1. 15
  1.  

  2. 4

    Talking about the C++ parts, because I know nothing about D, and a leetle bit about C++: A core complaint of this article is summed up by this statement

    All of this means that const actually provides zero guarantees about an object not being mutated

    Yes, C++ is one of those languages where there are no guarantees. If you let a madman loose on your code base, you will need to look over your shoulder for the rest of your life.

    But, I would describe C++ as the language of consenting adults. I’ve had code where I’ve passed an object as const but I needed to mark some things as mutable. This has happened to me because of locks and there is a nice discussion about mutable here.

    I guess this article is another piece in a larger dialog that pushes for languages to save us from ourselves, but that protection always comes at a cost. Always.

    1. 11

      I think the issue is that even the brightest consenting adults keep making mistakes that have disastrous consequences. And you’re right that safety comes at a cost, but for a lot code it’s free, and we can explicitly mark things as footgun when needed, instead of it being the default.

      1. 6

        Yes, C++ is one of those languages where there are no guarantees. If you let a madman loose on your code base, you will need to look over your shoulder for the rest of your life.

        I would suggest that a more useful rubric for evaluating safety features like const is less “will it save me from a madman in my codebase” and more “will it prevent me from gunfooting myself in some subtle way that ends up leaking sensitive information” or “killing a patient” or some equally costly event.

        My feeling on features like this really changed when realized that to a first approximation, nobody is designing them to make madmen sane or idiots brilliant. Rather, these features are designed as a pragmatic, FAA-style response to the fact that we are human and that no amount of smarts or paying attention will ever prevent us from unintentionally screwing up, with terrible consequences. Therefore, our tools should accommodate our fallibility if we are ever to deliver less spectacularly crappy software than is the current norm.

        1. 4

          I’ve had code where I’ve passed an object as const but I needed to mark some things as mutable. This has happened to me because of locks and there is a nice discussion about mutable here.

          This is not limited to c++. For example in Rust, std::sync::Mutex::lock borrows immutably, but when check implementation, you will see that all it does is call unsafe methods. The difference is that c++ does not pretend that locking is const, but rust pretends that locking is safe. In both cases it is up to author of library to make sure that logical constnes/safeness is preserved.

          1. 0

            C++ is a language for consenting adults.

            Love this, going to have to steal it.