http://d.puremagic.com/issues/show_bug.cgi?id=2544
Summary: implicit const casting rules allow violations of const- safety Product: D Version: 2.022 Platform: PC OS/Version: Linux Status: NEW Keywords: spec Severity: major Priority: P2 Component: DMD AssignedTo: bugzi...@digitalmars.com ReportedBy: la...@virginia.edu The const system allows const views of mutable data; however, when used with enough levels of indirection, accidental mutable access of const data is also possible. The smallest example I have found is ---- const(real)[] constants = [3.14159265358979323844L, 2.71828182845904523536L]; real[][][] unconsted = [[[]]]; // create mutable data const(real)[][][] unsafe = unconsted; // and a partially-constant view of it unsafe[0] = [constants]; // place const data in the const view unconsted[0][0][0] = 3.14L; // simplify pi using the mutable view ---- This is obviously contrived, but several of these layers of indirection can be achieved (less succinctly but more commonly) using ref parameters to methods instead. I think that it suffices to require most intermediate levels of const-ness to be illegal; you can either have the original const-ness or a more-const formal with at most (I think) 2 levels of mutable indirection remaining: const(T[])[][] assigned from T[][][] is OK, const(T)[][][] assigned from T[][][] is not OK. I have not been able to prove two levels is safe, but I have also not been able to construct a counterexample. --