable capabilities | ||
| _grow_ due to mutation. For example, concatenating effectful iterators: | ||
| ```scala | ||
| class ConcatIterator[A, C^](var iterators: mutable.List[IterableOnce[A]^{C}]): | ||
| def concat(it: IterableOnce[A]^): ConcatIterator[A, {C, it}]^{this, it} = | ||
| iterators ++= it // ^ | ||
| this // track contents of `it` in the result | ||
| ``` | ||
| In such a scenario, we also should ensure that any pre-existing alias of a `ConcatIterator` object should become | ||
| inaccessible after invoking its `concat` method. This is achieved with [mutation and separation tracking](separation-checking.md) which are currently in development. | ||
| In such cases, the type system must ensure that any existing aliases of the iterator become invalid | ||
| after mutation. This is handled by [mutation tracking](mutability.md) and [separation tracking](separation-checking.md), which are currently under development. |
Contributor
There was a problem hiding this comment.
I think this is a poor example, as it instantly leads the reader into writing this (very buggy, doesn't guarantee anything until separation checking) code.
The problem with mutable collections with non-type-parameter element types is that you cannot use implicit capture polymorphism: they get instantiated with the elements at the construction of the collection.
class IteratorList(private var iterators: mutable.List[Iterator[A]^]):
// ^ this cap will be instantiated with whatever is in the initial list
// ...
def +=(it: Iterator[A]^) = iterators += it
val xs = IteratorList(mutable.List.empty) // forcefully instantiated to {}(also we don't have a name to refer to the capture set of the elements, when we write the += method)
Therefore, we need a capture set variable, to allow the user/inference to specify a capture set suitable for the whole usage of the collection.
class IteratorList[C^](private var iterators: mutable.List[Iterator[A]^{C}]):
// ...
def +=(it: Iterator[A]^{C}) = iterators += it
val xs = IteratorList(mutable.List.empty)
xs += Iterator(async)
xs += Iterator(io)
// inference will (probably) find out that xs: IteratorList[{async, io}] Note that this capture set will not change, it's part of the type: it means you have to be able to name all the captures of all the elements at the point of creating the collection. If you want a growing capture set, it's not sound until separation checking.
natsukagami
reviewed
Dec 17, 2025
| - **Methods** (but not accessors or constructors) | ||
|
|
||
| Local values like `f1`, `f2`, `ref`, etc., don't define their own levels. They inherit the level of their enclosing method or class. For example, this means: | ||
| - `f1` is at `Outer`'s level, i.e., `f` subcaptures local `cap₁`. |
Contributor
There was a problem hiding this comment.
Suggested change
| - `f1` is at `Outer`'s level, i.e., `f` subcaptures local `cap₁`. | |
| - `f1` is at `Outer`'s level, i.e., `f1` subcaptures local `cap₁`. |
natsukagami
reviewed
Dec 17, 2025
| ... | ||
| ``` | ||
|
|
||
| Each capability has a _level_ corresponding to the local `cap` of its defining scope. The level determines where a capability can flow: it can flow into `cap`s at the same level or more deeply nested, but not outward to enclosing scopes (which would mean a capability lives longer than its lexical lifetime). The compiler computes a capability's level by walking up the ownership chain until reaching a symbol that represents a level boundary. Level boundaries are: |
Contributor
There was a problem hiding this comment.
Nit: I think flow is a vague word. Maybe "The level determines where a capability can be part of: it can be a part of caps at the same level or more deeply nested..." or something like "assigned to"?
Update: I think we used in a lot of places, so maybe it's fine?
| Local values like `f1`, `f2`, `ref`, etc., don't define their own levels. They inherit the level of their enclosing method or class. For example, this means: | ||
| - `f1` is at `Outer`'s level, i.e., `f` subcaptures local `cap₁`. | ||
| - `f2` and `ref` are both at `method`'s level, i.e., both subcapture local `cap₂`. | ||
| - By lexical lifetime, `{cap₂} <: {cap₃}` holds, but it does **not** hold that `{cap₃} <: {cap₂}`. Hence, |
Contributor
There was a problem hiding this comment.
Suggested change
| - By lexical lifetime, `{cap₂} <: {cap₃}` holds, but it does **not** hold that `{cap₃} <: {cap₂}`. Hence, | |
| - By lexical nesting, `{cap₂} <: {cap₃}` holds, but it does **not** hold that `{cap₃} <: {cap₂}`. Hence, |
Lifetimes? Are we Rust? 🦀
| ``` | ||
|
|
||
| The closure is declared pure (`() -> Unit`), meaning its local `cap` is the empty set. The capability `fs` cannot flow into an empty set, so the checker rejects this. | ||
|
|
Contributor
There was a problem hiding this comment.
Perhaps we should say something about the withFile[T] pattern here?
|
|
||
| **Examples:** | ||
|
|
||
| - `A => B` is an alias type that expands to `A ->{cap} B`. |
Contributor
There was a problem hiding this comment.
What should A => B => C be extended to? I think it's quite unclear here
|
|
||
| ## Comparison with Rust Lifetimes | ||
|
|
||
| Readers familiar with Rust may notice similarities to lifetime checking. Both systems prevent references from escaping their valid scope. In Rust, a reference type `&'a T` carries an explicit lifetime parameter `'a`. In Scala's capture checking, the lifetime is folded into the capability name itself: `T^{x}` says "a `T` capturing `x`," and `x`'s level implicitly determines how long this reference is valid. A capture set then acts as an upper bound on the lifetimes of all the capabilities it contains. |
Contributor
There was a problem hiding this comment.
Suggested change
| Readers familiar with Rust may notice similarities to lifetime checking. Both systems prevent references from escaping their valid scope. In Rust, a reference type `&'a T` carries an explicit lifetime parameter `'a`. In Scala's capture checking, the lifetime is folded into the capability name itself: `T^{x}` says "a `T` capturing `x`," and `x`'s level implicitly determines how long this reference is valid. A capture set then acts as an upper bound on the lifetimes of all the capabilities it contains. | |
| Readers familiar with Rust may notice similarities to lifetime checking. Both systems prevent references from escaping their valid scope. In Rust, a reference type `&'a T` carries an explicit lifetime parameter `'a`. In Scala's capture checking, the lifetime is folded into the capability name itself: `T^{x}` says "a `T` capturing `x`," and `x`'s level implicitly determines how long this reference is valid. A capture set of a reference then acts as an upper bound of the reference itself: it only lives as long as all the capabilities it contains are visible. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Continuation of #24626
[skip ci]