• via Digitalmars-d-bugs (28/28) Jun 15 2017 https://issues.dlang.org/show_bug.cgi?id=17507

via Digitalmars-d-bugs <digitalmars-d-bugs puremagic.com> writes:

https://issues.dlang.org/show_bug.cgi?id=17507

          Issue ID: 17507
           Summary: Associative Array range operations should be marked
                     safe
           Product: D
           Version: D2
          Hardware: All
                OS: All
            Status: NEW
          Keywords: safe
          Severity: enhancement
          Priority: P1
         Component: druntime
          Assignee: nobody puremagic.com
          Reporter: schveiguy yahoo.com

All the operations *can* be safe, but are not currently. All problems happen
when the AA is rehashed.

For instance, if the AA is rehashed, the range may be referring to an empty
bucket. In this case, the element is null. Fetching the key returns a null
pointer (safe), fetching the value, returns a null pointer + sizeof(key)
(unsafe). We can fix this, and then mark the front call safe completely. Note
that the current front call is  trusted, that should be removed and the actual
call into the runtime marked  safe.

Another issue: if the rehash shrinks the array, then the index could be out of
bounds. Since druntime is compiled in release mode without bounds checks, the
range could corrupt memory if used at that point. It would cost very little to
check the index against the length of the array before returning.

--