const promises (was New linked list)
kris
foo at bar.com
Tue May 16 11:30:11 PDT 2006
Walter Bright wrote:
> Sean Kelly wrote:
>
>> Exactly. And this was the motivation for my suggestion above. If
>> there is no way to prevent the user from subverting a system built
>> upon reference attributes, then the only alternative I can think of
>> would be to build it upon the data itself. D already has the const
>> storage type which does much the same thing: if the user manages to
>> outfox the compiler and modify data in ROM an error will occur. A
>> similar measure of protection could be extended to dynamic data using
>> the page protection features supplied by the memory manager, but there
>> are some obvious problems:
>>
>> - To add data to a protected page the page must either be temporarily
>> unprotected, making it vulnerable to modification by another thread,
>> or it must be modified and the resulting error ignored (which is quite
>> slow).
>>
>> - Such protection is far from granular, as it requires copying data
>> the compiler cannot guarantee will not be modified by user code into a
>> protected memory page. But as far as I'm aware, there is no other way
>> to obtain low-level support for read-only data.
>>
>> I can think of a few possible workarounds to the above problems, but
>> all of them would require special handing of references to const data,
>> and this seems unacceptable for a language like D. But a
>> data-oriented const system seems the only option for something that
>> could actually be exploited by an optimizer. It's just too easy to
>> work around any such attempt built into the language syntax itself.
>> Heck, inline assembler is an obvious and huge back-door to any
>> syntax-oriented protection mechanism. There's simply no point in even
>> considering that route.
>
>
> I have been thinking along the lines of making 'const' a promise *by the
> programmer* not to modify the data, and then the compiler will *assume*
> the promise is kept.
Is there a way you can do this whereby the source-level "tagging" of
these promises is explicit enough for a lint-like tool to operate upon
in a (fully) deterministic manner?
I ask because there seems to be two opposing needs involved to support
the notion of 'const': the complexity and performance of the compiler,
and the facility for a programmer to be informed when they invariably
make a mistake. As language users, we tend to rely upon the latter?
More information about the Digitalmars-d-announce
mailing list