Transitive const sucks

Wed Sep 12 20:13:15 PDT 2007

Bill Baxter Wrote:

> Walter Bright wrote:
> 
> > 1) Programmers aren't that good. Sure, a few are, but most of us aren't, 
> > and we write code we imagine is thread safe but really isn't. See Scott 
> > Meyer's article on double checked locking, for example.
> > 
> > 2) Even if a programmer is that good, programmers still have bad days. 
> > It's why pilots have checklists for everything, and always use them, no 
> > matter how well they've memorized them.
> > 
> > 3) Programmers being good doesn't help the code auditor, who has to 
> > always assume the worst.
> > 
> > 4) Automation to detect flaws is better than relying on human failings.
> 
> You use these arguments to justify that it's the compiler's job to help 
> the user write thread-safe code.  However, the same exact arguments 
> apply to helping the user write "modification-safe" code -- I.e. code 
> that doesn't modify anything not intended.  This is what C++'s 
> const/mutable combo gives you, and it seems useful to me.
> 
>  > C++'s is not intuitive, marginally useful, and not checkable.
> 
> Well, there's no proof at this point that D's const will be any more 
> intuitive than C++'s (so far it's seeming less so).  As for "marginally 
> useful" -- C++ const helps people document the intended logical 
> operation of their code.  It's quite useful in that.  Just not for 
> optimization or multithreading purposes.    As for "not checkable" -- 
> what are all those "const int* doesn't match int*" errors I get when I 
> try to compile my C++ code?  It serves its purpose.
> 
> You are fond of comparing C++ const to painting a black stripe on your 
> chest and calling it a seat belt.  It's humorous, but the comparison is 
> inapt.  C++ const is in fact a *LOT* like a seat belt in that it'll save 
> your a** maybe 90% of the time, but not that other 10%.  A painted 
> stripe will save you %0 of the time, and that's simply not true of C++ 
> const.  Used properly, const in C++ probably points out something like 
> 90% of potentially dangerous mistakes.  Note: *Not talking about 
> multithreading mistakes here!*, but rather more mundane mistakes.  But 
> programmers make plenty of the mundane kinds too.
> 
> I think a more apt seatbelt analogy would be "seatbelts are worthless 
> because all it takes is a simple pair of scissors to render them 
> ineffective."  That doesn't make seatbelts any less useful for those of 
> use who use them properly.  What you're after with D's const is not a 
> seatbelt but like some sort of full-body airbag that will let you drive 
> into oncomming traffic at 200MPH and still walk away unscathed.  (like 
> this maybe: http://www.zorb.com/ :-))
> 
> The goal of making life easy for multithreaded programming is great. 
> But I think the less stringent variant of const found in C++ also has 
> its uses.  Maybe it's impossible to design a usable system that provides 
> both, but I think you do the entire C++ community a disservice by 
> offhandedly condemning C++ const as merely 'marginally useful'.
> 
> --bb

D's current const fixes both problems rather nicely, I still can't see the big argument against it semantically (syntax is a matter of taste, I like it, but it appears no one else does).