scala
diff --git a/‎compiler/src/dotty/tools/dotc/cc/CaptureSet.scala
+39-25 b/‎compiler/src/dotty/tools/dotc/cc/CaptureSet.scala
+39-25
diff --git a/‎compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala
+16-12 b/‎compiler/src/dotty/tools/dotc/cc/CheckCaptures.scala
+16-12
diff --git a/‎compiler/src/dotty/tools/dotc/cc/Setup.scala
+57-32 b/‎compiler/src/dotty/tools/dotc/cc/Setup.scala
+57-32
diff --git a/‎compiler/src/dotty/tools/dotc/cc/ccConfig.scala
+1-1 b/‎compiler/src/dotty/tools/dotc/cc/ccConfig.scala
+1-1
diff --git a/‎compiler/src/dotty/tools/dotc/cc/root.scala
+10-2 b/‎compiler/src/dotty/tools/dotc/cc/root.scala
+10-2
diff --git a/‎compiler/src/dotty/tools/dotc/core/NameKinds.scala
+1 b/‎compiler/src/dotty/tools/dotc/core/NameKinds.scala
+1
@@ -352,16 +352,27 @@ sealed abstract class CaptureSet extends Showable:
 
   def readOnly(using Context): CaptureSet = map(ReadOnlyMap())
 
-  /** Invoke handler if this set has (or later aquires) the root capability `cap` */
-  def disallowRootCapability(handler: () => Context ?=> Unit)(using Context): this.type =
-    val hasRoot =
-      if ccConfig.newScheme then
-        elems.exists: elem =>
-          val elem1 = elem.stripReadOnly
-          elem1.isCap || elem1.isResultRoot
-      else
-        containsRootCapability
-    if hasRoot then handler()
+  /** A bad root `elem` is inadmissible as a member of this set. What is a bad roots depends
+   *  on the value of `rootLimit`.
+   *  If the limit is null, all capture roots are good.
+   *  If the limit is NoSymbol, all Fresh roots are good, but cap and Result roots are bad.
+   *  If the limit is some other symbol, cap and Result roots are bad, as well as
+   *  all Fresh roots that are contained (via ccOwner) in `rootLimit`.
+   */
+  protected def isBadRoot(rootLimit: Symbol | Null, elem: CaptureRef)(using Context): Boolean =
+    if rootLimit == null then false
+    else
+      val elem1 = elem.stripReadOnly
+      elem1.isCap
+      || elem1.isResultRoot
+      || elem1.isFresh && elem1.ccOwner.isContainedIn(rootLimit)
+
+  /** Invoke `handler` if this set has (or later aquires) a root capability.
+   *  Excluded are Fresh instances unless their ccOwner is contained in `upto`.
+   *  If `upto` is NoSymbol, all Fresh instances are admitted.
+   */
+  def disallowRootCapability(upto: Symbol)(handler: () => Context ?=> Unit)(using Context): this.type =
+    if elems.exists(isBadRoot(upto, _)) then handler()
     this
 
   /** Invoke handler on the elements to ensure wellformedness of the capture set.
@@ -537,7 +548,10 @@ object CaptureSet:
     /** A handler to be invoked if the root reference `cap` is added to this set */
     var rootAddedHandler: () => Context ?=> Unit = () => ()
 
-    private[CaptureSet] var universalOK = true
+    /** The limit deciding which capture roots are bad (i.e. cannot be contained in this set).
+     *  @see isBadRoot for details.
+     */
+    private[CaptureSet] var rootLimit: Symbol | Null = null
 
     /** A handler to be invoked when new elems are added to this set */
     var newElemAddedHandler: CaptureRef => Context ?=> Unit = _ => ()
@@ -588,7 +602,7 @@ object CaptureSet:
         assert(elem.isTrackableRef, elem)
         assert(!this.isInstanceOf[HiddenSet] || summon[VarState].isSeparating, summon[VarState])
         elems += elem
-        if elem.isRootCapability then
+        if isBadRoot(rootLimit, elem) then
           rootAddedHandler()
         newElemAddedHandler(elem)
         val normElem = if isMaybeSet then elem else elem.stripMaybe
@@ -610,16 +624,16 @@ object CaptureSet:
 
