Thread overview | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
August 30, 2014 Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted? |
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Nordlöw | On 8/30/2014 9:27 AM, "Nordlöw" wrote:
> I just noticed that AA rehash is @system. Is there a reason for this? Is
> it system because bad things can happen or simply because it's a low
> level function? Should I always tag functions calling rehash as @trusted?
Rehash itself would have to be marked @trusted rather than @safe if anything.
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Orvid King | On Saturday, 30 August 2014 at 14:55:19 UTC, Orvid King wrote:
> Rehash itself would have to be marked @trusted rather than @safe if anything.
I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be "proven" through the type-system.
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Nordlöw | On Saturday, 30 August 2014 at 15:32:36 UTC, Nordlöw wrote:
> I agree, that would be more in line with my understanding of when to use @trusted---when a function is safe but it can't be "proven" through the type-system.
Should I change it to @trusted in a PR?
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Nordlöw Attachments: | On Sat, 30 Aug 2014 15:36:12 +0000 "Nordlöw" via Digitalmars-d-learn <digitalmars-d-learn@puremagic.com> wrote: > Should I change it to @trusted in a PR? i think it would be good. it's the way it works. there are some places where such flags aren't set in druntime, and we should clean that up one by one. it's hard to go thru all the sources when introducing new attribute, so cleanup can be made in small steps. ;-) |
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Nordlöw | On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:
> I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted?
AFAIK, the whole problem is one of attributes, and run-time inference.
AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash();
The issue is that here, you need to support *all* of the hash function for *all* of the T types.
If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context.
If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions.
Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to monarch_dodra | On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
> Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
Isn't there anyway to say that rehash() should infer safeness from typeinfo(T).hash() provided that its safeness is visible in the call context?
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Nordlöw | On Saturday, 30 August 2014 at 17:55:04 UTC, Nordlöw wrote:
> On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:
>> Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types.
>
> Isn't there anyway to say that rehash() should infer safeness from typeinfo(T).hash() provided that its safeness is visible in the call context?
Maybe. The compiler might be able to do it. But that would only add more compiler support for AA's, when we are trying to phase that out.
|
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to monarch_dodra | On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote: > On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote: >> I just noticed that AA rehash is @system. Is there a reason for this? Is it system because bad things can happen or simply because it's a low level function? Should I always tag functions calling rehash as @trusted? > > AFAIK, the whole problem is one of attributes, and run-time inference. > > AA's are mostly run-time implemented. When you have a U[T], and you want to rehash, then the AA will make a run-time call to typeinfo(T).hash(); AFAICS, it doesn't: https://github.com/D-Programming-Language/druntime/blob/master/src/rt/aaA.d#L355-L412 The computed hash is cached in the buckets. It doesn't even access the typeid that it gets passed from the user-facing rehash(). This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates. > > The issue is that here, you need to support *all* of the hash function for *all* of the T types. > > If you make rehash @trusted, then you may end up calling @system hash functions in a @safe context. > > If you make it @safe, then you either break code, or make it impossible for end users to provide their @system hash functions. > > Really, it's lose-lose. The only (AFAIK) solution is to migrate AA's to a template-library that individually infers the correct safety for every types. |
August 30, 2014 Re: Why is rehash not @safe? | ||||
---|---|---|---|---|
| ||||
Posted in reply to Marc Schütz | On Saturday, 30 August 2014 at 18:16:37 UTC, Marc Schütz wrote: > This means that _aaRehash() can probably marked as @trusted; rehash() will then be automatically inferred as @safe, because it's a set of templates. https://github.com/D-Programming-Language/druntime/pull/942 |
Copyright © 1999-2021 by the D Language Foundation