Another C# critique

[Daniel O'Connell [C# MVP]]

emit,

Oh. I don't think I'd care to attempt that


Exactly. Unless there are stumbling blocks I'm not seeing the
interoperability issue should be a relatively minor one. Such an
implementation might also greatly simplify the migration of the BCL and
other existing code to a const correct state. A compiler flag could be used
to disable the compilers own support for checking const correctness and
delegating it to the generic validator. Since this validator would examine
actual usage of references, not declarations of references , it would allow
for the gradual introduction of const correctness in existing code without
any intermediate code breaking what so ever! Coder error barred of course.
Such a switch seems to me to counter every problem with introducing const
that you've brought up so far.

I agree, it certainly helps(although I still think *some* BCL work needs to
be done).

Am I missing anything?
Anyone have a reason why this wouldn't work?

Nothing I can think of right now. This may be a case wehre the technical
aspect is surmountable while the political one isn't. Convincing the ECMA or
Microsoft that const is important would be the bigger problem.

 

[Magnus Lidbom]

I agree, it certainly helps(although I still think *some* BCL work needs to
be done).

No argument there. Such an implementation would not diminish the need for
const correct code in any way. But it would allow the changes to be
introduced gradually, without breaking code along the way. One could go
class by class and insert const where appropriate and everything would still
compile every single step of the way. Barring bugs of course, and finding
those is hardly detrimental . Compare that method of updating the source
to what it would be like if only declarations where examined to verify const
correctness. Just about every added const would cause breakage.

Nothing I can think of right now. This may be a case where the technical
aspect is surmountable while the political one isn't. Convincing the ECMA or
Microsoft that const is important would be the bigger problem.

It may well be. But unless we're missing something the only meaningful
argument against const I've heard so far seems to be void. Maybe this
solution hasn't occurred to the C# team. After all, it is rather unorthodox.
If the decision to forgo const was made assuming that const would be
guraranteed to break language interoperability and that introducing const
correct code would cause severe code breakage along the way, then this
solution, if feasable, just might make them reconsider.

/Magnus Lidbom

 

[Frans Bouma]

Thats the point, ToString() is *NOT* const, its a non-const method.

I know, but that's not too interesting, is it? I mean: it
produces a new value, from the old value, it doesn't change the old value,
therefore isn't altering the old value which is constant. I mean this is
also good code:

// foo.Bar is const
int i = foo.Bar;
i++;

I see that as the same as:
string bar = foo.Bar.ToString();

But perhaps we have a misunderstanding going on somewhere

Meaning you would haveto cast const-ness away to use it. Thats the
annoyance I'm trying to get at.

You have to explain to me why because I don't see this. It's my
understanding that ToString() always produces a new value, so I don't see
why I need to cast away const to be able to use it.

While I agree is compiler sugar, I just think its next to useless if it
is only applicable in one language out of many that *could* source the
code. Exposing it as a bit of metadata markup is one thing, you actually
could write static tools to verify this if you were enterprising enough,
but really integrating it into the language and the runtime is something
else. I don't feel that its proper to just start cramming things in as
"compiler sugar" at this point. I would rather see a clean, well thought
out implementation in V5 instead of a hacked, half-assed one in V3.
Remeber, once it goes in, it can never come back out.

I agree that if C# has 'const' and VB.NET doesn't, it's pretty moot
to mark a property's value as const in C# while you can keep altering it
in VB.NET.

However what's the problem by having it in the CLR? Say const
exists and I have this code in class object myBar:

public const Foo MyFoo
{
get { return _myFoo; }
}

Now, when I do this in C#:
Foo bla = myBar.MyFoo;

I can't alter bla's data, because it is const. Now if I do it in
VB.NET:
Dim bla As Foo = myBar.MyFoo

and say, VB.NET doesn't support const and const would be introduced
as a compiler check, the VB.NET developer would be able to alter bla's
data because VB.NET doesn't know of const, and I agree, this is an issue
with compiler-only const checks, so it's not that valuable.

However, if it is placed in the CLR, the CLR could then throw an
exception if the VB.NETdeveloper does this:

bla.MyProperty = newValue

then, although VB.NET doesn't know const, the CLR can forbid the
alternation of that property because bla is const. You can argue that this
is a bad thing, but why would it be a bad thing? I don't see it. The
developer of Bar clearly stated that MyFoo is a const property, and did
that on purpose. Even though VB.NET doesn't understand const, it can't
alter the object, simple as that.

The though thing now is: how does the VB.NET developer know MyFoo
is a const property? This is, I think an issue of documentation. I mean,
if there is no set clause in a property, setting it to a value also gives
an error.

FB

 

[Daniel O'Connell [C# MVP]]

No argument there. Such an implementation would not diminish the need for
const correct code in any way. But it would allow the changes to be
introduced gradually, without breaking code along the way. One could go
class by class and insert const where appropriate and everything would still
compile every single step of the way. Barring bugs of course, and finding
those is hardly detrimental . Compare that method of updating the source
to what it would be like if only declarations where examined to verify const
correctness. Just about every added const would cause breakage.
ECMA

It may well be. But unless we're missing something the only meaningful
argument against const I've heard so far seems to be void. Maybe this
solution hasn't occurred to the C# team. After all, it is rather unorthodox.
If the decision to forgo const was made assuming that const would be
guraranteed to break language interoperability and that introducing const
correct code would cause severe code breakage along the way, then this
solution, if feasable, just might make them reconsider.

