Principle of least privilege and the const keyword

Question

Classes are about inheritance and composition. Is using the const keyword related to the principle of least privilege?

I understand inheritance and composition and I understand them but what about principle of least privilege? Can anyone explain it to me and how to remedy my code to contains principle of least privilege?

class A {
  int i;
public:
  A(int ii) : i(ii) {}
  ~A() {}
  void f() const {}
};

class B {
  int i;
public:
  B(int ii) : i(ii) {}
  ~B() {}
  void f() const {}
};

class C : public B {
  A a;
public:
  C(int ii) : B(ii), a(ii) {}
  ~C() {} // Calls ~A() and ~B()
  void f() const {  // Redefinition
    a.f();
    B::f();
  }
};

int main() {
  C c(47);
} ///:~

Const has to do with the principal of least privilege in that is can be used to disallow functions with side effects based on conext/provide a promise that the function has no side effects. What that has to do with your code I have no idea...f is not a redefinition but is method hiding. — IdeaHat, Dec 15 '14 at 19:24
// Calls ~A() comment is wrong. Nothing's virtual in your A interface, so it's not going to call any method of B or C if you hold a A* pointer on such object. — xryl669, Dec 15 '14 at 19:34

MichaelCMS · Answer 1 · 2014-12-16T08:15:47.687

0

1st of all you need to know that the best practice is to explicitly declare destructors virtual in order to guarantee that destructors are called recrusively inside a class inheritance tree. For this particular instance things will work, but if you will delete the class through a base pointer you will end up with destructors not being called (for example B* ptr = new C(47); delete ptr; you will end up with C's destructor not being called).

Regarding the least privilege principle , the const keyword states to the compiler that no change of the class members will be done during the execution of the f() function.

In other words, inside f() , the implicit this parameter will be constant. You will not be able to change a or B::i .

Const identifiers are very helpful for compilers in order to make read-only optimizations over the code.

If you want to link your code to the least privilege principle you can state it as following

"Whenever you will override this function, you will only have read privilege inside the class".

edited Dec 16 '14 at 08:15

answered Dec 16 '14 at 07:29

MichaelCMS

4,703
2
23
29

1

No need to declare the destructors virtual here. `~A` and `~B` are executed when `c` is destructed. – Henrik Dec 16 '14 at 07:49
1

@Henrik While I agree with you in this particular case, a good practice remain a good practice. What if along the way he uses B* ptr = new C(11) ? I disagree with your down vote due to a best practice that isn't even part of the main answer. But good way to contribute! – MichaelCMS Dec 16 '14 at 08:03
The first sentence in the answer is just plain wrong. If you update it and state the exact case where the destructor of the derived class isn't called, I'll remove the downvote. – Henrik Dec 16 '14 at 08:06
Edited. Thanks for the observation. – MichaelCMS Dec 16 '14 at 08:17

Principle of least privilege and the const keyword

1 Answers1