On Saturday, 1 February 2014 at 01:39:46 UTC, Jonathan M Davis
wrote:
On Saturday, February 01, 2014 01:14:05 Xinok wrote:
I don't know where the community currently stands on
non-nullable
types in D, so this idea may be based on a bit of ignorance.
Assuming there are some technical issues preventing
non-nullable
types from being implemented, I had a different idea that may
be
somewhat of a compromise. As you've gathered by now, it's
simply
to disallow nullifying references in safe code.
The idea is simply that safe functions can only call other safe
functions, so null references should be practically
non-existant
... except that's an ideal which can't be reached with this
restriction alone. There are two obvious issues:
* There's no way to guarantee input is free of null references
* Trusted functions may return objects with null references;
it's
currently not convention to avoid null references in trusted
code
Albeit that, I think such a restriction could be helpful in
preventing bugs/crashes and writing correct code, at least
until
we can get non-nullable types.
There's nothing unsafe about null pointers/references. @safe is
about memory
safety, and you can't corrupt memory and otherwise access
memory that you're
not supposed to with a null pointer or reference.
At some point here, we'll have NonNullable (or NotNull whatever
it ends up
being called) in Phobos so that folks can have non-nullable
references/pointers - e.g. NonNullable!Foo. AFAIK, the only
real hold-up is
someone completely a fully functional implementation. There's
been at least
one attempt at it, but as I understand it, there were issues
that needed to be
worked through before it could be accepted. We'll get there
though.
Regardless, we're not adding anything with regards to
non-nullable references
to the language itself, and there's nothing unsafe about null
references.
They're just unpleasant to dereference when your code makes
that mistake.
- Jonathan M Davis
Dereferencing it is unsafe unless you put runtime check. Which is
stupid for something that can be verified at compile time.