It might, I'm certain someone from MS is reading this, even if they don't
respond. We'll see if it ever flys anywhere. Of course approaching MS and
the EMCA would be another choice. The rotor const implementation is
something else, inclusions in rotor are more likely to be considered(for
one, MS Employees can look at the source to rotor, I don't think they can't
look at OSS source in their area and I don't know if they can use OSS produc
ts). An examiniation of that would probably yield fruitful as well.
Unfortunate that the C# compiler is in C++ however, I'd rather not go back
to using C++ for anything I can avoid, .

Anyway, it also gives rise to an idea that I don't think the framework
currently supports. If the framework was extended to the point where it was
possible to plug in verification units into the run time, something that can
run just before the JIT'er and do analysis on IL on the method being JIT'ed,
such protections and other issues may be additionally avoidable. It would be
a performance issue, to some extent, but as it would only analyze each
method just before the JIT work is done, it would be faster than a scan
before every execution and could be disabled by running ngen for apps with a
vital startup speed. It would be interesting, and an extension point I'd
very much like to see, atleast experimentally. I really do need to suck it
up and take a look at rotor, see if such a mechanism is possible.

 

[Frans Bouma]

Why not use a static field for this and an instance field only for when
the default mapping is overridden?

would have been a good solution indeed.

I'm not sure I understand you. The fields in the above class are entity
fields. At least by my, context dependent, definitions of entity. Namely
a mapped class.

Ah I now understand Ok, I consider these fields as members
holding references to related objects, and these relations are coded in
code, not stored into mapping data held somewhere. the only mapping data I
store in every entity (in one template set) is the table field mappings.
Mappings of relations are stored in code via static classes and via
methods. (so myCustomer.Orders fetches lazy loaded all orders related to
myCustomer on the fly, through the generated code.). Indeed, if you do not
generate code you have to keep that info somewhere, it was a
misunderstanding indeed I dont' keep that data around.

FB

 

[Daniel O'Connell [C# MVP]]

I know, but that's not too interesting, is it? I mean: it
produces a new value, from the old value, it doesn't change the old value,
therefore isn't altering the old value which is constant. I mean this is
also good code:

// foo.Bar is const
int i = foo.Bar;
i++;

I see that as the same as:
string bar = foo.Bar.ToString();

But perhaps we have a misunderstanding going on somewhere


You have to explain to me why because I don't see this. It's my
understanding that ToString() always produces a new value, so I don't see
why I need to cast away const to be able to use it.

What I mean, is by my understanding on a const reference to an object, you
can *only* call const methods(otherwise I see little need for a const
modifier, just document it in comments). Without modifying the BCL,
ToString() would not be a const method and be an illegal call. The method
itself *is* const, atleast the default implementation, but the method
signature doesn't guarentee that, meaning that there is no contractual
binding to be const and to the runtime, compilers, and everyone in general
ToString() would effectivly be a non-const method. I wouldn't support or use
a const implementation that simply guessed as to the const-ness of a
method(even by static IL analysis), I want contractual restrictions to that
effect. Such a system would be acceptable to interop with the fringe
case(Cobol or ML maybe), but shouldn't be in C#, VB, Delphi, or C++.
Please correct me if my understanding of const methods is wrong in this
respect.

 

[Frans Bouma]

What I mean, is by my understanding on a const reference to an object,
you can *only* call const methods(otherwise I see little need for a
const modifier, just document it in comments).

In C++ this seems to be the case, if I understand it correctly
(haven't programmed real harcore C++ in years, just C/C++ mix). However
why would C++'s syntaxis be the base of how const should be implemented?
After all, as I see it, the restriction of being able to call only const
methods on a const object is done because that's the only way you can
properly check at compiletime in a reasonable amount of time if a method
really alters the object (and thus violates the contract) or not.

Now, I think there are a couple of reasons people want 'const'
object references: to be sure their code is cost correct, and for example
to be sure no-one alters the returned object reference.

Const correctness can only be guaranteed at compiletime, IMHO, if
you restrict calls to const methods only, on a const object. At runtime,
the CLR can check for const correctness via exceptions. The latter should
be enough for people who don't want other code to alter an object (tree)
which is returned by a method.

I think giving this choice like an OPTION STRICT kind of setting
for the compiler can satisfy every developer. True, you can't call
ToString() if you want to have compile time const-checking, however it
might be possible to let the compiler check if the code inside ToString()
is harmful to the object or not. (however this might be pretty complex)

FB

 

[Daniel O'Connell [C# MVP]]

In C++ this seems to be the case, if I understand it correctly
(haven't programmed real harcore C++ in years, just C/C++ mix). However
why would C++'s syntaxis be the base of how const should be implemented?
After all, as I see it, the restriction of being able to call only const
methods on a const object is done because that's the only way you can
properly check at compiletime in a reasonable amount of time if a method
really alters the object (and thus violates the contract) or not.

Havn't really done much C++ myself in some time, I disliked the C++
inheritence model to the point I wouldn't use it. I was happier working
procedurally. However, as far as the const model goes I think its a
reasonable choice. Const-ness should be a contract, not a runtime determined
property.