     private def levelOK(elem: CaptureRef)(using Context): Boolean = elem match
       case elem @ root.Fresh(_) =>
-        if ccConfig.newScheme then
-          if !level.isDefined || ccState.symLevel(elem.ccOwner) <= level then true
-          else
-            println(i"LEVEL ERROR $elem cannot be included in $this of $owner")
-            false
-        else universalOK
+        !level.isDefined
+        || ccState.symLevel(elem.ccOwner) <= level
+        || {
+          capt.println(i"LEVEL ERROR $elem cannot be included in $this of $owner")
+          false
+        }
       case elem @ root.Result(mt) =>
-        universalOK && (this.isInstanceOf[BiMapped] || isPartOf(mt.resType))
+        rootLimit == null && (this.isInstanceOf[BiMapped] || isPartOf(mt.resType))
       case elem: TermRef if elem.isCap =>
-        universalOK
+        rootLimit == null
       case elem: TermRef if level.isDefined =>
         elem.prefix match
           case prefix: CaptureRef =>
@@ -650,10 +664,10 @@ object CaptureSet:
       else
         CompareResult.Fail(this :: Nil)
 
-    override def disallowRootCapability(handler: () => Context ?=> Unit)(using Context): this.type =
-      universalOK = false
+    override def disallowRootCapability(upto: Symbol)(handler: () => Context ?=> Unit)(using Context): this.type =
+      rootLimit = upto
       rootAddedHandler = handler
-      super.disallowRootCapability(handler)
+      super.disallowRootCapability(upto)(handler)
 
     override def ensureWellformed(handler: CaptureRef => (Context) ?=> Unit)(using Context): this.type =
       newElemAddedHandler = handler
@@ -756,7 +770,7 @@ object CaptureSet:
    *  Test case: Without that tweak, logger.scala would not compile.
    */
   class RefiningVar(owner: Symbol)(using Context) extends Var(owner):
-    override def disallowRootCapability(handler: () => Context ?=> Unit)(using Context) = this
+    override def disallowRootCapability(upto: Symbol)(handler: () => Context ?=> Unit)(using Context) = this
 
   /** A variable that is derived from some other variable via a map or filter. */
   abstract class DerivedVar(owner: Symbol, initialElems: Refs)(using @constructorOnly ctx: Context)
@@ -814,7 +828,7 @@ object CaptureSet:
             .showing(i"propagating new elem $elem backward from $this to $source = $result", captDebug)
             .andAlso(addNewElem(elem))
         catch case ex: AssertionError =>
-          println(i"fail while tryInclude $elem of ${elem.getClass} in $this / ${this.summarize}")
+          println(i"fail while prop backwards tryInclude $elem of ${elem.getClass} in $this / ${this.summarize}")
           throw ex
 
     /** For a BiTypeMap, supertypes of the mapped type also constrain
 
@@ -123,7 +123,7 @@ object CheckCaptures:
    *  root capability in its capture set or if it refers to a type parameter that
    *  could possibly be instantiated with cap in a way that's visible at the type.
    */
-  private def disallowRootCapabilitiesIn(tp: Type, carrier: Symbol, what: String, have: String, addendum: String, pos: SrcPos)(using Context) =
+  private def disallowRootCapabilitiesIn(tp: Type, upto: Symbol, what: String, have: String, addendum: String, pos: SrcPos)(using Context) =
     val check = new TypeTraverser:
 
       private val seen = new EqHashSet[TypeRef]
@@ -150,7 +150,7 @@ object CheckCaptures:
           case CapturingType(parent, refs) =>
             if variance >= 0 then
               val openScopes = openExistentialScopes
-              refs.disallowRootCapability: () =>
+              refs.disallowRootCapability(upto): () =>
                 def part =
                   if t eq tp then ""
                   else
@@ -488,7 +488,7 @@ class CheckCaptures extends Recheck, SymTransformer:
             case _ =>
               CaptureSet.ofType(c.widen, followResult = false)
             capt.println(i"Widen reach $c to $underlying in ${env.owner}")
-          underlying.disallowRootCapability: () =>
+          underlying.disallowRootCapability(NoSymbol): () =>
             report.error(em"Local capability $c in ${env.ownerString} cannot have `cap` as underlying capture set", tree.srcPos)
           recur(underlying, env, lastEnv)
 
