On 18 December 2016 at 18:31, Serhiy Storchaka <storchaka@gmail.com> wrote:
Later I'm planning following changes:

* Add the const qualifier to the result of functions that return references to internal representation of immutable objects, like PyBytes_AS_STRING() or PyUnicode_DATA(). While CPython internally can modify the content of immutable objets, this is very dangerous, because this can invalidates invariants and cached values. Third-party code shouldn't do this.

* Add the const qualifier to the format field of Py_buffer. It is a reference to C string literal or to the content of bytes object. Mutating its content is an error. Only _testbuffer overuses the format field of internal Py_buffer object for owning a reference to allocated memory. But this is not leaked outside.

What are you think about this?

As long as it's on the default branch with appropriate notes in the C porting section of the 3.7 What's New, turning these kinds of runtime errors into compilation errors sounds like the right thing to do to me.

One key aspect from my perspective is that code that is updated to correctly declare the destination storage as a const pointer will still compile against the old API variants that return a mutable pointer, so any problems this finds in third party code are likely to be resolved for older 3.x releases as well.


Nick Coghlan   |   ncoghlan@gmail.com   |   Brisbane, Australia