Now, I think there are a couple of reasons people want 'const'
object references: to be sure their code is cost correct, and for example
to be sure no-one alters the returned object reference.

Const correctness can only be guaranteed at compiletime, IMHO, if
you restrict calls to const methods only, on a const object. At runtime,
the CLR can check for const correctness via exceptions. The latter should
be enough for people who don't want other code to alter an object (tree)
which is returned by a method.

I think giving this choice like an OPTION STRICT kind of setting
for the compiler can satisfy every developer. True, you can't call
ToString() if you want to have compile time const-checking, however it
might be possible to let the compiler check if the code inside ToString()
is harmful to the object or not. (however this might be pretty complex)

As I was discussing with Magnus, it would be possible although it would
*need* to be done in some compiler agnostic manner. The code would be
complex enough that forcing every compiler writer who is interested in
constness to implement the whole feature set would be absurd, so either a
compile time tool, preferably via compiler extensions, or a runtime
extension mechanism that would allow verification services *could* do
it(probably both would be ideal), however I think a deeply baked-in solution
would be much more appropriate and complete.

 

[Magnus Lidbom]

In C++ this seems to be the case, if I understand it correctly

Casting barred, your understanding is correct.

Const correctness can only be guaranteed at compiletime, IMHO, if
you restrict calls to const methods only, on a const object.
At runtime,
the CLR can check for const correctness via exceptions. The latter should
be enough for people who don't want other code to alter an object (tree)
which is returned by a method.
I think giving this choice like an OPTION STRICT kind of setting
for the compiler can satisfy every developer. True, you can't call
ToString() if you want to have compile time const-checking, however it
might be possible to let the compiler check if the code inside ToString()
is harmful to the object or not. (however this might be pretty complex)

I don't believe implementing it that way would be a good idea. If a method
is not const, that is a statement from the implementer that this method may
alter the state of the instance it is invoked on, even if it doesn't in it's
current implementation. Invoking that method on a const reference is a
breach of contract and should be disallowed except if an explcit cast is
applied.

If you take a look at the subthread above this one, you'll find a discussion
of a potential compile time mechanism that could supply checking of const
even for languages that do not themselves support const It could also supply
as a compiler switch that would allow for gradual introduction of const into
existing code without breakage. The latter would be accomplished by using
the same checks used for non supporting languages instead of a stricter
enforcement of const. Not entirely unlike your idea. In theory, the changes
could be made without any modifications to the CLS. Whether that would be
appropriate is another matter altogther though. The point is that it's not a
change that would break existing compilers.

Regards /Magnus Lidbom

 

[Magnus Lidbom]

As I was discussing with Magnus, it would be possible although it would
*need* to be done in some compiler agnostic manner.

<snip>

Seems I've failed to make myself clear. I never intended for the
mechanism to perform that type of code analysis. In fact, I don't feel
that would be appropriate as it would allow for contracts to be
violated. What I intended for the validation to check was that the
contract wasn't breached by code in languages that do not themselves
support const:

//const supporting assembly
class Foo
{
private int m_value;
public static const Foo GetInstance(){return new Foo();}
public int Value
{
//declare get const.
get const
{
return m_value;
}
set
{
m_value = value;
}
}
}

//non-supporting assembly. Oddly enough still C#.
class Bar
{
public void FooBar()
{
//Ok, even though myFoo is not declared const, since
//it's a non supporting language. A compiler switch could
//enable this behaviour in supporting languages to ease
//introduction of const correctness into existing code.
//Valid code in a supporting assembly would be:
//const myFoo = Foo.Getinstance();
Foo myFoo = Foo.Getinstance();

//OK.
Console.WriteLine(myFoo.Value);

//Validation fails at compile time.
myFoo.Value = 5;
}
}

Regards /Magnus Lidbom

 

[Magnus Lidbom]

On Wed, 04 Feb 2004 16:58:49 +0100, Magnus Lidbom

//non-supporting assembly. Oddly enough still C#.
class Bar
{
public void FooBar()
{
//Ok, even though myFoo is not declared const, since
//it's a non supporting language. A compiler switch could
//enable this behaviour in supporting languages to ease
//introduction of const correctness into existing code.
//Valid code in a supporting assembly would be:
//const myFoo = Foo.Getinstance();

This should of course be:
const Foo myFoo = Foo.GetInstance();

/Magnus Lidbom

 

[Magnus Lidbom]

It might, I'm certain someone from MS is reading this, even if they don't
respond. We'll see if it ever flys anywhere. Of course approaching MS and
the EMCA would be another choice.

If I had the time necessary to do the research and preparation I
might be tempted to try that. However, my knowledge of compilers is
nowhere near to being up to the task, so it would take quite some time
upgrading that first and then researching this in particular. As is,
finding time for these posts is about what I can manage.