@@ -517,7 +517,7 @@ class CheckCaptures extends Recheck, SymTransformer:
                 // fresh capabilities. We don't need to also follow the hidden set since separation
                 // checking makes ure that locally hidden references need to go to @consume parameters.
             else
-              underlying.disallowRootCapability: () =>
+              underlying.disallowRootCapability(ctx.owner): () =>
                 report.error(em"Local reach capability $c leaks into capture scope of ${env.ownerString}", tree.srcPos)
               recur(underlying, env, null)
         case c: TypeRef if c.isParamPath =>
@@ -590,7 +590,7 @@ class CheckCaptures extends Recheck, SymTransformer:
           def where = if sym.exists then i" in an argument of $sym" else ""
           val (addendum, errTree) =
             if arg.isInferred
-            then ("\nThis is often caused by a local capability$where\nleaking as part of its result.", fn)
+            then (i"\nThis is often caused by a local capability$where\nleaking as part of its result.", fn)
             else if arg.span.exists then ("", arg)
             else ("", fn)
           disallowRootCapabilitiesIn(arg.nuType, NoSymbol,
@@ -988,7 +988,7 @@ class CheckCaptures extends Recheck, SymTransformer:
         if sym.is(Module) then sym.info // Modules are checked by checking the module class
         else
           if sym.is(Mutable) && !sym.hasAnnotation(defn.UncheckedCapturesAnnot) then
-            val (carrier, addendum) = capturedBy.get(sym) match
+            val addendum = capturedBy.get(sym) match
               case Some(encl) =>
                 val enclStr =
                   if encl.isAnonymousFunction then
@@ -997,11 +997,11 @@ class CheckCaptures extends Recheck, SymTransformer:
                       case _ => ""
                     s"an anonymous function$location"
                   else encl.show
-                (NoSymbol, i"\n\nNote that $sym does not count as local since it is captured by $enclStr")
+                i"\n\nNote that $sym does not count as local since it is captured by $enclStr"
               case _ =>
-                (sym, "")
+                ""
             disallowRootCapabilitiesIn(
-              tree.tpt.nuType, carrier, i"Mutable $sym", "have type", addendum, sym.srcPos)
+              tree.tpt.nuType, NoSymbol, i"Mutable $sym", "have type", addendum, sym.srcPos)
           checkInferredResult(super.recheckValDef(tree, sym), tree)
       finally
         if !sym.is(Param) then
@@ -1200,7 +1200,12 @@ class CheckCaptures extends Recheck, SymTransformer:
      *  result type of a try
      */
     override def recheckTry(tree: Try, pt: Type)(using Context): Type =
-      val tp = super.recheckTry(tree, pt)
+      val tryOwner = Setup.firstCanThrowEvidence(tree.expr) match
+        case Some(vd) => vd.symbol.owner
+        case None => ctx.owner
+      val bodyType = inContext(ctx.withOwner(tryOwner)):
+        recheck(tree.expr, pt)
+      val tp = recheckTryRest(bodyType, tree.cases, tree.finalizer, pt)
       if Feature.enabled(Feature.saferExceptions) then
         disallowRootCapabilitiesIn(tp, ctx.owner,
           "The result of `try`", "have type",
@@ -1272,8 +1277,7 @@ class CheckCaptures extends Recheck, SymTransformer:
           val msg = note match
             case CompareResult.LevelError(cs, ref) =>
               if ref.stripReadOnly.isCapOrFresh then
-                def capStr = if ref.isReadOnly then "cap.rd" else "cap"
-                i"""the universal capability `$capStr`
+                i"""the universa capability $ref
                    |cannot be included in capture set $cs"""
               else
                 val levelStr = ref match
 
@@ -21,6 +21,7 @@ import CCState.*
 import dotty.tools.dotc.util.NoSourcePosition
 import CheckCaptures.CheckerAPI
 import NamerOps.methodType
+import NameKinds.{CanThrowEvidenceName, TryOwnerName}
 
