Disallow null references in safe code?

[Jonathan M Davis]

On Saturday, February 01, 2014 01:14:05 Xinok wrote:
> I don't know where the community currently stands on non-nullable
> types in D, so this idea may be based on a bit of ignorance.
> Assuming there are some technical issues preventing non-nullable
> types from being implemented, I had a different idea that may be
> somewhat of a compromise. As you've gathered by now, it's simply
> to disallow nullifying references in safe code.
> 
> The idea is simply that safe functions can only call other safe
> functions, so null references should be practically non-existant
> ... except that's an ideal which can't be reached with this
> restriction alone. There are two obvious issues:
> 
> * There's no way to guarantee input is free of null references
> * Trusted functions may return objects with null references; it's
> currently not convention to avoid null references in trusted code
> 
> Albeit that, I think such a restriction could be helpful in
> preventing bugs/crashes and writing correct code, at least until
> we can get non-nullable types.

There's nothing unsafe about null pointers/references. @safe is about memory 
safety, and you can't corrupt memory and otherwise access memory that you're 
not supposed to with a null pointer or reference.

At some point here, we'll have NonNullable (or NotNull whatever it ends up 
being called) in Phobos so that folks can have non-nullable 
references/pointers - e.g. NonNullable!Foo. AFAIK, the only real hold-up is 
someone completely a fully functional implementation. There's been at least 
one attempt at it, but as I understand it, there were issues that needed to be 
worked through before it could be accepted. We'll get there though.

Regardless, we're not adding anything with regards to non-nullable references 
to the language itself, and there's nothing unsafe about null references. 
They're just unpleasant to dereference when your code makes that mistake.

- Jonathan M Davis