Disallow null references in safe code?

deadalnix deadalnix at gmail.com
Fri Jan 31 20:01:50 PST 2014 

On Saturday, 1 February 2014 at 01:39:46 UTC, Jonathan M Davis 
wrote:
> On Saturday, February 01, 2014 01:14:05 Xinok wrote:
>> I don't know where the community currently stands on 
>> non-nullable
>> types in D, so this idea may be based on a bit of ignorance.
>> Assuming there are some technical issues preventing 
>> non-nullable
>> types from being implemented, I had a different idea that may 
>> be
>> somewhat of a compromise. As you've gathered by now, it's 
>> simply
>> to disallow nullifying references in safe code.
>> 
>> The idea is simply that safe functions can only call other safe
>> functions, so null references should be practically 
>> non-existant
>> ... except that's an ideal which can't be reached with this
>> restriction alone. There are two obvious issues:
>> 
>> * There's no way to guarantee input is free of null references
>> * Trusted functions may return objects with null references; 
>> it's
>> currently not convention to avoid null references in trusted 
>> code
>> 
>> Albeit that, I think such a restriction could be helpful in
>> preventing bugs/crashes and writing correct code, at least 
>> until
>> we can get non-nullable types.
>
> There's nothing unsafe about null pointers/references. @safe is 
> about memory
> safety, and you can't corrupt memory and otherwise access 
> memory that you're
> not supposed to with a null pointer or reference.
>
> At some point here, we'll have NonNullable (or NotNull whatever 
> it ends up
> being called) in Phobos so that folks can have non-nullable
> references/pointers - e.g. NonNullable!Foo. AFAIK, the only 
> real hold-up is
> someone completely a fully functional implementation. There's 
> been at least
> one attempt at it, but as I understand it, there were issues 
> that needed to be
> worked through before it could be accepted. We'll get there 
> though.
>
> Regardless, we're not adding anything with regards to 
> non-nullable references
> to the language itself, and there's nothing unsafe about null 
> references.
> They're just unpleasant to dereference when your code makes 
> that mistake.
>
> - Jonathan M Davis

Dereferencing it is unsafe unless you put runtime check. Which is 
stupid for something that can be verified at compile time.

More information about the Digitalmars-d mailing list