www.digitalmars.com         C & C++   DMDScript  

digitalmars.D.learn - Why is rehash not safe?

reply =?UTF-8?B?Ik5vcmRsw7Z3Ig==?= <per.nordlow gmail.com> writes:
I just noticed that AA rehash is  system. Is there a reason for 
this? Is it system because bad things can happen or simply 
because it's a low level function? Should I always tag functions 
calling rehash as  trusted?
Aug 30 2014
next sibling parent reply Orvid King <blah38621 gmail.com> writes:
On 8/30/2014 9:27 AM, "Nordlöw" wrote:

 I just noticed that AA rehash is  system. Is there a reason for this? Is
 it system because bad things can happen or simply because it's a low
 level function? Should I always tag functions calling rehash as  trusted?


Rehash itself would have to be marked  trusted rather than  safe if 
anything.
Aug 30 2014
parent reply =?UTF-8?B?Ik5vcmRsw7Z3Ig==?= <per.nordlow gmail.com> writes:
On Saturday, 30 August 2014 at 14:55:19 UTC, Orvid King wrote:

 Rehash itself would have to be marked  trusted rather than 
  safe if anything.


I agree, that would be more in line with my understanding of when 
to use  trusted---when a function is safe but it can't be 
"proven" through the type-system.
Aug 30 2014
parent reply =?UTF-8?B?Ik5vcmRsw7Z3Ig==?= <per.nordlow gmail.com> writes:
On Saturday, 30 August 2014 at 15:32:36 UTC, Nordlöw wrote:

 I agree, that would be more in line with my understanding of 
 when to use  trusted---when a function is safe but it can't be 
 "proven" through the type-system.


Should I change it to  trusted in a PR?
Aug 30 2014
parent ketmar via Digitalmars-d-learn <digitalmars-d-learn puremagic.com> writes:
On Sat, 30 Aug 2014 15:36:12 +0000
"Nordl=C3=B6w" via Digitalmars-d-learn <digitalmars-d-learn puremagic.com>
wrote:


 Should I change it to  trusted in a PR?


i think it would be good. it's the way it works.

there are some places where such flags aren't set in druntime, and we
should clean that up one by one. it's hard to go thru all the sources
when introducing new attribute, so cleanup can be made in small
steps. ;-)
Aug 30 2014
prev sibling parent reply "monarch_dodra" <monarchdodra gmail.com> writes:
On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:

 I just noticed that AA rehash is  system. Is there a reason for 
 this? Is it system because bad things can happen or simply 
 because it's a low level function? Should I always tag 
 functions calling rehash as  trusted?


AFAIK, the whole problem is one of attributes, and run-time 
inference.

AA's are mostly run-time implemented. When you have a U[T], and 
you want to rehash, then the AA will make a run-time call to 
typeinfo(T).hash();

The issue is that here, you need to support *all* of the hash 
function for *all* of the T types.

If you make rehash  trusted, then you may end up calling  system 
hash functions in a  safe context.

If you make it  safe, then you either break code, or make it 
impossible for end users to provide their  system hash functions.

Really, it's lose-lose. The only (AFAIK) solution is to migrate 
AA's to a template-library that individually infers the correct 
safety for every types.
Aug 30 2014
next sibling parent reply =?UTF-8?B?Ik5vcmRsw7Z3Ig==?= <per.nordlow gmail.com> writes:
On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:

 Really, it's lose-lose. The only (AFAIK) solution is to migrate 
 AA's to a template-library that individually infers the correct 
 safety for every types.


Isn't there anyway to say that rehash() should infer safeness 
from typeinfo(T).hash() provided that its safeness is visible in 
the call context?
Aug 30 2014
parent "monarch_dodra" <monarchdodra gmail.com> writes:
On Saturday, 30 August 2014 at 17:55:04 UTC, Nordlöw wrote:

 On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra 
 wrote:

 Really, it's lose-lose. The only (AFAIK) solution is to 
 migrate AA's to a template-library that individually infers 
 the correct safety for every types.


 Isn't there anyway to say that rehash() should infer safeness 
 from typeinfo(T).hash() provided that its safeness is visible 
 in the call context?


Maybe. The compiler might be able to do it. But that would only 
add more compiler support for AA's, when we are trying to phase 
that out.
Aug 30 2014
prev sibling parent reply "Marc =?UTF-8?B?U2Now7x0eiI=?= <schuetzm gmx.net> writes:
On Saturday, 30 August 2014 at 17:31:54 UTC, monarch_dodra wrote:

 On Saturday, 30 August 2014 at 14:27:04 UTC, Nordlöw wrote:

 I just noticed that AA rehash is  system. Is there a reason 
 for this? Is it system because bad things can happen or simply 
 because it's a low level function? Should I always tag 
 functions calling rehash as  trusted?


 AFAIK, the whole problem is one of attributes, and run-time 
 inference.

 AA's are mostly run-time implemented. When you have a U[T], and 
 you want to rehash, then the AA will make a run-time call to 
 typeinfo(T).hash();


AFAICS, it doesn't:
https://github.com/D-Programming-Language/druntime/blob/master/src/rt/aaA.d#L355-L412

The computed hash is cached in the buckets. It doesn't even 
access the typeid that it gets passed from the user-facing 
rehash().

This means that _aaRehash() can probably marked as  trusted; 
rehash() will then be automatically inferred as  safe, because 
it's a set of templates.


 The issue is that here, you need to support *all* of the hash 
 function for *all* of the T types.

 If you make rehash  trusted, then you may end up calling 
  system hash functions in a  safe context.

 If you make it  safe, then you either break code, or make it 
 impossible for end users to provide their  system hash 
 functions.

 Really, it's lose-lose. The only (AFAIK) solution is to migrate 
 AA's to a template-library that individually infers the correct 
 safety for every types.
Aug 30 2014
parent =?UTF-8?B?Ik5vcmRsw7Z3Ig==?= <per.nordlow gmail.com> writes:
On Saturday, 30 August 2014 at 18:16:37 UTC, Marc Schütz wrote:

 This means that _aaRehash() can probably marked as  trusted; 
 rehash() will then be automatically inferred as  safe, because 
 it's a set of templates.


https://github.com/D-Programming-Language/druntime/pull/942
Aug 30 2014