Open nilehmann opened 3 weeks ago
@nilehmann, I can take this if you'd like?
@vrindisbacher that'd be great! One extra pointer. We use rustc
's infrastructure for reporting errors which is documented here https://rustc-dev-guide.rust-lang.org/diagnostics/diagnostic-structs.html
@nilehmann, how does this look?
File:
#![allow(unused)]
#![allow(dead_code)]
#[flux_rs::opaque]
struct MyStruct {
inner: u32,
}
impl MyStruct {
pub fn inner(&self) -> u32 {
self.inner
}
}
Output:
error[E0999]: cannot access fields of opaque struct `MyStruct`.
--> ../opaque_struct.rs:13:9
|
13 | self.inner
| ^^^^^^^^^^
-Ztrack-diagnostics: created at crates/flux-refineck/src/lib.rs:108:78
|
help: If you'd like to use fields of `MyStruct` in methods, use `flux::trusted` instead of `flux::opaque`.
--> ../opaque_struct.rs:7:1
|
7 | struct MyStruct {
| ^^^^^^^^^^^^^^^
error: aborting due to 1 previous error
@vrindisbacher, this wasn't clear in the issue description, but the way to solve a cannot access fields of opaque struct
is to trust the function accessing the field. In your example above you'd need to trust fn inner
:
#[flux_rs::opaque]
struct MyStruct {
inner: u32,
}
impl MyStruct {
#[flux::trusted]
pub fn inner(&self) -> u32 {
self.inner
}
}
If you mark a struct as opaque
, the only thing you can do in untrusted code is "pass it around". The expectation is that the module defining the opaque struct will define a trusted API, and clients will use it without accessing the fields and only through the API.
Not sure what's the best way to convey this in the error message.
Ah I see. Perhaps, the best way to do this is to have a help span over the function suggesting they add trusted
and then point them to some documentation (maybe in the flux book) about use of opaque
?
Pointing to documentation would be cool, we would have to write it though XD
So ideally, we could have something like
error[E0999]: cannot access fields of opaque struct `MyStruct`.
--> ../opaque_struct.rs:13:9
|
13 | self.inner
| ^^^^^^^^^^
-Ztrack-diagnostics: created at crates/flux-refineck/src/lib.rs:108:78
|
help: try annotating this method with `#[flux::trusted]`
--> ../opaque_struct.rs:7:1
|
12 | pub fn inner(&self) -> u32 {
| ^^^^^
note: fields of opaque structs can only be accessed inside trusted code
note: to know more about opaque http://flux-rs.github.io/....
Ya that's exactly what I was thinking. I'm happy to write the documentation as part of this if you want.
The error message could explain why the field of an opaque struct cannot be accessed and suggest using
#[flux::trusted]
.Example of someone confused about it
Relevant pointers: