-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 12/18/2016 07:54 PM, Nick Coghlan wrote:
On 18 December 2016 at 18:31, Serhiy Storchaka email@example.com wrote:
Later I'm planning following changes:
- Add the const qualifier to the result of functions that return
references to internal representation of immutable objects, like PyBytes_AS_STRING() or PyUnicode_DATA(). While CPython internally can modify the content of immutable objets, this is very dangerous, because this can invalidates invariants and cached values. Third-party code shouldn't do this.
- Add the const qualifier to the format field of Py_buffer. It is a
reference to C string literal or to the content of bytes object. Mutating its content is an error. Only _testbuffer overuses the format field of internal Py_buffer object for owning a reference to allocated memory. But this is not leaked outside.
What are you think about this?
As long as it's on the default branch with appropriate notes in the C porting section of the 3.7 What's New, turning these kinds of runtime errors into compilation errors sounds like the right thing to do to me.
One key aspect from my perspective is that code that is updated to correctly declare the destination storage as a const pointer will still compile against the old API variants that return a mutable pointer, so any problems this finds in third party code are likely to be resolved for older 3.x releases as well.
Agreed. Anything the compiler ralfs on after adding 'const' (where the actual target must be immutable) already had the fuse smoldering. FWIW I help maintain some *old* C extensions (fifteen+ years and counting), and am as likely to be affected as anyone.
Tres - -- =================================================================== Tres Seaver +1 540-429-0999 firstname.lastname@example.org Palladion Software "Excellence by Design" http://palladion.com