D2.0: an example of use-case for casting invariant away

Sat Jun 23 14:57:18 PDT 2007

Don Clugston wrote:
> Bruno Medeiros wrote:
>> Don Clugston wrote:
>>> Regan Heath wrote:
>>>> Walter Bright Wrote:
>>>>> Don Clugston wrote:
>>>>>> Walter Bright wrote:
>>>>>>> With D, you can cast away const-ness, that is legal. But if you 
>>>>>>> subsequently modify the underlying data, that is undefined behavior.
>>>>>> It sounds that in D, it will be too easy to cast away constness 
>>>>>> accidentally.
>>>>>> With C++, at least you can grep for const_cast and detect 
>>>>>> potentially dangerous code, and you get a strong visual clue.
>>>>>> Suppose I've written a D function like this:
>>>>>>
>>>>>> void f(int *b, uint c)
>>>>>> {
>>>>>>   // maybe I'm avoiding a compiler warning or something.
>>>>>>   uint *d = cast(uint *)b;
>>>>>>   d += c;
>>>>>> }
>>>>>>
>>>>>> Months later, I'm refactoring the code, and I convert the int * 
>>>>>> parameter to an invariant, without recognising that it's changing 
>>>>>> the value of b. Oops.
>>>>>>
>>>>>> C++'s const would catch this mistake, but if I understand 
>>>>>> correctly, D will compile it without error. Suddenly the function 
>>>>>> has moved into the realm of undefined behaviour.
>>>>>>
>>>>>> I hope I'm wrong. Or did I miss something?
>>>>> No, you're not missing something. It is a general problem with cast 
>>>>> - cast is a blunt instrument which can easily hide problems.
>>>>
>>>> So.. we're going to have to put up with this potential nasty bug?
>>>>
>>>> What about a new cast which only removes 'const' and/or 'invariant 
>>>> and prohibit normal cast from removing it.
>>>>
>>>> Perhaps calling it 'vary', eg.
>>>>
>>>> void f(const int *b, uint c)
>>>> {
>>>>    int *d = vary() b;
>>>> }
>>>
>>> To avoid a new keyword...
>>>
>>> int* d = cast(break const) b;
>>>
>>> IMHO, we want something that looks really nasty.
>>
>> New keyword? Why a new syntax a at all? This is the kind of stuff that 
>> should be possible to do with D's (current or future) meta programming 
>> capabilities. Here's a small proof of concept of what can currently be 
>> done in D:
> [snip]
> 
> Because as long as _any_ cast can remove const, you haven't fixed the 
> problem.
> The challenge is to make it extremely difficult to remove const, but 
> still possible. And easy to grep for instances of it.

I don't understand. Maybe I'm misunderstanding the problem, but Regan said:
"What about a new cast which only removes 'const' and/or 'invariant
and prohibit normal cast from removing it."
What I proposed was a template that would remove const, and another 
template that would change the core type, but maintain the modifiers 
(such as const/invariant) of the original type. This means *one would 
not use cast (directly) anymore*. This would be easily greppable (if the 
template's names were standard), and would remove the problem of 
accidently removing const/invariant, because you would only remove 
const/invariant (using the appropriate template) when you really want to 
do just that.

-- 
Bruno Medeiros - MSc in CS/E student
http://www.prowiki.org/wiki4d/wiki.cgi?BrunoMedeiros#D