Disallow null references in safe code?
deadalnix
deadalnix at gmail.com
Fri Jan 31 20:01:50 PST 2014
On Saturday, 1 February 2014 at 01:39:46 UTC, Jonathan M Davis
wrote:
> On Saturday, February 01, 2014 01:14:05 Xinok wrote:
>> I don't know where the community currently stands on
>> non-nullable
>> types in D, so this idea may be based on a bit of ignorance.
>> Assuming there are some technical issues preventing
>> non-nullable
>> types from being implemented, I had a different idea that may
>> be
>> somewhat of a compromise. As you've gathered by now, it's
>> simply
>> to disallow nullifying references in safe code.
>>
>> The idea is simply that safe functions can only call other safe
>> functions, so null references should be practically
>> non-existant
>> ... except that's an ideal which can't be reached with this
>> restriction alone. There are two obvious issues:
>>
>> * There's no way to guarantee input is free of null references
>> * Trusted functions may return objects with null references;
>> it's
>> currently not convention to avoid null references in trusted
>> code
>>
>> Albeit that, I think such a restriction could be helpful in
>> preventing bugs/crashes and writing correct code, at least
>> until
>> we can get non-nullable types.
>
> There's nothing unsafe about null pointers/references. @safe is
> about memory
> safety, and you can't corrupt memory and otherwise access
> memory that you're
> not supposed to with a null pointer or reference.
>
> At some point here, we'll have NonNullable (or NotNull whatever
> it ends up
> being called) in Phobos so that folks can have non-nullable
> references/pointers - e.g. NonNullable!Foo. AFAIK, the only
> real hold-up is
> someone completely a fully functional implementation. There's
> been at least
> one attempt at it, but as I understand it, there were issues
> that needed to be
> worked through before it could be accepted. We'll get there
> though.
>
> Regardless, we're not adding anything with regards to
> non-nullable references
> to the language itself, and there's nothing unsafe about null
> references.
> They're just unpleasant to dereference when your code makes
> that mistake.
>
> - Jonathan M Davis
Dereferencing it is unsafe unless you put runtime check. Which is
stupid for something that can be verified at compile time.
More information about the Digitalmars-d
mailing list