The rotor const implementation is
something else, inclusions in rotor are more likely to be considered(for
one, MS Employees can look at the source to rotor, I don't think they can't
look at OSS source in their area and I don't know if they can use OSS produc
ts). An examiniation of that would probably yield fruitful as well.
Unfortunate that the C# compiler is in C++ however, I'd rather not go back
to using C++ for anything I can avoid, .
Anyway, it also gives rise to an idea that I don't think the framework
currently supports. If the framework was extended to the point where it was
possible to plug in verification units into the run time, something that can
run just before the JIT'er and do analysis on IL on the method being JIT'ed,
such protections and other issues may be additionally avoidable. It would be
a performance issue, to some extent, but as it would only analyze each
method just before the JIT work is done, it would be faster than a scan
before every execution and could be disabled by running ngen for apps with a
vital startup speed. It would be interesting, and an extension point I'd
very much like to see, atleast experimentally.

That would be a very interesting capability indeed.
In the case of a const implementation I'd prefer compile time
validation for all languages though.

I really do need to suck it
up and take a look at rotor, see if such a mechanism is possible.

If you could find the time to do that it would be great


Regards /Magnus Lidbom

 

[Daniel O'Connell [C# MVP]]

<snip>

Seems I've failed to make myself clear. I never intended for the
mechanism to perform that type of code analysis. In fact, I don't feel
that would be appropriate as it would allow for contracts to be
violated. What I intended for the validation to check was that the
contract wasn't breached by code in languages that do not themselves
support const:

//const supporting assembly
class Foo
{
private int m_value;
public static const Foo GetInstance(){return new Foo();}
public int Value
{
//declare get const.
get const
{
return m_value;
}
set
{
m_value = value;
}
}
}

//non-supporting assembly. Oddly enough still C#.
class Bar
{
public void FooBar()
{
//Ok, even though myFoo is not declared const, since
//it's a non supporting language. A compiler switch could
//enable this behaviour in supporting languages to ease
//introduction of const correctness into existing code.
//Valid code in a supporting assembly would be:
//const myFoo = Foo.Getinstance();
Foo myFoo = Foo.Getinstance();

//OK.
Console.WriteLine(myFoo.Value);

//Validation fails at compile time.
myFoo.Value = 5;
}
}

Which is basically what I mean, *I think*, just simply that it would be an
external tool of some sort that does the analysis, instead of requiring the
compiler to do it, that would have two effects, 1) it would be possible for
all compilers to behave correctly without adding alot of extra code and 2)
you could verify const correctness of code yourself. In an environment where
const doesn't exist in the first class it won't be possible to ensure 100%
that code is const correct without doing a full static analysis of the IL.
The above code, as I read it, makes it impossible for languages that don't
use const to use non-const methods on objects. If for no reason other than
it not being possible to apply metadata to an instance. Beyond that,
tracking references would be next to impossible. If that Foo was placed in a
hash table or array list, I very much doubt the compiler could keep track of
it...thinking about it now I am not sure that a static tool could either, so
this whole approach may not be feasible. Now, therun time on the other hand
probably could, but again not without some changes to the system.
This could be solved at some point, I've been working on a mechanism(still
playing with syntax) for attaching attributes to an instance of an object at
runtime. Such a feature could, instead of making a const reference or
variable, be used to make a const instance, which would provide a much more
flexible approach to cross language issues than static tools and relying on
a const return attribute. It'd also make it harder to remove const, if you
deny untrusted code permission to modify the attribute set on an instance,
that code couldn't remove const and cause trouble. It would also allow the
runtime to easily detect if an instance is currently const and if you can
modify it.
However, the downsides are that a method could hold onto that instance
reference and use it sometime *after* the attribute has been removed.

 

[Daniel O'Connell [C# MVP]]

If I had the time necessary to do the research and preparation I
might be tempted to try that. However, my knowledge of compilers is
nowhere near to being up to the task, so it would take quite some time
upgrading that first and then researching this in particular. As is,
finding time for these posts is about what I can manage.


That would be a very interesting capability indeed.
In the case of a const implementation I'd prefer compile time
validation for all languages though.

As would I, however I don't think a backup runtime validation would
nessecerily be a bad thing. It would keep sneaky IL attacks, etc at bay.

If you could find the time to do that it would be great

At the moment I am currently working with mono's c# compiler(I really prefer
working in C#, so its C# Compiler In C# is a rather nice place to play, )
and have added a few basic language features to it, mainly to start to
familiarize myself with compilers. But I do have time and I will grab rotor
and a few other bits and see waht I can figure out(only thing I hate about
rotor is that I have to install perl). As I work on compilers and the
language I try to post on my blog[1] about whatever I've added(and hopefully
links to patches soon as well), so assuming I can figure out how to do this
I'll be posting information there. I will reply here of course, but it may
be a while before anything serious works and it may be easier to find
there(this thread will fade away soon enough).

1. http://dotnetjunkies.com/weblog/doconnell/

 

[Magnus Lidbom]

That would be a very interesting capability indeed.
In the case of a const implementation I'd prefer compile time
validation for all languages though.

As would I, however I don't think a backup runtime validation would
nessecerily be a bad thing. It would keep sneaky IL attacks, etc at bay. Agreed.

If you could find the time to do that it would be great

At the moment I am currently working with mono's c# compiler(I really
prefer
working in C#, so its C# Compiler In C# is a rather nice place to play,
)
and have added a few basic language features to it, mainly to start to
familiarize myself with compilers. But I do have time and I will grab
rotor
and a few other bits and see waht I can figure out(only thing I hate about
rotor is that I have to install perl). As I work on compilers and the
language I try to post on my blog[1] about whatever I've added(and
hopefully
links to patches soon as well), so assuming I can figure out how to do
this
I'll be posting information there. I will reply here of course, but it may
be a while before anything serious works and it may be easier to find
there(this thread will fade away soon enough).