 /** Operations accessed from CheckCaptures */
 trait SetupAPI:
@@ -51,6 +52,15 @@ object Setup:
         Some((res, exc))
       case _ =>
         None
+
+  def firstCanThrowEvidence(body: Tree)(using Context): Option[Tree] = body match
+    case Block(stats, expr) =>
+      if stats.isEmpty then firstCanThrowEvidence(expr)
+      else stats.find:
+        case vd: ValDef => vd.symbol.name.is(CanThrowEvidenceName)
+        case _ => false
+    case _ => None
+
 end Setup
 import Setup.*
 
@@ -480,9 +490,9 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
   end transformExplicitType
 
   /** Update info of `sym` for CheckCaptures phase only */
-  private def updateInfo(sym: Symbol, info: Type)(using Context) =
+  private def updateInfo(sym: Symbol, info: Type, owner: Symbol)(using Context) =
     toBeUpdated += sym
-    sym.updateInfo(thisPhase, info, newFlagsFor(sym))
+    sym.updateInfo(thisPhase, info, newFlagsFor(sym), owner)
     toBeUpdated -= sym
 
   /** The info of `sym` at the CheckCaptures phase */
@@ -590,6 +600,17 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
           traverse(elems)
           tpt.setNuType(box(transformInferredType(tpt.tpe)))
 
+        case tree @ Try(body, catches, finalizer) =>
+          val tryOwner = firstCanThrowEvidence(body) match
+            case Some(vd) =>
+              newSymbol(ctx.owner, TryOwnerName.fresh(),
+                Method | Synthetic, ExprType(defn.NothingType), coord = tree.span)
+            case _ =>
+              ctx.owner
+          inContext(ctx.withOwner(tryOwner)):
+            traverse(body)
+          catches.foreach(traverse)
+          traverse(finalizer)
         case _ =>
           traverseChildren(tree)
       postProcess(tree)
@@ -634,6 +655,8 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
         // have a new type installed here (meaning hasRememberedType is true)
         def signatureChanges =
           tree.tpt.hasNuType || paramSignatureChanges
+        def ownerChanges =
+          ctx.owner.name.is(TryOwnerName)
 
         def paramsToCap(mt: Type)(using Context): Type = mt match
           case mt: MethodType =>
@@ -644,38 +667,40 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
             mt.derivedLambdaType(resType = paramsToCap(mt.resType))
           case _ => mt
 
-        // If there's a change in the signature, update the info of `sym`
-        if sym.exists && signatureChanges then
+        // If there's a change in the signature or owner, update the info of `sym`
+        if sym.exists && (signatureChanges || ownerChanges) then
           val updatedInfo =
-
-            val paramSymss = sym.paramSymss
-            def newInfo(using Context) = // will be run in this or next phase
-              root.toResultInResults(sym, report.error(_, tree.srcPos)):
-                if sym.is(Method) then
-                  paramsToCap(methodType(paramSymss, localReturnType))
-                else tree.tpt.nuType
-            if tree.tpt.isInstanceOf[InferredTypeTree]
-                && !sym.is(Param) && !sym.is(ParamAccessor)
-            then
-              val prevInfo = sym.info
-              new LazyType:
-                def complete(denot: SymDenotation)(using Context) =
-                  assert(ctx.phase == thisPhase.next, i"$sym")
-                  sym.info = prevInfo // set info provisionally so we can analyze the symbol in recheck
-                  completeDef(tree, sym, this)
-                  sym.info = newInfo
-                    .showing(i"new info of $sym = $result", capt)
-            else if sym.is(Method) then
-              new LazyType:
-                def complete(denot: SymDenotation)(using Context) =
-                  sym.info = newInfo
-                    .showing(i"new info of $sym = $result", capt)
-            else newInfo
-          updateInfo(sym, updatedInfo)
+            if signatureChanges then
+              val paramSymss = sym.paramSymss
+              def newInfo(using Context) = // will be run in this or next phase
+                root.toResultInResults(sym, report.error(_, tree.srcPos)):
+                  if sym.is(Method) then
+                    paramsToCap(methodType(paramSymss, localReturnType))
+                  else tree.tpt.nuType
+              if tree.tpt.isInstanceOf[InferredTypeTree]
+                  && !sym.is(Param) && !sym.is(ParamAccessor)
+              then
+                val prevInfo = sym.info
+                new LazyType:
+                  def complete(denot: SymDenotation)(using Context) =
+                    assert(ctx.phase == thisPhase.next, i"$sym")
+                    sym.info = prevInfo // set info provisionally so we can analyze the symbol in recheck
+                    completeDef(tree, sym, this)
+                    sym.info = newInfo
+                      .showing(i"new info of $sym = $result", capt)
+              else if sym.is(Method) then
+                new LazyType:
+                  def complete(denot: SymDenotation)(using Context) =
+                    sym.info = newInfo
+                      .showing(i"new info of $sym = $result", capt)
+              else newInfo
+            else sym.info
+          val updatedOwner = if ownerChanges then ctx.owner else sym.owner
+          updateInfo(sym, updatedInfo, updatedOwner)
 
