Deprecating this(this)

Nicholas Wilson iamthewilsonator at hotmail.com
Mon Apr 2 08:08:58 UTC 2018 

On Monday, 2 April 2018 at 00:44:14 UTC, Jonathan M Davis wrote:
> On Monday, April 02, 2018 00:25:52 Nicholas Wilson via 
> Digitalmars-d wrote:
>> On Sunday, 1 April 2018 at 17:08:37 UTC, Andrei Alexandrescu 
>> wrote:
>> > On 4/1/18 10:59 AM, Nicholas Wilson wrote:
>> > [...]
>> > int[] sneaky;
>> > struct A
>> > {
>> >
>> >     private int[] innocent;
>> >     this(this)
>> >     {
>> >
>> >         sneaky = innocent;
>> >
>> >     }
>> >
>> > }
>> > void main()
>> > {
>> >
>> >     immutable a = A([1, 2, 3]);
>> >     auto b = a;
>> >     sneaky[1] = 42; // oops
>> >     import std.stdio;
>> >     writeln(a.innocent); // ooooops
>> >
>> > }
>> >
>> > Sadly this (and many similar ones) compiles and runs 
>> > warning-free on today's compiler. We really need to close 
>> > this loop, like, five years ago.
>>
>> How much of this class of bug would be eliminated by requiring 
>> that `this(this)` be pure for assignment to const and 
>> immutable objects? Arguably this(this) should always be pure 
>> in any sane program. The only reason I can think of is if 
>> you're trying to perf the number of copies you're making, but 
>> there is compiler help for that.
>
> All kinds of things could be done with a postlbit costructor 
> that don't actually involve copying. These include logging or 
> printing something, and they could include stuff like reference 
> counting, which may or may not need access to something 
> external. debug statements would solve some uses cases but not 
> all. Requiring that this(this) be pure has some of the same 
> issues that requiring opEquals to be pure or const or whatever 
> has. It makes sense in _most_ cases, but occasionally, there 
> are good reasons for it not to be - especially in a systems 
> language.

I wasn't suggesting this a global requirement of all this(this)s,
only to the _postblit assignment to const and immutable objects_ 
( where
being pure would to disallow the above bug). Note that this should
still be able to be worked around by cast()s (which are un at safe) 
and therefore require
@trusted to work in @safe code, in which case the programmer has 
presumably
thought about the situation and knows what he's doing.

More information about the Digitalmars-d mailing list