1. http://dotnetjunkies.com/weblog/doconnell/

Duly bookmarked

/Magnus Lidbom

 

[Magnus Lidbom]

Which is basically what I mean, *I think*, just simply that it would be an
external tool of some sort that does the analysis, instead of requiring the
compiler to do it

I Agree. Never meant to imply I didn't.

, that would have two effects, 1) it would be possible for
all compilers to behave correctly without adding alot of extra code and 2)
you could verify const correctness of code yourself. In an environment where
const doesn't exist in the first class it won't be possible to ensure 100%
that code is const correct without doing a full static analysis of the IL.
The above code, as I read it, makes it impossible for languages that don't
use const to use non-const methods on objects. If for no reason other than
it not being possible to apply metadata to an instance. Beyond that,
tracking references would be next to impossible. If that Foo was placed in a
hash table or array list, I very much doubt the compiler could keep track of
it...thinking about it now I am not sure that a static tool could either, so
this whole approach may not be feasible.

I'm think you're right, unfortunately.

Now, therun time on the other hand
probably could, but again not without some changes to the system. True.

This could be solved at some point, I've been working on a mechanism(still
playing with syntax) for attaching attributes to an instance of an object at
runtime.
Such a feature could, instead of making a const reference or
variable, be used to make a const instance, which would provide a much more
flexible approach to cross language issues than static tools and relying on
a const return attribute. It'd also make it harder to remove const, if you
deny untrusted code permission to modify the attribute set on an instance,
that code couldn't remove const and cause trouble. It would also allow the
runtime to easily detect if an instance is currently const and if you can
modify it.

I'm afraid I don't think that would do the trick. You'd need to be
able to apply it to references, instead of instances, since there are
quite often several references to the same instance, some const, some
not.

Anyway, how would you attach an attribute to an instance? The syntax
would be interesting, but even more so would be how the runtime would
do it. It would be have to be a completely separate mechanism from
what we call attributes in .Net at present I assume? Would it
necessitate changing the memory layout of classes? How about structs?
How would it play with interop and Sequential Layout? This is not
exactly simple :/

Playing around with this in my head I can't come up with anything that
has a chance of working the way const should. It keeps coming back to
that, as far as I am aware, you can't attach information to references
without modifying the runtime representation of a reference. And
changing the runtime representation of references is not what I see in
the future for .Net.

It would be rather a powerful concept though. You could for instance
have the reference hold two pointers instead of one. One to the
instance data and one two the vtable. That would allow for all sorts
of runtime modifications of behaviour. The least powerful of which
would be to be able to implement runtime const checking.

/Magnus Lidbom

 

[Daniel O'Connell [C# MVP]]

On Wed, 4 Feb 2004 07:06:06 -0600, "Daniel O'Connell [C# MVP]"



<snip>

Const correctness can only be guaranteed at compiletime, IMHO, if
you restrict calls to const methods only, on a const object. At runtime,
the CLR can check for const correctness via exceptions. The latter should
be enough for people who don't want other code to alter an object (tree)
which is returned by a method.

I think giving this choice like an OPTION STRICT kind of setting
for the compiler can satisfy every developer. True, you can't call
ToString() if you want to have compile time const-checking, however it
might be possible to let the compiler check if the code inside ToString()
is harmful to the object or not. (however this might be pretty complex)

As I was discussing with Magnus, it would be possible although it would
*need* to be done in some compiler agnostic manner.

<snip>

Seems I've failed to make myself clear. I never intended for the
mechanism to perform that type of code analysis. In fact, I don't feel
that would be appropriate as it would allow for contracts to be
violated. What I intended for the validation to check was that the
contract wasn't breached by code in languages that do not themselves
support const:

//const supporting assembly
class Foo
{
private int m_value;
public static const Foo GetInstance(){return new Foo();}
public int Value
{
//declare get const.
get const
{
return m_value;
}
set
{
m_value = value;
}
}
}

//non-supporting assembly. Oddly enough still C#.
class Bar
{
public void FooBar()
{
//Ok, even though myFoo is not declared const, since
//it's a non supporting language. A compiler switch could
//enable this behaviour in supporting languages to ease
//introduction of const correctness into existing code.
//Valid code in a supporting assembly would be:
//const myFoo = Foo.Getinstance();
Foo myFoo = Foo.Getinstance();

//OK.
Console.WriteLine(myFoo.Value);

//Validation fails at compile time.
myFoo.Value = 5;
}
}

Which is basically what I mean, *I think*, just simply that it would be an
external tool of some sort that does the analysis, instead of requiring the
compiler to do it

I Agree. Never meant to imply I didn't.

, that would have two effects, 1) it would be possible for
all compilers to behave correctly without adding alot of extra code and 2)
you could verify const correctness of code yourself. In an environment where
const doesn't exist in the first class it won't be possible to ensure 100%
that code is const correct without doing a full static analysis of the IL.
The above code, as I read it, makes it impossible for languages that don't
use const to use non-const methods on objects. If for no reason other than
it not being possible to apply metadata to an instance. Beyond that,
tracking references would be next to impossible. If that Foo was placed in a
hash table or array list, I very much doubt the compiler could keep track of
it...thinking about it now I am not sure that a static tool could either, so
this whole approach may not be feasible.

I'm think you're right, unfortunately.

Now, therun time on the other hand
probably could, but again not without some changes to the system. True.

This could be solved at some point, I've been working on a mechanism(still
playing with syntax) for attaching attributes to an instance of an object at
runtime.
Such a feature could, instead of making a const reference or
variable, be used to make a const instance, which would provide a much more
flexible approach to cross language issues than static tools and relying on
a const return attribute. It'd also make it harder to remove const, if you
deny untrusted code permission to modify the attribute set on an instance,
that code couldn't remove const and cause trouble. It would also allow the
runtime to easily detect if an instance is currently const and if you can
modify it.

I'm afraid I don't think that would do the trick. You'd need to be
able to apply it to references, instead of instances, since there are
quite often several references to the same instance, some const, some
not.

Well, it would be a different kind of const. Instead of const references it
would just give const instances. It is a different concept and I don't know
how well it would extend. It does have the benefit of strong const, keeping
it from being cast away, while you loose the ability to change const state
among references.

Anyway, how would you attach an attribute to an instance? The syntax
would be interesting, but even more so would be how the runtime would
do it. It would be have to be a completely separate mechanism from
what we call attributes in .Net at present I assume? Would it
necessitate changing the memory layout of classes? How about structs?
How would it play with interop and Sequential Layout? This is not
exactly simple :/

No, its not simple, which is where the fun is, . Most of hte work I've
been doing is targeted at experimentation, both figuring out *how* to do
things and what situations I'm going to come up with where it won't work,
not nessecerily producing somethign that can work(although I am rather fond
of the security statements). Currently I'm thinking that such attributes
would be references stored somewhere in class memory, something like expando
properties but not. Adding a sort of a InstanceAttribute**, to use C++ style
declarations, to the header that points to a list(or linked list) of
attributes. As far as interop goes, I suppose it would be a Out of band
pointer, where only classes interested coming from a language capable of
dealing with such things would work. Perhaps post fixing attribute data into
the end of the class after its physical allocation would work, as long as
the remote client doesn't start moving data around. There is going to be
limitations no matter how it works.
My current syntax idea is to use keywords. Although I'm not particularly
fond of it, my current on paper is something akin to:

attach <attribute> to <targetObject>
or

object attributedObject = new object();
attach new InstanceAttribute() to attributedObject;

The problem is locating and dealing with attributes. There would have to be
a class that does attaching, detaching, and lookups, something in
System.Reflection, so it wouldn't be *nessecery* to have a syntax to do it,
but I am interested in the syntax.

Playing around with this in my head I can't come up with anything that
has a chance of working the way const should. It keeps coming back to
that, as far as I am aware, you can't attach information to references
without modifying the runtime representation of a reference. And
changing the runtime representation of references is not what I see in
the future for .Net.

It would be rather a powerful concept though. You could for instance
have the reference hold two pointers instead of one. One to the
instance data and one two the vtable. That would allow for all sorts
of runtime modifications of behaviour. The least powerful of which
would be to be able to implement runtime const checking.

I think it would be powerful. You wouldn't have to change the format of the
reference itself, but you *would* have to modify the table a reference
points to. Without finding the info specifically, one would assume that refs
work something like(pseudocode):

ref Reference;
RefData[] refTable;

RefData = refTable[ref];

public class RefData
{
void* vtable;
void* instanceData
Type* Type;

//and whatever else
}

simply for book keeping, Adding another field on there would be my immediate
solution, assuming it all works right(I havn't dug in deep enough to be
100%). Adding to that wouldn't be impossible if the runtime is well
written(pointer arithmetic is done centrally or by using global constants).
Internal class data layouts shouldn't matter and should be capable of
varying from version to version, they are, after all, internal structures
not meant to be consumed by anything but the runtime itself.

Granted, its unlikely anything I do will effect change in the spec, but it
does give me something to experiment with and room to consider things I
havn't before.

Currently I'm thinkg about security and control. What level of limitations
should be placed on access to such attributes, all read\privledged write?
all read\all write\privledged detach? Its something else I have to consider.
One could go so far as to enable instance attribute ACL's, specfying a type
and allowed actions

attach new InstanceAttributeAcl(typeof(MyClass),Actions.Attach |
Actions.Detach | Actions.Read) to myRestrictedInstance;

or extend the security system, it would all have to be considered. That'd be
another use, assuming instance attributes are properly access controlled,
they could be used to grant a given object security rights at runtime based
on various things instead of a type or publisher before runtime. Granted its
utility isn't massive, but it is interesting to me.

But, it keeps me from boredom(if this is what I do for fun, imagine bored,
).

 

[Magnus Lidbom]

On Wed, 4 Feb 2004 07:06:06 -0600, "Daniel O'Connell [C# MVP]"

I'm afraid I don't think that would do the trick. You'd need to be
able to apply it to references, instead of instances, since there are
quite often several references to the same instance, some const, some
not.

Well, it would be a different kind of const. Ok.

Instead of const references it
would just give const instances. It is a different concept and I don't know
how well it would extend. It does have the benefit of strong const, keeping
it from being cast away, while you loose the ability to change const state
among references.

This is in my experience where const is most useful. To be honest, I
doubt an instance bound constness would be of much practical use.

No, its not simple, which is where the fun is, .

True enough

Most of hte work I've
been doing is targeted at experimentation, both figuring out *how* to do
things and what situations I'm going to come up with where it won't work,
not nessecerily producing somethign that can work(although I am rather fond
of the security statements). Currently I'm thinking that such attributes
would be references stored somewhere in class memory, something like expando
properties but not. Adding a sort of a InstanceAttribute**, to use C++ style
declarations, to the header that points to a list(or linked list) of
attributes. As far as interop goes, I suppose it would be a Out of band
pointer

What does out of band mean in this context?

, where only classes interested coming from a language capable of
dealing with such things would work. Perhaps post fixing attribute data into
the end of the class after its physical allocation would work, as long as
the remote client doesn't start moving data around. There is going to be
limitations no matter how it works.
My current syntax idea is to use keywords. Although I'm not particularly
fond of it, my current on paper is something akin to:

attach <attribute> to <targetObject>
or

object attributedObject = new object();
attach new InstanceAttribute() to attributedObject;

The problem is locating and dealing with attributes. There would have to be
a class that does attaching, detaching, and lookups, something in
System.Reflection, so it wouldn't be *nessecery* to have a syntax to do it,
but I am interested in the syntax.

Playing around with this in my head I can't come up with anything that
has a chance of working the way const should. It keeps coming back to
that, as far as I am aware, you can't attach information to references
without modifying the runtime representation of a reference. And
changing the runtime representation of references is not what I see in
the future for .Net.

It would be rather a powerful concept though. You could for instance
have the reference hold two pointers instead of one. One to the
instance data and one two the vtable. That would allow for all sorts
of runtime modifications of behaviour. The least powerful of which
would be to be able to implement runtime const checking.

I think it would be powerful. You wouldn't have to change the format of the
reference itself, but you *would* have to modify the table a reference
points to. Without finding the info specifically, one would assume that refs
work something like(pseudocode):

ref Reference;
RefData[] refTable;

RefData = refTable[ref];

public class RefData
{
void* vtable;
void* instanceData
Type* Type;

//and whatever else
}

Actually I'm almost certain that a reference is nothing more than a 32
bit value as far as runtime representation is concerned. I'd expect
the instance to which the pointer points to start with a vtable
pointer, and the vtable to point to the Type. This is just speculation
though.

class vtable
{
Type* type;
//member pointers
}

class reference
{
object* instance;
}

class instance
{
vtable* table;
//member fields
}

If I'm way off here and you're right, then attaching const to
references would be simpler than attaching it to an instance. That
would be nice. Assuming we forget for now things like inlining of
property accessors >

simply for book keeping, Adding another field on there would be my immediate
solution, assuming it all works right(I havn't dug in deep enough to be
100%).

I believe that all the data in your metacode besides instanceData is
class data, not instance data. So changing it would change the class,
not the instance.

Adding to that wouldn't be impossible if the runtime is well
written(pointer arithmetic is done centrally or by using global constants).
Internal class data layouts shouldn't matter and should be capable of
varying from version to version, they are, after all, internal structures
not meant to be consumed by anything but the runtime itself.

Granted, its unlikely anything I do will effect change in the spec, but it
does give me something to experiment with and room to consider things I
havn't before.

I certainly won't argue that exploring this wouldn't be fun and
rewarding

Currently I'm thinkg about security and control. What level of limitations
should be placed on access to such attributes, all read\privledged write?
all read\all write\privledged detach? Its something else I have to consider.
One could go so far as to enable instance attribute ACL's, specfying a type
and allowed actions

attach new InstanceAttributeAcl(typeof(MyClass),Actions.Attach |
Actions.Detach | Actions.Read) to myRestrictedInstance;

or extend the security system, it would all have to be considered. That'd be
another use, assuming instance attributes are properly access controlled,
they could be used to grant a given object security rights at runtime based
on various things instead of a type or publisher before runtime. Granted its
utility isn't massive, but it is interesting to me.

But, it keeps me from boredom(if this is what I do for fun, imagine bored,
).

Well, I'm not spending my free time writing this because I find it
boring either



Regards /Magnus Lidbom

 

[Daniel O'Connell [C# MVP]]

On Wed, 4 Feb 2004 10:53:30 -0600, "Daniel O'Connell [C# MVP]"


On Wed, 4 Feb 2004 07:06:06 -0600, "Daniel O'Connell [C# MVP]"


"Daniel O'Connell [C# MVP]" <[email protected]>

wrote
in

I'm afraid I don't think that would do the trick. You'd need to be
able to apply it to references, instead of instances, since there are
quite often several references to the same instance, some const, some
not.

Well, it would be a different kind of const. Ok.

Instead of const references it
would just give const instances. It is a different concept and I don't know
how well it would extend. It does have the benefit of strong const, keeping
it from being cast away, while you loose the ability to change const state
among references.

This is in my experience where const is most useful. To be honest, I
doubt an instance bound constness would be of much practical use.

No, its not simple, which is where the fun is, .

