Topic: Safe Dereferencing Nullable References
Author: Fernando Pelliccioni <fpelliccioni@gmail.com>
Date: Sun, 16 Dec 2012 17:45:01 -0300
Raw View
--e89a8ff2563eae45b604d0fe5669
Content-Type: text/plain; charset=ISO-8859-1
( This is related to
https://groups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion)
The problem I'm trying to solve is called "Null References: The Billion
Dollar Mistake" by Tony Hoare.
http://qconlondon.com/london-2009/presentation/Null+References:+The+Billion+Dollar+Mistake
The idea is not to try to abolish null pointers (which are useful), but
avoid dereferencing null pointers at compile-time.
Idea:
- T&
- nullable
- re-assignable
- safe dereferencing
I wish it could be applied to pointers, but is impractical due to
compatibility (Could be done using compiler switches like "safe", "unsafe",
"transitional").
I envision something like this:
//-----------------------------------------------------
void f(T& t);
void g(T safe& t);
T safe& sr; //nullptr implicitly
sr.doit(); //Compile time error
f(sr); //Compile time error
g(sr); //OK
T& r2 = sr; //Compile time error
//safe dereferencing
if ( local : sr ) //See below
{
local.doit(); //OK
f(local); //OK
sr + x; //OK
}
else
{
std::cout << "the reference is null";
}
T x;
T& r = x;
sr = nullptr; //OK, reset to nullptr
T safe& sr2 = x; //OK, like T& sr2 = x;
T safe& sr3 = r; //OK
sr = x; //Reassign
//-----------------------------------------------------
The "if ( local : sr )" is like:
{
auto __local_ptr_ = sr; //sr is treated as a pointer
if (__local_ptr_ != nullptr)
{
auto& local = *__local_ptr_;
//your if code
}
else
{
//your else code
}
}
Things to think about:
- Core language or Library support? Or a mix of both?
Core:
T safe&
and
if ( local : sr )
- Keyword or symbol?
T safe& (T protected&, or whatever)
or
T ?& (or whatever)
- How to interact with "const", &&, etc?
Lib:
safe_ref<T>
and
safe_ref<T>::use(...)
Mix:
safe_ref<T>
and
if ( local : sr ) //syntax sugar
To make a proposal, I need to think about the details and see if there is
interest in something like this.
Here a pure library (draft) implementation: https://gist.github.com/4312663
I wait for comments.
Regards,
Fernando Pelliccioni
--
--e89a8ff2563eae45b604d0fe5669
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
<div>( This is related to <a href=3D"https://groups.google.com/a/isocpp.org=
/d/topic/std-proposals/QPNQCEwlxQE/discussion">https://groups.google.com/a/=
isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion</a> )<br></div><div=
>
<br></div><div>The problem I'm trying to solve is called "Null Ref=
erences: The Billion Dollar Mistake" by Tony Hoare.</div><div><a href=
=3D"http://qconlondon.com/london-2009/presentation/Null+References:+The+Bil=
lion+Dollar+Mistake">http://qconlondon.com/london-2009/presentation/Null+Re=
ferences:+The+Billion+Dollar+Mistake</a></div>
<div><br></div><div>The idea is not to try to abolish null pointers (which =
are useful), but avoid dereferencing null pointers at compile-time.</div><d=
iv><br></div><div>Idea:</div><div>=A0- T&</div><div>=A0- nullable</div>
<div>=A0- re-assignable</div><div>=A0- safe dereferencing</div><div><br></d=
iv><div>I wish it could be applied to pointers, but is impractical due to c=
ompatibility (Could be done using compiler switches like "safe", =
"unsafe", "transitional").</div>
<div><br></div><div>I envision something like this:</div><div><br></div><di=
v>//-----------------------------------------------------</div><div>void f(=
T& t);</div><div>void g(T safe& t);</div><div><br></div><div><br>
</div><div>T safe& sr;<span class=3D"" style=3D"white-space:pre"> </sp=
an>//nullptr implicitly</div><div><br></div><div>sr.doit();<span class=3D""=
style=3D"white-space:pre"> </span>//Compile time error</div><div>f(sr);<s=
pan class=3D"" style=3D"white-space:pre"> </span>//Compile time error</di=
v>
<div>g(sr);<span class=3D"" style=3D"white-space:pre"> </span>//OK</div><=
div><br></div><div>T& r2 =3D sr;<span class=3D"" style=3D"white-space:p=
re"> </span>//Compile time error</div><div><br></div><div>//safe derefere=
ncing=A0</div>
<div>if ( local : sr )<span class=3D"" style=3D"white-space:pre"> </span>/=
/See below</div><div>{</div><div><span class=3D"" style=3D"white-space:pre"=
> </span>local.doit();<span class=3D"" style=3D"white-space:pre"> </span>/=
/OK</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>f(local);<span clas=
s=3D"" style=3D"white-space:pre"> </span>//OK</div><div><span class=3D"" =
style=3D"white-space:pre"> </span>sr + x;<span class=3D"" style=3D"white-sp=
ace:pre"> </span>//OK</div>
<div>}</div><div>else</div><div>{</div><div><span class=3D"" style=3D"white=
-space:pre"> </span>std::cout << "the reference is null";</=
div><div>}</div><div><br></div><div><br></div><div>T x;</div><div>T& r =
=3D x;</div>
<div><br></div><div>sr =3D nullptr;<span class=3D"" style=3D"white-space:pr=
e"> </span>//OK, reset to nullptr</div><div>T safe& sr2 =3D x;<span cl=
ass=3D"" style=3D"white-space:pre"> </span>//OK, like T& sr2 =3D x;</di=
v><div>T safe& sr3 =3D r;<span class=3D"" style=3D"white-space:pre"> </=
span>//OK</div>
<div><br></div><div>sr =3D x;<span class=3D"" style=3D"white-space:pre"> =
</span>//Reassign</div><div>//--------------------------------------------=
---------</div><div><br></div><div>The =A0"if ( local : sr )" is =
like:</div>
<div><br></div><div>{</div><div><span class=3D"" style=3D"white-space:pre">=
</span>auto __local_ptr_ =3D sr;<span class=3D"" style=3D"white-space:pre"=
> </span>//sr is treated as a pointer</div><div><span class=3D"" style=
=3D"white-space:pre"> </span>if (__local_ptr_ !=3D nullptr)=A0</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>{</div><div><span c=
lass=3D"" style=3D"white-space:pre"> </span> =A0 =A0auto& local =3D *__=
local_ptr_;</div><div><br></div><div><span class=3D"" style=3D"white-space:=
pre"> </span> =A0 =A0//your if code</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>}</div><div><span c=
lass=3D"" style=3D"white-space:pre"> </span>else=A0</div><div><span class=
=3D"" style=3D"white-space:pre"> </span>{</div><div><span class=3D"" style=
=3D"white-space:pre"> </span> =A0 =A0//your else code</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>}</div><div>}</div>=
<div><br></div><div><br></div><div>Things to think about:</div><div><br></d=
iv><div>- Core language or Library support? Or a mix of both?</div><div><br=
>
</div><div>Core:</div><div><span class=3D"" style=3D"white-space:pre"> </sp=
an>T safe&</div><div><span class=3D"" style=3D"white-space:pre"> </spa=
n>and=A0</div><div><span class=3D"" style=3D"white-space:pre"> </span>if ( =
local : sr )</div>
<div><br></div><div><span class=3D"" style=3D"white-space:pre"> </span>- Ke=
yword or symbol?<span class=3D"" style=3D"white-space:pre"> </span></div><d=
iv><span class=3D"" style=3D"white-space:pre"> </span>T safe&<span cla=
ss=3D"" style=3D"white-space:pre"> </span>(T protected&, or whatever)=
</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>or</div><div><spa=
n class=3D"" style=3D"white-space:pre"> </span>T ?&<span class=3D"" st=
yle=3D"white-space:pre"> </span>(or whatever)</div><div><br></div><div><b=
r></div>
<div><span class=3D"" style=3D"white-space:pre"> </span>- How to interact w=
ith "const", &&, etc?</div><div><br></div><div><br></div>=
<div>Lib: =A0 =A0</div><div><span class=3D"" style=3D"white-space:pre"> </s=
pan>safe_ref<T> =A0</div>
<div><span class=3D"" style=3D"white-space:pre"> </span>and=A0</div><div><=
span class=3D"" style=3D"white-space:pre"> </span>safe_ref<T>::use(..=
..)</div><div><br></div><div>Mix:<span class=3D"" style=3D"white-space:pre">=
</span></div>
<div><span class=3D"" style=3D"white-space:pre"> </span>safe_ref<T> =
=A0</div><div><span class=3D"" style=3D"white-space:pre"> </span>and=A0</d=
iv><div><span class=3D"" style=3D"white-space:pre"> </span>if ( local : sr =
) =A0 =A0//syntax sugar</div>
<div><br></div><div>To make a proposal, I need to think about the details a=
nd see if there is interest in something like this.</div><div><br></div><di=
v>Here a pure library (draft) implementation: <a href=3D"https://gist.githu=
b.com/4312663">https://gist.github.com/4312663</a></div>
<div><br></div><div>I wait for comments.</div><div><br></div><div>Regards,<=
/div><div>Fernando Pelliccioni</div>
<p></p>
-- <br />
<br />
<br />
<br />
--e89a8ff2563eae45b604d0fe5669--
.
Author: Fernando Pelliccioni <fpelliccioni@gmail.com>
Date: Sun, 16 Dec 2012 18:07:26 -0300
Raw View
--14dae93a1699d9a48e04d0fea612
Content-Type: text/plain; charset=ISO-8859-1
I forgot to mention that my proposal is inspired by the Eiffel Void-Safety
solution.
http://docs.eiffel.com/sites/docs.eiffel.com/files/void-safe-eiffel.pdf
On Sun, Dec 16, 2012 at 5:45 PM, Fernando Pelliccioni <
fpelliccioni@gmail.com> wrote:
> ( This is related to
> https://groups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion)
>
> The problem I'm trying to solve is called "Null References: The Billion
> Dollar Mistake" by Tony Hoare.
>
> http://qconlondon.com/london-2009/presentation/Null+References:+The+Billion+Dollar+Mistake
>
> The idea is not to try to abolish null pointers (which are useful), but
> avoid dereferencing null pointers at compile-time.
>
> Idea:
> - T&
> - nullable
> - re-assignable
> - safe dereferencing
>
> I wish it could be applied to pointers, but is impractical due to
> compatibility (Could be done using compiler switches like "safe", "unsafe",
> "transitional").
>
> I envision something like this:
>
> //-----------------------------------------------------
> void f(T& t);
> void g(T safe& t);
>
>
> T safe& sr; //nullptr implicitly
>
> sr.doit(); //Compile time error
> f(sr); //Compile time error
> g(sr); //OK
>
> T& r2 = sr; //Compile time error
>
> //safe dereferencing
> if ( local : sr ) //See below
> {
> local.doit(); //OK
> f(local); //OK
> sr + x; //OK
> }
> else
> {
> std::cout << "the reference is null";
> }
>
>
> T x;
> T& r = x;
>
> sr = nullptr; //OK, reset to nullptr
> T safe& sr2 = x; //OK, like T& sr2 = x;
> T safe& sr3 = r; //OK
>
> sr = x; //Reassign
> //-----------------------------------------------------
>
> The "if ( local : sr )" is like:
>
> {
> auto __local_ptr_ = sr; //sr is treated as a pointer
> if (__local_ptr_ != nullptr)
> {
> auto& local = *__local_ptr_;
>
> //your if code
> }
> else
> {
> //your else code
> }
> }
>
>
> Things to think about:
>
> - Core language or Library support? Or a mix of both?
>
> Core:
> T safe&
> and
> if ( local : sr )
>
> - Keyword or symbol?
> T safe& (T protected&, or whatever)
> or
> T ?& (or whatever)
>
>
> - How to interact with "const", &&, etc?
>
>
> Lib:
> safe_ref<T>
> and
> safe_ref<T>::use(...)
>
> Mix:
> safe_ref<T>
> and
> if ( local : sr ) //syntax sugar
>
> To make a proposal, I need to think about the details and see if there is
> interest in something like this.
>
> Here a pure library (draft) implementation:
> https://gist.github.com/4312663
>
> I wait for comments.
>
> Regards,
> Fernando Pelliccioni
>
--
--14dae93a1699d9a48e04d0fea612
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
I forgot to mention that my proposal is inspired by the Eiffel Void-Safety =
solution.<br><div><br></div><div><a href=3D"http://docs.eiffel.com/sites/do=
cs.eiffel.com/files/void-safe-eiffel.pdf">http://docs.eiffel.com/sites/docs=
..eiffel.com/files/void-safe-eiffel.pdf</a><br>
</div><div class=3D"gmail_extra"><br><br><div class=3D"gmail_quote">On Sun,=
Dec 16, 2012 at 5:45 PM, Fernando Pelliccioni <span dir=3D"ltr"><<a hre=
f=3D"mailto:fpelliccioni@gmail.com" target=3D"_blank">fpelliccioni@gmail.co=
m</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex"><div>( This is related to <a href=3D"https:/=
/groups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussio=
n" target=3D"_blank">https://groups.google.com/a/isocpp.org/d/topic/std-pro=
posals/QPNQCEwlxQE/discussion</a> )<br>
</div><div>
<br></div><div>The problem I'm trying to solve is called "Null Ref=
erences: The Billion Dollar Mistake" by Tony Hoare.</div><div><a href=
=3D"http://qconlondon.com/london-2009/presentation/Null+References:+The+Bil=
lion+Dollar+Mistake" target=3D"_blank">http://qconlondon.com/london-2009/pr=
esentation/Null+References:+The+Billion+Dollar+Mistake</a></div>
<div><br></div><div>The idea is not to try to abolish null pointers (which =
are useful), but avoid dereferencing null pointers at compile-time.</div><d=
iv><br></div><div>Idea:</div><div>=A0- T&</div><div>=A0- nullable</div>
<div>=A0- re-assignable</div><div>=A0- safe dereferencing</div><div><br></d=
iv><div>I wish it could be applied to pointers, but is impractical due to c=
ompatibility (Could be done using compiler switches like "safe", =
"unsafe", "transitional").</div>
<div><br></div><div>I envision something like this:</div><div><br></div><di=
v>//-----------------------------------------------------</div><div>void f(=
T& t);</div><div>void g(T safe& t);</div><div><br></div><div><br>
</div><div>T safe& sr;<span style=3D"white-space:pre-wrap"> </span>//n=
ullptr implicitly</div><div><br></div><div>sr.doit();<span style=3D"white-s=
pace:pre-wrap"> </span>//Compile time error</div><div>f(sr);<span style=3D=
"white-space:pre-wrap"> </span>//Compile time error</div>
<div>g(sr);<span style=3D"white-space:pre-wrap"> </span>//OK</div><div><b=
r></div><div>T& r2 =3D sr;<span style=3D"white-space:pre-wrap"> </spa=
n>//Compile time error</div><div><br></div><div>//safe dereferencing=A0</di=
v>
<div>if ( local : sr )<span style=3D"white-space:pre-wrap"> </span>//See b=
elow</div><div>{</div><div><span style=3D"white-space:pre-wrap"> </span>loc=
al.doit();<span style=3D"white-space:pre-wrap"> </span>//OK</div>
<div><span style=3D"white-space:pre-wrap"> </span>f(local);<span style=3D"w=
hite-space:pre-wrap"> </span>//OK</div><div><span style=3D"white-space:pr=
e-wrap"> </span>sr + x;<span style=3D"white-space:pre-wrap"> </span>//OK=
</div>
<div>}</div><div>else</div><div>{</div><div><span style=3D"white-space:pre-=
wrap"> </span>std::cout << "the reference is null";</div><d=
iv>}</div><div><br></div><div><br></div><div>T x;</div><div>T& r =3D x;=
</div>
<div><br></div><div>sr =3D nullptr;<span style=3D"white-space:pre-wrap"> <=
/span>//OK, reset to nullptr</div><div>T safe& sr2 =3D x;<span style=3D=
"white-space:pre-wrap"> </span>//OK, like T& sr2 =3D x;</div><div>T saf=
e& sr3 =3D r;<span style=3D"white-space:pre-wrap"> </span>//OK</div>
<div><br></div><div>sr =3D x;<span style=3D"white-space:pre-wrap"> </spa=
n>//Reassign</div><div>//--------------------------------------------------=
