About Opentopia
Opentopia Directory Encyclopedia Tools

Const-correctness

Encyclopedia : C : CO : CON : Const-correctness

In computer science, const-correctness is the form of program correctness that deals with the proper declaration of objects as mutable or immutable. The term is mostly used in a C or C++ context, and takes its name from the const keyword in those languages.

The idea of const-ness does not imply that the variable as it is stored in the computer's memory is unwriteable. Rather, const-ness is a compile-time construct that indicates what a programmer may do, not necessarily what he or she can do.

In addition, a class method can be declared as const, indicating that calling that method does not change the object. Such const methods can only call other const methods but cannot assign member variables. (In C++, a member variable can be declared as mutable, indicating that a const method can change its value. Mutable member variables can be used for caching and reference counting, where the logical meaning of the object is unchanged, but the object is not physically constant since its bitwise representation may change.)

Contents

C++ syntax

In C++, all data types, including those defined by the user, can be declared const, and all objects should be unless they need to be modified. Such proactive use of const makes values "easier to understand, track, and reason about,"[#endnote_Sutter] and thus, it increases the readability and comprehensibility of code and makes working in teams and maintaining code simpler because it communicates something about a value's intended use.

Simple data types

For simple data types, applying the const qualifier is straightforward. It can go on either side of the type for historical reasons (that is, const char foo = 'a'; is equivalent to char const foo = 'a';). On some implementations, using const on both sides of the type (for instance, const char const) generates a warning but not an error.

Pointers and references

For pointer and reference types, the syntax is slightly more subtle. A pointer object can be declared as a const pointer or a pointer to a const object (or both). A const pointer cannot be reassigned to point to a different object from the one it is initially assigned, but it can be used to modify the object that it points to (called the "pointee"). (Reference variables are thus an alternate syntax for const pointers.) A pointer to a const object, on the other hand, can be reassigned to point to another object of the same type or of a convertible type, but it cannot be used to modify any object. A const pointer to a const object can also be declared and can neither be used to modify the pointee nor be reassigned to point to another object. The following code illustrates these subtleties:

void Foo( int       *       ptr,
int const *       ptrToConst,
int       * const constPtr,
int const * const constPtrToConst )
To render the syntax for pointers more comprehensible, a rule of thumb is to read the declaration from right to left. Thus, everything before the star can be identified as the pointee type and everything to after are the pointer properties. (For instance, in our example above, constPtrToConst can be read as a const pointer that refers to a const int.)

References follow similar rules. A declaration of a const reference is redundant since references can never be made to refer to another object:

int i = 42;
int const & refToConst = i; // OK
int & const constRef = i; // Error the "const" is redundant
Even more complicated declarations can result when using multidimensional arrays and references (or pointers) to pointers. Generally speaking, these should be avoided or replaced with higher level structures because they are confusing and prone to error.

Methods

In order to take advantage of the design-by-contract strategy for user-defined types (structs and classes), which can have methods as well as member data, the programmer must tag methods as const if they don't modify the object's data members. Applying the const qualifier to methods thus is an essential feature for const-correctness, and is not available in many other object-oriented languages such as Java and C# or in Microsoft's C++/CLI or Managed extensions for C++. While const methods can be called by const and non-const objects alike, non-const methods can only be invoked by non-const objects. This example illustrates:

class C

void Set(int j) // Note the lack of "const"

};


void Foo(C& nonConstC, const C& constC)
Often the programmer will supply both a const and a non-const method with the same name (but possibly quite different uses) in a class to accommodate both types of callers. Consider:

class MyArray

int const & Get(int i) const 
};


void Foo( MyArray & array, MyArray const & constArray )
The const-ness of the calling object determines which version of MyArray::Get() will be invoked and thus whether or not the caller is given a reference with which he can manipulate or only observe the private data in the object. (Returning a const reference to an int, instead of merely returning the int by value, may be overkill in the second method, but the same technique can be used for arbitrary types, as in the Standard Template Library.)

Loopholes to const-correctness

There are two loopholes to pure const-correctness in C and C++. They exist primarily for compatibility with existing code.

The first, which applies only to C++, is the use of const_cast, which allows the programmer to strip the const qualifier, making any object modifiable. The necessity of stripping the qualifier arises when using existing code and libraries that cannot be modified but which are not const-correct. For instance, consider this code:

// Prototype for a function which we cannot change but which
// we know does not modify the pointee passed in.
void LibraryFunc(int *ptr, int size);


void CallLibraryFunc(int const *ptr, int size)
The other loophole applies both to C and C++. Specifically, the languages dictate that member pointers and references are "shallow" with respect to the const-ness of their owners — that is, a containing object that is const has all const members except that member pointees (and referees) are still mutable. To illustrate, consider this code:

struct S
;


void Foo(const S & s)
Although the object s passed to Foo() is constant, which makes all of its members constant, the pointee accessible through s.ptr is still modifiable, though this is not generally desirable from the standpoint of const-correctness because s may solely own the pointee. For this reason, some have argued that the default for member pointers and references should be "deep" const-ness, which could be overridden by a mutable qualifier when the pointee is not owned by the container, but this strategy would create compatibility issues with existing code. Thus, for historical reasons, this loophole remains open in C and C++.

