So deserialization creates dead objects that aren't safe to use.
That even SOUNDS wrong!
That means I use a LOT of unsafe dead objects in my apps (I use .NET
serialization extensively)
I can't find anything in the ECMA standard for C++/CLI that allows an object
instance to be created without a constructor call.
12.2.2 "Instances of ref classes are created using new-expressions
(§15.4.6)." (15.4.6 is gcnew)
F.3.1 "The object's lifetime begins when all construction is successfully
completed. For the purposes of the C++ Standard (§3.8), "the constructor
call has completed" means the originally invoked constructor call.
[Rationale: Even if a target constructor completes, an outer delegating
constructor can still throw an exception, and if so the caller did not get
the object that was requested. The foregoing decision also preserves the
Standard C++ rule that an exception emitted from a constructor means that
the object's lifetime never began. end rationale]"
Clearly C++/CLI intends to use the same rules for object lifetime as ISO
C++. Deserialized objects whose constructor was never called are not
legitimate C++/CLI objects.
I understand that's probably a big "Ouch!" and we should bring this up with
the C++/CLI language team.
Shucks, even an object that is a member of another object (that's the "stack
semantic members" we're talking about) seems to violate 12.2.2 even though
the constructor is properly called.
Then we have section 13.3 on initialization
"Direct initialization in the C++ Standard (§8.5) occurs in new expressions,
static_cast expressions,
functional notation type conversions, and base and member initializers."
And here in section 19.12 we find something probably related to this
deserialization bug:
"The type of an initonly field shall not be a ref class."
