Why is rehash not @safe?
I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted?
Re: Why is rehash not @safe?
On 8/30/2014 9:27 AM, Nordlöw wrote: I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted? Rehash itself would have to be marked @trusted rather than @safe if anything.
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 14:55:19 UTC, Orvid King wrote: Rehash itself would have to be marked @trusted rather than @safe if anything. I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be proven through the type-system.
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 15:32:36 UTC, Nordlöw wrote: I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be proven through the type-system. Should I change it to @trusted in a PR?
Re: Why is rehash not @safe?
On Sat, 30 Aug 2014 15:36:12 + Nordlöw via Digitalmars-d-learn digitalmars-d-learn@puremagic.com wrote: Should I change it to @trusted in a PR? i think it would be good. it's the way it works. there are some places where such flags aren't set in druntime, and we should clean that up one by one. it's hard to go thru all the sources when introducing new attribute, so cleanup can be made in small steps. ;-) signature.asc Description: PGP signature
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote: I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted? AFAIK, the whole problem is one of attributes, and run-time inference. AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash(); The issue is that here, you need to support *all* of the hash function for *all* of the T types. If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context. If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions. Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote: Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types. Isn't there anyway to say that rehash() should infer safeness from typeinfo(T).hash() provided that its safeness is visible in the call context?
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote: On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote: I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted? AFAIK, the whole problem is one of attributes, and run-time inference. AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash(); AFAICS, it doesn't: https://github.com/D-Programming-Language/druntime/blob/master/src/rt/aaA.d#L355-L412 The computed hash is cached in the buckets. It doesn't even access the typeid that it gets passed from the user-facing rehash(). This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates. The issue is that here, you need to support *all* of the hash function for *all* of the T types. If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context. If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions. Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
Re: Why is rehash not @safe?
On Saturday, 30 August 2014 at 18:16:37 UTC, Marc Schütz wrote: This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates. https://github.com/D-Programming-Language/druntime/pull/942