[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 --- Comment #7 from Seb--- Note that most of this has been fixed in https://github.com/dlang/druntime/pull/1944 and https://github.com/dlang/druntime/pull/1992 Only .keys and .values remain unsafe (updated the title accordingly) See also: https://run.dlang.io/is/JXxN7y --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Sebchanged: What|Removed |Added Blocks||18110 Referenced Issues: https://issues.dlang.org/show_bug.cgi?id=18110 [Issue 18110] most of phobos should be @safe-ly useable --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Walter Brightchanged: What|Removed |Added Keywords||pull --- Comment #6 from Walter Bright --- https://github.com/dlang/druntime/pull/1644 --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Walter Brightchanged: What|Removed |Added Keywords||safe CC||bugzi...@digitalmars.com --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 --- Comment #5 from Chris Wright--- After taking a closer look, AAs already allow you to violate @safety: opEquals and postblit are not required to be @safe, and toHash is only required to be @safe it opEquals is present. This allows you to call @system code from @safe code without a @trusted intermediary. The `keys`, `values`, `byKey`, and `byValue` methods don't use opEquals or toHash but do use postblit. Making them @trusted would exacerbate the existing problem. In the implementation in rt/aaA.d, everything uses RTTI to access opEquals, toHash, and postblit. This obscures the difference, so those methods can't ever be @safe and it's invalid to make them @trusted. (Unless we start requiring opEquals, toHash, and postblit to be @safe.) The wrappers, being templates, can explicitly detect when the types involved can be used safely and mark themselves @trusted in that case. Beyond that huge problem, there are a number of minor things that aaA.d does that aren't @safe but can be made @trusted. Much of the implementation can be brought closer to @safe standards. --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Steven Schveighofferchanged: What|Removed |Added CC||schvei...@yahoo.com --- Comment #4 from Steven Schveighoffer --- I'm unsure why these are not safe in the first place. I think we should be able to make them safe in both implementation and wrapper interface. I'd like to see at least an attempt to make them safe in the implementation (even if we need to have @trusted wrappers for a few lines). --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 --- Comment #3 from Brad Roberts--- Not sure without looking at the implementation. There's a lot of delicate issues with lifetime of memory around the aa code. --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Chris Wrightchanged: What|Removed |Added CC||dhase...@gmail.com --- Comment #2 from Chris Wright --- I can simply make .keys and .values @trusted. Brad Roberts, is that acceptable? These functions, being in druntime and applying to a widely used type, *should* be reliably safe, and there shouldn't be anything special you need to do, no precautions you need to take, to make them work safely. --
[Issue 14439] aa's keys, values, byKey, byValue not usable in @safe context
https://issues.dlang.org/show_bug.cgi?id=14439 Brad Roberts bra...@puremagic.com changed: What|Removed |Added Summary|aa's are essentially|aa's keys, values, byKey, |unusable in @safe contexts |byValue not usable in @safe ||context --- Comment #1 from Brad Roberts bra...@puremagic.com --- module safeaa; void main() @safe { string[string] saa = [ a : 1, b : 2 ]; string s = saa[a]; saa[c] = 3; if (c in saa) {} size_t l = saa.length; foreach(k; saa.keys) {} foreach(k; saa.byKey) {} foreach(v; saa.values) {} foreach(v; saa.byValue) {} } safeaa.d(15): Error: safe function 'D main' cannot call system function 'object.keys!(string[string], string, string).keys' safeaa.d(17): Error: safe function 'D main' cannot call system function 'object.byKey!(string[string], string, string).byKey' safeaa.d(17): Error: safe function 'D main' cannot call system function 'object.byKey!(string[string], string, string).byKey.Result.empty' safeaa.d(17): Error: safe function 'D main' cannot call system function 'object.byKey!(string[string], string, string).byKey.Result.popFront' safeaa.d(17): Error: safe function 'D main' cannot call system function 'object.byKey!(string[string], string, string).byKey.Result.front' safeaa.d(19): Error: safe function 'D main' cannot call system function 'object.values!(string[string], string, string).values' safeaa.d(21): Error: safe function 'D main' cannot call system function 'object.byValue!(string[string], string, string).byValue' safeaa.d(21): Error: safe function 'D main' cannot call system function 'object.byValue!(string[string], string, string).byValue.Result.empty' safeaa.d(21): Error: safe function 'D main' cannot call system function 'object.byValue!(string[string], string, string).byValue.Result.popFront' safeaa.d(21): Error: safe function 'D main' cannot call system function 'object.byValue!(string[string], string, string).byValue.Result.front' I'm not sure why saa.length builds since _aaLen isn't marked @safe. Probably the compiler making assumptions that the code doesn't declare. --