Transitive const sucks

Bill Baxter dnewsgroup at billbaxter.com
Wed Sep 12 19:51:34 PDT 2007


Walter Bright wrote:

> 1) Programmers aren't that good. Sure, a few are, but most of us aren't, 
> and we write code we imagine is thread safe but really isn't. See Scott 
> Meyer's article on double checked locking, for example.
> 
> 2) Even if a programmer is that good, programmers still have bad days. 
> It's why pilots have checklists for everything, and always use them, no 
> matter how well they've memorized them.
> 
> 3) Programmers being good doesn't help the code auditor, who has to 
> always assume the worst.
> 
> 4) Automation to detect flaws is better than relying on human failings.

You use these arguments to justify that it's the compiler's job to help 
the user write thread-safe code.  However, the same exact arguments 
apply to helping the user write "modification-safe" code -- I.e. code 
that doesn't modify anything not intended.  This is what C++'s 
const/mutable combo gives you, and it seems useful to me.

 > C++'s is not intuitive, marginally useful, and not checkable.

Well, there's no proof at this point that D's const will be any more 
intuitive than C++'s (so far it's seeming less so).  As for "marginally 
useful" -- C++ const helps people document the intended logical 
operation of their code.  It's quite useful in that.  Just not for 
optimization or multithreading purposes.    As for "not checkable" -- 
what are all those "const int* doesn't match int*" errors I get when I 
try to compile my C++ code?  It serves its purpose.

You are fond of comparing C++ const to painting a black stripe on your 
chest and calling it a seat belt.  It's humorous, but the comparison is 
inapt.  C++ const is in fact a *LOT* like a seat belt in that it'll save 
your a** maybe 90% of the time, but not that other 10%.  A painted 
stripe will save you %0 of the time, and that's simply not true of C++ 
const.  Used properly, const in C++ probably points out something like 
90% of potentially dangerous mistakes.  Note: *Not talking about 
multithreading mistakes here!*, but rather more mundane mistakes.  But 
programmers make plenty of the mundane kinds too.

I think a more apt seatbelt analogy would be "seatbelts are worthless 
because all it takes is a simple pair of scissors to render them 
ineffective."  That doesn't make seatbelts any less useful for those of 
use who use them properly.  What you're after with D's const is not a 
seatbelt but like some sort of full-body airbag that will let you drive 
into oncomming traffic at 200MPH and still walk away unscathed.  (like 
this maybe: http://www.zorb.com/ :-))

The goal of making life easy for multithreaded programming is great. 
But I think the less stringent variant of const found in C++ also has 
its uses.  Maybe it's impossible to design a usable system that provides 
both, but I think you do the entire C++ community a disservice by 
offhandedly condemning C++ const as merely 'marginally useful'.

--bb



More information about the Digitalmars-d mailing list