On Jun 9, 2011, at 11:13 AM, Peter Kasting wrote: > On Thu, Jun 9, 2011 at 2:49 AM, Maciej Stachowiak <m...@apple.com> wrote: > I'm not really convinced that casting away const from a return value is > intrinsically safer than casting away const from "this". > > Allowing the caller to mutate the return value is fine because the caller had > a non-const |this| to begin with. We're not making anything less const-safe. >
In principle, the return value could have been retrieved from a container that the immediate callee only has a const reference to. So then casting away const on the return value would be a hazard. The compiler won't protect you from that mistake, just as it won't protect you from casting away const on 'this' and then calling a non-const method with a side effect. Maybe this is paranoid, but not much more paranoid than worrying about accessors suddenly sprouting observable side effects. > Casting away const on |this|, OTOH, allows you to mutate objects even when > you never had permission to begin with. Much different. const is a hint, not "permission", since the caller can cast away const directly. Think of const as a practical tool to help document behaviors, not as an enforced security model. > In any case, my intent is to proceed as Darin and I discussed. Wounds good! Regards, Maciej
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev