Jonathan Eyolfson, Patrick Lam

The ability to specify immutability in a programming language is a powerful tool for developers, enabling them to better understand and more safely transform their code without fearing unintended changes to program state. The C++ programming language allows developers to specify a form of immutability using the `const` keyword. In this work, we characterize the meaning of the C++ `const` qualifier and present the ConstSanitizer tool, which dynamically verifies a stricter form of immutability than that defined in C++: it identifies `const` uses that are either not consistent with transitive immutability, that write to mutable fields, or that write to formerly-`const` objects whose const`-ness has been cast away.

We evaluate a set of 7 C++ benchmark programs to find writes-through-const, establish root causes for how they fail to respect our stricter definition of immutability, and assign attributes to each write (namely: synchronized, not visible, buffer/cache, delayed initialization, and incorrect). ConstSanitizer finds 17 archetypes for writes in these programs which do not respect our version of immutability. Over half of these seem unnecessary to us. Our classification and observations of behaviour in practice contribute to the understanding of a widely-used C++ language feature.

http://drops.dagstuhl.de/opus/volltexte/2016/6102/pdf/LIPIcs-ECOOP-2016-8.pdf

https://eyl.io/research/2016/ecoop/paper.pdf

https://doi.org/10.4230/LIPIcs.ECOOP.2016.8