Volatile-correctness

Another qualifier in C and C++, volatile, indicates that an object may be changed by something external to the program at any time and so must be re-read from memory every time it is accessed. The qualifier is most often found in embedded systems, in systems manipulating hardware directly, and in multithreaded applications. It can be used in exactly the same manner as const in declarations of variables, pointers, references, and member functions, and in fact, volatile is sometimes used to implement a similar design-by-contract strategy which might be called volatile-correctness,[#endnote_Alexandrescu] though this is far less common than const-correctness. The volatile qualifier also can be stripped by const_cast, and it can be combined with the const qualifier as in this sample:

// Set up a reference to a read-only hardware register that is
// mapped in a hard-coded memory location.
const volatile int & hardwareRegister  = *reinterpret_cast(0x8000);


int currentValue = hardwareRegister; // Read the memory location
int newValue = hardwareRegister; // Read it again


hardwareRegister = 5; // Error! Cannot write to a const location
Because hardwareRegister is volatile, there is no guarantee that it will hold the same value on two successive reads even though the programmer cannot modify it. The semantics here indicate that the register's value is read-only but not necessarily unchanging.

We can also create volatile pointers, though their applications are rarer:

// Set up a pointer to a read-only memory-mapped register that
// contains a memory address for us to dereference
const int * volatile const tableLookup = reinterpret_cast(0x8004);


int currentTableValue = *tableLookup; // Dereference the memory location
int newTableValue = *tableLookup; // Dereference it again


tableLookup = ¤tTableValue; // Error! Cannot modify a const pointer
Since the address held in the tableLookup pointer can change implicitly, each deference might take us to a different location in a memory-mapped lookup table.

restrict in C99

The C99 language special cases a restrict qualified pointer to a const qualified type in order to notify a compiler that it can assume "strong const" semantics. For example, a compiler is allowed to transform: 
void foo(int *);


int bar(int *a)
into:

int bar(int *a)
However, programmers shouldn't use the restrict qualifier unless they understand the formalism given in the standard because it's extremely easy to create undefined code like the seemingly benign:

int val;
int * restrict a = &val; // ok
int * restrict b = &val; // ok
int * restrict c = a;    // undefined
int *          d = a;    // ok
int * restrict e = d;    // undefined

final in Java

In Java, the qualifier final states that the affected data member or variable is not assignable, as below:

final int i = 3;
i = 4; // Error! Cannot modify a "final" object
It must be decidable by the compilers where the variable with the final marker is initialized, and it must be performed only once, or the class will not compile. Unlike C++'s const, the Java final keyword only protects a variable from assignment, and does not guarantee its immutability. The keyword final can be given to a method definition in Java, but unlike in C++ its semantics are that the method cannot be overridden in subclasses.

It is interesting to note that whereas Java's final and C++'s const keywords have the same meaning when applied with primitive variables, their meanings diverge when applied to method definitions. Java cannot simulate C++'s const methods. Similarly, C++ does not have any feature equivalent to Java's final modifier for methods, although its effect on classes can be simulated by a clever abuse of the C++ friend keyword.[#endnote_cleverabuse]

Interestingly, the Java language specification regards const as a reserved keyword — i.e., one that cannot be used as variable identifier — but assigns no semantics to it. It is thought that the reservation of the keyword occurred to allow for an extension of the Java language to include C++-style const methods. The enhancement request ticket in the Java community process for implementing const correctness in Java was recently closed, implying that const correctness will probably never find its way into the official Java specification.

const and readonly in C#

In C#, the qualifier readonly has the same effect on data members that final does in Java; const has an effect similar (but not equivalent) to that of const in C and C++. (The other, inheritance-inhibiting effect of Java's final when applied to methods and classes is induced in C# with the aid of a third keyword, sealed.)

References

  1.   Herb Sutter and Andrei Alexandrescu (2005). C++ Coding Standards. p. 30. Boston: Addison Wesley. ISBN 0321113586
  2.   ["Generic: volatile — Multithreaded Programmer’s Best Friend Volatile-Correctness or How to Have Your Compiler Detect Race Conditions for You"] by Andrei Alexandrescu in the C/C++ Users Journal's C++ Experts Forum
  3.   [C++ Style and Technique FAQ] by Bjarne Stroustrup

External links

 

From Wikipedia, the Free Encyclopedia. Original article here. Support Wikipedia by contributing or donating.
All text is available under the terms of the GNU Free Documentation License See Wikipedia Copyrights for details.

Search Titles
0123456789
ABCDEFGHIJ
KLMNOPQRST
UVWXYZ?

E-mail this article to:

Personal Message: