Summary: implicit const casting rules allow violations of const-
           Product: D
           Version: 2.022
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Keywords: spec
          Severity: major
          Priority: P2
         Component: DMD

The const system allows const views of mutable data; however, when used with
enough levels of indirection, accidental mutable access of const data is also

The smallest example I have found is

const(real)[] constants = [3.14159265358979323844L, 2.71828182845904523536L];
real[][][] unconsted = [[[]]];        // create mutable data
const(real)[][][] unsafe = unconsted; // and a partially-constant view of it
unsafe[0] = [constants];              // place const data in the const view
unconsted[0][0][0] = 3.14L;           // simplify pi using the mutable view

This is obviously contrived, but several of these layers of indirection can be
achieved (less succinctly but more commonly) using ref parameters to methods

I think that it suffices to require most intermediate levels of const-ness to
be illegal; you can either have the original const-ness or a more-const formal
with at most (I think) 2 levels of mutable indirection remaining: 
    const(T[])[][] assigned from T[][][] is OK, 
    const(T)[][][] assigned from T[][][] is not OK.
I have not been able to prove two levels is safe, but I have also not been able
to construct a counterexample.


Reply via email to