Stewart Gordon wrote: > I was just looking at this > http://d.puremagic.com/issues/show_bug.cgi?id=2544 > which describes how it's possible to bypass const by doing this: > > const(int)[] answers = [42]; > int[][] unconsted = [[]]; > const(int)[][] unsafe = unconsted; > unsafe[0] = answers; > unconsted[0][0] = 43; > > The problem is that converting from int[][] to const(int)[][] isn't > safe, even though the language/compiler seems to think it is. > > Really, it's another version of how you can use a DerivedClass[] as a > BaseClass[] and thereby place in it an object that isn't of type > DerivedClass. > > There's actually a simple solution to this: specify that, where > DerivedClass derives from BaseClass, DerivedClass[] cannot be implicitly > converted to BaseClass[], but only to const(BaseClass)[]. > > Java has had something like this for a while, albeit not with arrays. > That is, IIRC, you can assign a DataStructure<DerivedClass> to a > variable of type DataStructure<? extends BaseClass> (or even > DataStructure<? extends DerivedClass>) - this creates a read-only view > of the data structure. My proposal implements the same basic concept as > this, but in a simpler way. (Java also supports write-only 'views' with > DataStructure<? super FurtherDerivedClass>, but I'm not sure we need > anything like this in D at the moment.) > > Now let's apply the same principle to the example in the bug report. > Try defining that, in general, T[][] can be converted to const(T[])[] > but not const(T)[][]. Then > > const(int)[] answers = [42]; > int[][] unconsted = [[]]; > const(int)[][] unsafe = unconsted; > > would be illegal. One would have to do > > const(int[])[] safe = unconsted; > > and now > > safe[0] = answers; > > is illegal.
What about this code? const int[] answers = [42]; int[][] unconsted = [[]]; const(int[])[] safe = unconsted; safe[0] = answers; safe[0][0] = 43;
