I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted?

On 8/30/2014 9:27 AM, "Nordlöw" wrote:
> I just noticed that AA rehash is @system. Is there a reason for this? Is
> it system because bad things can happen or simply because it's a low
> level function? Should I always tag functions calling rehash as @trusted?

Rehash itself would have to be marked @trusted rather than @safe if anything.

On Saturday, 30 August 2014 at 14:55:19 UTC, Orvid King wrote:
> Rehash itself would have to be marked @trusted rather than @safe if anything.

I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be "proven" through the type-system.

On Saturday, 30 August 2014 at 15:32:36 UTC, Nordlöw wrote:
> I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be "proven" through the type-system.

Should I change it to @trusted in a PR?

On Sat, 30 Aug 2014 15:36:12 +0000
"Nordlöw" via Digitalmars-d-learn <digitalmars-d-learn@puremagic.com>
wrote:

> Should I change it to @trusted in a PR?
i think it would be good. it's the way it works.

there are some places where such flags aren't set in druntime, and we should clean that up one by one. it's hard to go thru all the sources when introducing new attribute, so cleanup can be made in small steps. ;-)

On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:
> I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted?

AFAIK, the whole problem is one of attributes, and run-time inference.

AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash();

The issue is that here, you need to support *all* of the hash function for *all* of the T types.

If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context.

If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions.

Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.

On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
> Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.

Isn't there anyway to say that rehash() should infer safeness from typeinfo(T).hash() provided that its safeness is visible in the call context?

On Saturday, 30 August 2014 at 17:55:04 UTC, Nordlöw wrote:
> On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
>> Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
>
> Isn't there anyway to say that rehash() should infer safeness from typeinfo(T).hash() provided that its safeness is visible in the call context?

Maybe. The compiler might be able to do it. But that would only add more compiler support for AA's, when we are trying to phase that out.

On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
> On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:
>> I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted?
>
> AFAIK, the whole problem is one of attributes, and run-time inference.
>
> AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash();

AFAICS, it doesn't:
https://github.com/D-Programming-Language/druntime/blob/master/src/rt/aaA.d#L355-L412

The computed hash is cached in the buckets. It doesn't even access the typeid that it gets passed from the user-facing rehash().

This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates.

>
> The issue is that here, you need to support *all* of the hash function for *all* of the T types.
>
> If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context.
>
> If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions.
>
> Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.

On Saturday, 30 August 2014 at 18:16:37 UTC, Marc Schütz wrote:
> This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates.

https://github.com/D-Programming-Language/druntime/pull/942