       case tree: Bind =>
         val sym = tree.symbol
-        updateInfo(sym, transformInferredType(sym.info))
+        updateInfo(sym, transformInferredType(sym.info), sym.owner)
       case tree: TypeDef =>
         tree.symbol match
           case cls: ClassSymbol =>
@@ -708,7 +733,7 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
               // Install new types and if it is a module class also update module object
               if (selfInfo1 ne selfInfo) || (ps1 ne ps) then
                 val newInfo = ClassInfo(prefix, cls, ps1, decls, selfInfo1)
-                updateInfo(cls, newInfo)
+                updateInfo(cls, newInfo, cls.owner)
                 capt.println(i"update class info of $cls with parents $ps selfinfo $selfInfo to $newInfo")
                 cls.thisType.asInstanceOf[ThisType].invalidateCaches()
                 if cls.is(ModuleClass) then
@@ -721,7 +746,7 @@ class Setup extends PreRecheck, SymTransformer, SetupAPI:
                   // This would potentially give stackoverflows when setup is run repeatedly.
                   // One test case is pos-custom-args/captures/checkbounds.scala under
                   // ccConfig.alwaysRepeatRun = true.
-                  updateInfo(modul, CapturingType(modul.info, selfCaptures))
+                  updateInfo(modul, CapturingType(modul.info, selfCaptures), modul.owner)
                   modul.termRef.invalidateCaches()
           case _ =>
       case _ =>
 
@@ -56,6 +56,6 @@ object ccConfig:
 
   /** Not used currently. Handy for trying out new features */
   def newScheme(using Context): Boolean =
-    Feature.sourceVersion.stable.isAtLeast(SourceVersion.`3.8`)
+    Feature.sourceVersion.stable.isAtLeast(SourceVersion.`3.7`)
 
 end ccConfig
@@ -260,9 +260,17 @@ object root:
 
   end CapToFresh
 
-  /** Maps cap to fresh */
+  /** Maps cap to fresh. CapToFresh is a BiTypeMap since we don't want to
+   *  freeze a set when it is mapped. On the other hand, we do not want Fresh
+   *  values to flow back to cap since that would fail disallowRootCapability
+   *  tests elsewhere. We therefore use `withoutMappedFutureElems` to prevent
+   *  the map being installed for future use.
+   */
   def capToFresh(tp: Type, origin: Origin)(using Context): Type =
-    if ccConfig.useSepChecks then CapToFresh(origin)(tp) else tp
+    if ccConfig.useSepChecks then
+      ccState.withoutMappedFutureElems:
+        CapToFresh(origin)(tp)
+    else tp
 
   /** Maps fresh to cap */
   def freshToCap(tp: Type)(using Context): Type =
 
@@ -312,6 +312,7 @@ object NameKinds {
 
   /** Other unique names */
   val CanThrowEvidenceName: UniqueNameKind   = new UniqueNameKind("canThrow$")
+  val TryOwnerName: UniqueNameKind           = new UniqueNameKind("try$")
   val TempResultName: UniqueNameKind         = new UniqueNameKind("ev$")
   val DepParamName: UniqueNameKind           = new UniqueNameKind("(param)")
   val LazyImplicitName: UniqueNameKind       = new UniqueNameKind("$_lazy_implicit_$")