Bug 4571 – Non-null class references/pointers

This is a starting point for an enhancement request about a type modifier to specify that a class reference or pointer can't be null. This is not an enhancement request about "nullable values" (values wrapped in a struct that contains a boolean that is true if the value is "null"). This enhancement request assumes that on default both class references and pointers are nullable (because today defaulting to non-null class references is probably an impossible change in D). A possible D syntax to denote a non-null reference or pointer is to use a @ suffix (better looking alternatives are possible): class T {} T nullable_reference; T@ nonnullable_reference = new T@(); struct S {} S nullable_pointer; S@ nonnullable_pointer = new S@(); A possible alternative is to use the - (or +) suffix: class T {} T nullable_reference; T- nonnullable_reference = new T-(); struct S {} S nullable_pointer; S- nonnullable_pointer = new S-(); A possible problem with non-null class references can be seen with this D program that uses the trailing @ syntax: class Foo {} class A { Foo@ name; this(Foo@ s) { this.name = s; this.m(); } void m() { /*...*/ } } class B : A { Foo@ path; this(Foo@ p, Foo@ s) { super(s); this.path = p; } override void m() { // here this.path is null despite it's a non-null assert(this.path !is null); } } void main() { new B(new Foo, new Foo); } I have adapted that example from this paper, it discusses about partially uninitialized objects too: http://research.microsoft.com/pubs/67461/non-null.pdf A comment about that program from the paper: >The problem with the code is that during the base call to A's constructor, the virtual method B.m may be invoked. At this time, field path of the object under construction has not yet been initialized. Thus, accesses of this.path in method B.m may yield a possibly-null value, even though the field has been declared as being non-null.<

This is just half of a solution. Beside introducing nonnull pointers/references, and a handy syntax to denote them, to have a null-safe language you also need to require explicit tests every time a nullable pointers/references is about to be dereferenced, and then after this test in the else branch the reference type "becomes" a non-nullable one. This is an application of the idea of "TypeState", used by the Mozilla Rust language. The type doesn't actually change, it's just its state that change. More on the concept of TypeState (at the moment it is not present in Wikipedia): http://www.google.com/search?q=typestate

An example implementation of TypeState for Java: http://www.warski.org/blog/?cat=9 http://www.warski.org/typestate.html The original paper about typestates, Typestate: A Programming Language Concept for Enhancing Software Reliability", by Robert E. Strom and Shaula Yemini, 1986: http://www.cs.cmu.edu/~aldrich/papers/classic/tse12-typestate.pdf A version for dotnet, Typestates for Objects", by R. DeLine and M. Fähnrich: http://www.cs.cmu.edu/~aldrich/courses/819/slides/typestates.ppt http://research.microsoft.com/apps/pubs/default.aspx?id=67458 The software: http://research.microsoft.com/en-us/projects/fugue/ (But it says Fugue is no longer supported as a tool. However, check out our related project called CodeContracts.") More on the topic: http://www.cs.cmu.edu/~aldrich/papers/onward2009-state.pdf

Another older partial implementation of typestates from Microsoft, in the Vault language: http://web.archive.org/web/20060706065107/research.microsoft.com/vault/learn/typing/typing.htm

This good document explains very the very well though-out design and implementation of nonnullable reference types in Spec#: http://research.microsoft.com/en-us/um/people/leino/papers/krml189.pdf The article shows how to manage the nullable pointers/references with the help of if statements, assertions and casts too. It shows the need for annotations to denote both nullable and nonnullable version of a type. In D the nullable version may use ? and the nonnullable version may use @. So if T is a reference type parameter, then T is type parameter itself (that might be a nullable or not type), T? is the nullable version of T, and T@ is for the nonnullable version of T. The document also suggests a shorter syntax to cast a variable to a nullable or not nullable versione of its type: cast(@)someRef cast(?)someRef

See also: http://eclipseandjazz.blogspot.com/2011/12/inter-procedural-null-analysis-using.html

A small program that shows three important things std.typecons.Nullable isn't able to do: import std.stdio, std.algorithm, std.typecons; alias Nullable!(int, -1) Position; void foo(int[] a, Position pos) /*nothrow*/ { // allow this to be nothrow if (pos.isNull) { return; } else { a[pos] = 10; // perform no nullness test here, optimization } } void bar(int[] a, Position pos) { a[pos] = 10; // compile-time error here? } void main() { auto data = [1, 2, 3, 4, 5]; auto p = Position(countUntil(data, 7)); foo(data, p); writeln(data); }

Closed down by request by Andrei: http://forum.dlang.org/post/[email protected] Not-nullable reference types have gained appreciation in almost every type-rich recently designed languages, as F#, Scala, Rust, and few Java-Like languages running on the JavaVM. I think all type-rich languages that will be designed in future will have nonnullable typing.