True enough

Most of hte work I've
been doing is targeted at experimentation, both figuring out *how* to do
things and what situations I'm going to come up with where it won't work,
not nessecerily producing somethign that can work(although I am rather fond
of the security statements). Currently I'm thinking that such attributes
would be references stored somewhere in class memory, something like expando
properties but not. Adding a sort of a InstanceAttribute**, to use C++ style
declarations, to the header that points to a list(or linked list) of
attributes. As far as interop goes, I suppose it would be a Out of band
pointer

What does out of band mean in this context?

, where only classes interested coming from a language capable of
dealing with such things would work. Perhaps post fixing attribute data into
the end of the class after its physical allocation would work, as long as
the remote client doesn't start moving data around. There is going to be
limitations no matter how it works.
My current syntax idea is to use keywords. Although I'm not particularly
fond of it, my current on paper is something akin to:

attach <attribute> to <targetObject>
or

object attributedObject = new object();
attach new InstanceAttribute() to attributedObject;

The problem is locating and dealing with attributes. There would have to be
a class that does attaching, detaching, and lookups, something in
System.Reflection, so it wouldn't be *nessecery* to have a syntax to do it,
but I am interested in the syntax.

Playing around with this in my head I can't come up with anything that
has a chance of working the way const should. It keeps coming back to
that, as far as I am aware, you can't attach information to references
without modifying the runtime representation of a reference. And
changing the runtime representation of references is not what I see in
the future for .Net.

It would be rather a powerful concept though. You could for instance
have the reference hold two pointers instead of one. One to the
instance data and one two the vtable. That would allow for all sorts
of runtime modifications of behaviour. The least powerful of which
would be to be able to implement runtime const checking.

I think it would be powerful. You wouldn't have to change the format of the
reference itself, but you *would* have to modify the table a reference
points to. Without finding the info specifically, one would assume that refs
work something like(pseudocode):

ref Reference;
RefData[] refTable;

RefData = refTable[ref];

public class RefData
{
void* vtable;
void* instanceData
Type* Type;

//and whatever else
}

Actually I'm almost certain that a reference is nothing more than a 32
bit value as far as runtime representation is concerned. I'd expect
the instance to which the pointer points to start with a vtable
pointer, and the vtable to point to the Type. This is just speculation
though.

Hehe, this is part of what needs to be figured out. The question I think
needs answering most specifically would be is a reference a literal pointer
or an index\lookup value in a table or whatever.

class vtable
{
Type* type;
//member pointers
}

class reference
{
object* instance;
}

class instance
{
vtable* table;
//member fields
}

If I'm way off here and you're right, then attaching const to
references would be simpler than attaching it to an instance. That
would be nice. Assuming we forget for now things like inlining of
property accessors >

I believe that all the data in your metacode besides instanceData is
class data, not instance data. So changing it would change the class,
not the instance.

You have a point there, it would probably most specifcially be an implicit
pointer in an objects instance data to its instance attributes(first four
bytes). I wasn't thinking clearly about the makeup of the reference. However
I suspect that reference points to a class type in some manner, by Type* or
whatever, if for no reason than to find the vtable and other type
metadata(class attributes, etc). Of course, in theory the vtable could point
to the type or since the vtable pointer would be unique to each type it
could be used to locate the actual type. I am not so familiar with the core
of any language to even offer much of a guess on this, I shall find out
soon.

 

[Frans Bouma]

(inline)

Seems I've failed to make myself clear. I never intended for the
mechanism to perform that type of code analysis. In fact, I don't feel
that would be appropriate as it would allow for contracts to be
violated. What I intended for the validation to check was that the
contract wasn't breached by code in languages that do not themselves
support const:

//const supporting assembly
class Foo
{
private int m_value;
public static const Foo GetInstance(){return new Foo();}
public int Value
{
//declare get const.
get const
{
return m_value;
}
set
{
m_value = value;
}
}
}

//non-supporting assembly. Oddly enough still C#.
class Bar
{
public void FooBar()
{
//Ok, even though myFoo is not declared const, since
//it's a non supporting language. A compiler switch could
//enable this behaviour in supporting languages to ease
//introduction of const correctness into existing code.
//Valid code in a supporting assembly would be:
//const myFoo = Foo.Getinstance();
Foo myFoo = Foo.Getinstance();

//OK.
Console.WriteLine(myFoo.Value);

//Validation fails at compile time.
myFoo.Value = 5;
}
}

This is fairly obvious of course, but what about this: (taking your
classes)

//const supporting assembly
class Foo
{
private int m_value;
public static const Foo GetInstance(){return new Foo();}

public void CalculateNewValue()
{
m_value = Bar.NewRandomValue() * 10;
}

public int Value
{
//declare get const.
get const
{
return m_value;
}
set
{
m_value = value;
}
}
}

Now, CalculateNewValue obviously manipulates an instance of Foo's
value. However if you do not want that to happen, you should be able to
specify that. With the GetInstance() method this should be prevented. I
also can't declare CalculateNewValue() as const, because then I can never
call it (as I understand it ) because it would always alter the state of
the object. (if this is a misunderstanding, ignore my posting )

To determine if a call to CalculateNewValue() is violating the
contract in a non-const support language, the compiler has to examine
CalculateNewValue(), which can be impossible if it's an event<->handler
kind of construction using delegates.

FB