Because 98% of the platforms that actually have a modern C++ compiler have a pretty standard scalar layout that differs only by endian (or word size). That is probably to be useful to somebody. No need to take that functionality away just because it wouldn't have worked on a platform that stopped being sold two decades ago.

Howard

The intended semantics is:

struct MyHashAlgorithm
{
static constexpr std::endian endian = std::endian::big;
// ...
};

means: Attention hash_append function: Prior to feeding MyHashAlgorithm bytes from scalar types, map them (from native) into big endian. So if two platforms had scalars with identical layout except for endian, the two platforms could generate identical hash codes for identical scalar input.
I am unsure.

One can easily build hash functors that can be seeded, for example:

http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2014/n3980.html#seeding

I.e. you choose a seed (key?) and use that to initialize the HashAlgorithm. And then the hash functor runs the update and finalization stages in the same way as previously shown.

One could also prepend a message, by updating the HashAlgorithm with a key prior to updating it with the message. Or one could append a message by updating the HashAlgorithm just prior to running the finalization stage.

But I am unsure if the abilities of seeding, prepending and appending are sufficient to generate a HMAC.

Howard

Possibly
I'd say it's the job of hash_append() provided by the implementation for
the native bultin types to take care of this. If the Hasher has endian
requirements, x gets swapped as necessary and its contiguous (value
representing)*octets* fed to the Hasher in order of least to most
significant (or reversed). Every introductory course to programming I
have ever witnessed talks in lengths about bytes and how they make up
ints and what endianess is and so forth. I consider this basic
knowledge. The standardese has to describe this in detail of course (as
far as it can considering the C++ abstract machine), but I think for the
sake of this discussion what happens is clear. The real challenge I
think is figuring out how to define it portably for machines not
operating on multiples of 8 bit (if this is deemed relevant).
Then I wonder who you want to put the burden on: the implementation or
the user? I do do think portability is possible (certainly for machines
with 8*n bits) by only providing hash_append for selected native bultin
(maybe only unsigned) types which are either equivalent on all
architectures supporting them; or don't exist at all. At least if you
are on an architecture without these typedefs the compiler will kindly
remind you that your data structure is incompatible, instead of
producing funny hashes.
Well sadly we have the sized typedefs officially only since 11...
Whether it's an enable_if dance or predefined overloads doesn't really
matter as long as it does the job. This was more of an exposition.
This is an issue that was discussed previously and I don't know if there
was a consensus. It's nested containers where it becomes headache-inducing.
is_contiguously_hashable for the scalar types was just a tool for the
enable_if exposition (which may or may not be used). The implementation
should know how to turn these types into octet streams.
As far as I understad it's primarily for optimization and boilerplate
reduction. If all bytes of my struct contribute to its value
representation without any padding, and endianess doesn't apply, I can
shove the entire struct (or array thereof) in the hungry maw of (void*,
size_t), and as has been mentioned earlier there are CPUs with hash/CRC
instructions so there is optimization potential present. This is usually
true for scalar types. For compound types it is upon the author of the
type to decide if this is true or not. This is obviouly not a good
solution if the hash has to be communicated to the outside world where
endianess may matter. The introduction of hash_append_contiguous() may
make this trait obsolete. There's only the question left whether
defining a class partial specialization or a forwarding function
overload is less effort and less prone to error by the user. But I think
the trait approach makes it easier to apply the information
transitively. Plus you get a query for static_assert to check whether
your assumptions about the types of member variables hold:

// All three types have no padding, only value bytes, endianess doesn't
matter.
// Ensured with type_traits and whatnot.
struct A { ... };
struct B { ... };
struct C
{
A a;
B b;
int i;
};

// Overload solution 1
void hash_append(Hasher& h, const A& x) { ... }
void hash_append(Hasher& h, const B& x) { ... }
void hash_append(Hasher& h, const C& x)
{
// Compiler may not figure out the entire struct can go in one big
gulp,
// making the optimization unlikely.
hash_append(h, x.a);
hash_append(h, x.b);
hash_append(h, x.i);
}

// Overload solution 2
void hash_append(Hasher& h, const C& x)
{
// There is no way to ensure this is actually correct
// because we cannot check it for A and B
hash_append_contiguous(addressof(x), sizeof(x));
}

// Traits solution
struct is_contiguously_hashable<Hasher, A> : true_type { };
struct is_contiguously_hashable<Hasher, B> : true_type { };
struct is_contiguously_hashable<Hasher, C> : true_type
{
// Sprinkle code with magic static_assert dust to ensure
// our assumptions about A and B are true.
// (especially if their traits are defined in some other place)
};
Good point about bitset. About my motivation: consider you have to use
uint32_t for your data type because the machine has no uint8_t but only
the lower 8 bit of the integer are to be hashed (the integer is
abstracted in a way as to behave like an 8 bit value), the upper 24 bits
must be discarded (not masked) in order to produce identical signatures
as on some remote machine that has direct 8 bit support. This
information cannot be provided using only the builtin scalar types.
bitset is a nice solution to this.
I didn't specify n in terms of sizeof() but *octets*. The hasher has to
know how to extract the octets from the pointed to contiguous octet
stream. Forget sizeof(char), this is very carefully defined as the
number of octets pointed to by the pointer. If sizeof(int) ==
sizeof(char) == 1, int has 32 bits, and all bits shall be hashed, then
it still holds that n == 4.
The "user-level policy" you refer to is presented by Howard as
is_contiguously_hashable. But regardless of any traits one has always
the liberty of overloading hash_append() for cases like this or call
hash_append for the relevant members manually for a case like you
describe. I see is_contiguously_hashable primarily as a hint for
optimization (and reduction of boilerplate , and compile time checking
with static_assert).
I agree, and I was merely talking about the atomic building blocks (the
std::lib job of stuffing bytes) which depend on the
implementation/machine, Hasher endianess and whatnot. If the arithmetic
Ts (and underlying values for enums) are exposed in the interface using
explicitly sized integer types. There should of course be further
overloads for the compound std types, containers, and stuff.
Miro

