[Issue 24793] Allow implicit conversion of const pointers to void*

d-bugmail at puremagic.com d-bugmail at puremagic.com
Thu Nov 21 01:56:09 UTC 2024 

https://issues.dlang.org/show_bug.cgi?id=24793

Jonathan M Davis <issues.dlang at jmdavisProg.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |issues.dlang at jmdavisProg.co
                   |                            |m

--- Comment #2 from Jonathan M Davis <issues.dlang at jmdavisProg.com> ---
The const still tells you whether the data can be mutated, and depending on how
the void* is used, that could actually matter. For instance, there's the
memmove function which this question on stackoverflow which is discussing void*
vs const void* discusses:
https://stackoverflow.com/questions/5547131/c-question-const-void-vs-void

An implicit conversion to void* would render the const on the parameters of
such a function pointless.

And while usually void* is going to be used with C code, it's quite possible
that D code could overload on constness with a void*, and it could behave
differently depending on whether it's given a const or mutable pointer. So,
having const implicitly removed somewhere could then cause issues even if the
rest of the type information is gone. Having the const implicitly disappear
would make it so that there would be one more thing that the programmer would
have to be extremely careful about when dealing with void* when they're already
going to have to be keeping track of what the actual type is somehow in order
to deal with it properly - if it's just being treated as raw memory, then const
matters that much more, because those kinds of functions are typically used for
stuff like blitting memory, and you wouldn't want to accidentally blit onto
const data and thus violate the type system.

So, while yes, a lot of the type safety has been thrown away with void*, the
mutability of the type has not been thrown away, and given how strict D's const
is, I think that throwing it away would be a very bad idea without the
programmer explicitly stating that that's what they want.

Also, at present, the implicit conversion from a mutable pointer to void* is
considered @safe - e.g.

---
void main() @safe
{
    int* i;
    void* v = i;
}
---

whereas it would be completely inappropriate to consider it memory safe if
const is implicitly removed in the process. So, even if we did add such an
implicit conversion, it would need to be @system. But in general, I think that
_any_ kind of implicit removal of const where an independent copy has not been
made is just a terrible idea. Sure, it might make some code nicer, because
fewer casts would be required, but it makes casting away const _much_ easier to
miss when it's inherently the kind of cast where you need to be extremely
careful about it.

The programmer also has to be absolutely certain that the function they're
calling is not actually going to mutate the data, and if the cast is implicit,
it's going to be very easy to not even notice that it's a potential problem.

--

More information about the Digitalmars-d-bugs mailing list