On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:
I just noticed that AA rehash is @system. Is there a reason
for this? Is it system because bad things can happen or simply
because it's a low level function? Should I always tag
functions calling rehash as @trusted?
AFAIK, the whole problem is one of attributes, and run-time
inference.
AA's are mostly run-time implemented. When you have a U[T], and
you want to rehash, then the AA will make a run-time call to
typeinfo(T).hash();
AFAICS, it doesn't:
https://github.com/D-Programming-Language/druntime/blob/master/src/rt/aaA.d#L355-L412
The computed hash is cached in the buckets. It doesn't even
access the typeid that it gets passed from the user-facing
rehash().
This means that _aaRehash() can probably marked as @trusted;
rehash() will then be automatically inferred as @safe, because
it's a set of templates.
The issue is that here, you need to support *all* of the hash
function for *all* of the T types.
If you make rehash @trusted, then you may end up calling
@system hash functions in a @safe context.
If you make it @safe, then you either break code, or make it
impossible for end users to provide their @system hash
functions.
Really, it's lose-lose. The only (AFAIK) solution is to migrate
AA's to a template-library that individually infers the correct
safety for every types.