:-)
As currently coded, the run-time-sized containers append the size of the container. This is to prevent hash collision between:

vector<vector<int>>{{}, {1}} and vector<vector<int>>{{1}, {}},

which if they did not include a size() in their message, would both result in the same message to the hash algorithm, and thus both generate the same the hash code.

Append was chosen as opposed to prepend so that forward_list<T> would not have to traverse twice during hash_append.

Markers such as "begin container" and "end container" were also considered, but appending the size was considered to be simpler and more economical than the alternatives.
I think designing for a portable implementation of (for example) SHA256 for non-8-bit-byte platforms is an over-reaching goal. Forgetting hash_append, and even C++, and designing whatever API you cared for, how would you write an implementation of SHA256 that was byte-size agnostic? And how would that impact the API of SHA256?

Today, the SHA256 implementations I've seen (written in C) are simply #ifdef'd on endian, and are not portable to non-8-bit-byte platforms. The hash_append proposal is not trying to impact this status-quo. I consider all of this HashAlgorithm details to be worked out by the HashAlgorithm author.
I anxiously await your prototype.
You are correct, assuming on this platform that all bits in both int and char participate in the type's representation. OTOH, if char is padded with 24 bits of random values, the hash_append will be prohibited (by the specification) from sending those random bits to the hash algorithm. hash_append might (for example) zero all the padding bits before sending the byte to the hashing algorithm.
Correct again.
<shrug> My understanding is that hash algorithms consume bytes (and sometimes bits). They don't care what the type is. If we want to enforce that the same byte representation for two different types sends different byte streams to the hashing algorithm, hash_append is the right place to make that customization.
The hash algorithm 'h' is going to see bytes, no matter what we do (void* or unsigned char*). Whether hashing algorithms change those bytes into octets (or words) or not is completely within their implementation.

If the committee proclaims that the "message" sent by a 32 bit int should be different than the "message" sent by a 32 bit char should be different, so be it. The current hash_append proposal purposefully does not dictate such details. My feeling is that dictating such details is bound to adversely impact efficiency, but I am happy to see those details worked out in committee.
but the algorithm will see bytes,
do you mean aspect 1 (input), or aspect 2 (output), or both?
This part sounds exactly what I'm proposing, except that the specification is applied to std::sha256 (and all hashing algorithms in general), instead of to std::uhash (and all hash functors in general).

The hash functor is the wrong place to specify endian requests because the hash functor should be as simple as possible. It is only responsible for:

1. Initializing the hash algorithm.
2. Updating the hash algorithm with a single value.
3. Finalizing the hash algorithm.

template <class T>
result_type
operator()(T const& t) const noexcept
{
Hasher h;
hash_append(h, t);
return static_cast<result_type>(h);
}

With as-simple-as-possible hash functor requirements, one maximizes the ability of the programmer to create a custom hash functor to do things such as seeding and/or salting.

On the other hand, hash_append is the perfect place to respond to such a request as hash_append will know what type to be hashed it is dealing with (which may or may not have endian concerns), and what type of hash algorithm it is dealing with. If the hash algorithm specifies the desired endian input, this is very easily taken care of. For example:

template <class HashAlgorithm>
hash_append(HashAlgorithm& h, char c) noexcept
{
h(&c, 1); // never any endian concerns
}

On the other hand, for scalars > 1:

template <class HashAlgorithm>
hash_append(HashAlgorithm& h, int i) noexcept
{
if (HashAlgorithm::endian != endian::native)
i = convert_native_to(i, HashAlgorithm::endian)
h(&i, sizeof(i));
}

The above does not have to be the literal implementation. I would prefer compile-time branching instead of run-time branching on the compile-time question of endian. But I'm just trying to simplify the presentation. And note that for platforms where sizeof(int) == sizeof(char) (and all bits are part of the representation), the std::lib implementation simplifies down to:

template <class HashAlgorithm>
hash_append(HashAlgorithm& h, char c) noexcept
{
h(&c, 1); // never any endian concerns
}

template <class HashAlgorithm>
hash_append(HashAlgorithm& h, int i) noexcept
{
h(&i, 1); // never any endian concerns
}

I.e. the implementation of the std::lib isn't portable. But that's ok. The std::lib implementors write non-portable code so that we don't have to.

If all bits *are not* part of the representation, then the std::lib implementation must mask off or zero the padding bits prior to sending a message to the hash algorithm.
Agreed.
This is precisely the optimization that my hash_proposal has gone to great lengths to preserve. And also for std::string, std::vector<int>, std::array<int>, std::pair<int, int>, std::vector<std::pair<int, int>>, std::vector<std::tuple<int, int, int, int>>, etc, etc.
If by "display purposes" you also mean transmission across a network, I agree, though for me it is a major detail.

Howard