---</div><div><br></div><div>The =A0"if ( local : sr )" is like:<=
/div>
<div><br></div><div>{</div><div><span style=3D"white-space:pre-wrap"> </spa=
n>auto __local_ptr_ =3D sr;<span style=3D"white-space:pre-wrap"> </span>=
//sr is treated as a pointer</div><div><span style=3D"white-space:pre-wrap"=
> </span>if (__local_ptr_ !=3D nullptr)=A0</div>
<div><span style=3D"white-space:pre-wrap"> </span>{</div><div><span style=
=3D"white-space:pre-wrap"> </span> =A0 =A0auto& local =3D *__local_ptr_=
;</div><div><br></div><div><span style=3D"white-space:pre-wrap"> </span> =
=A0 =A0//your if code</div>
<div><span style=3D"white-space:pre-wrap"> </span>}</div><div><span style=
=3D"white-space:pre-wrap"> </span>else=A0</div><div><span style=3D"white-sp=
ace:pre-wrap"> </span>{</div><div><span style=3D"white-space:pre-wrap"> </s=
pan> =A0 =A0//your else code</div>
<div><span style=3D"white-space:pre-wrap"> </span>}</div><div>}</div><div><=
br></div><div><br></div><div>Things to think about:</div><div><br></div><di=
v>- Core language or Library support? Or a mix of both?</div><div><br>
</div><div>Core:</div><div><span style=3D"white-space:pre-wrap"> </span>T s=
afe&</div><div><span style=3D"white-space:pre-wrap"> </span>and=A0</di=
v><div><span style=3D"white-space:pre-wrap"> </span>if ( local : sr )</div>
<div><br></div><div><span style=3D"white-space:pre-wrap"> </span>- Keyword =
or symbol?<span style=3D"white-space:pre-wrap"> </span></div><div><span sty=
le=3D"white-space:pre-wrap"> </span>T safe&<span style=3D"white-space:=
pre-wrap"> </span>(T protected&, or whatever)</div>
<div><span style=3D"white-space:pre-wrap"> </span>or</div><div><span styl=
e=3D"white-space:pre-wrap"> </span>T ?&<span style=3D"white-space:pre-=
wrap"> </span>(or whatever)</div><div><br></div><div><br></div>
<div><span style=3D"white-space:pre-wrap"> </span>- How to interact with &q=
uot;const", &&, etc?</div><div><br></div><div><br></div><div>L=
ib: =A0 =A0</div><div><span style=3D"white-space:pre-wrap"> </span>safe_ref=
<T> =A0</div>
<div><span style=3D"white-space:pre-wrap"> </span>and=A0</div><div><span s=
tyle=3D"white-space:pre-wrap"> </span>safe_ref<T>::use(...)</div><div=
><br></div><div>Mix:<span style=3D"white-space:pre-wrap"> </span></div>
<div><span style=3D"white-space:pre-wrap"> </span>safe_ref<T> =A0</di=
v><div><span style=3D"white-space:pre-wrap"> </span>and=A0</div><div><span=
style=3D"white-space:pre-wrap"> </span>if ( local : sr ) =A0 =A0//syntax s=
ugar</div>
<div><br></div><div>To make a proposal, I need to think about the details a=
nd see if there is interest in something like this.</div><div><br></div><di=
v>Here a pure library (draft) implementation: <a href=3D"https://gist.githu=
b.com/4312663" target=3D"_blank">https://gist.github.com/4312663</a></div>
<div><br></div><div>I wait for comments.</div><div><br></div><div>Regards,<=
/div><div>Fernando Pelliccioni</div>
</blockquote></div><br></div>
<p></p>
-- <br />
<br />
<br />
<br />
--14dae93a1699d9a48e04d0fea612--
.
Author: Nevin Liber <nevin@eviloverlord.com>
Date: Sun, 16 Dec 2012 15:07:47 -0600
Raw View
--0015175cfccc7b5f4404d0feaafd
Content-Type: text/plain; charset=ISO-8859-1
On 16 December 2012 14:45, Fernando Pelliccioni <fpelliccioni@gmail.com>wrote:
> ( This is related to
> https://groups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion)
>
> The problem I'm trying to solve is called "Null References: The Billion
> Dollar Mistake" by Tony Hoare.
>
> http://qconlondon.com/london-2009/presentation/Null+References:+The+Billion+Dollar+Mistake
>
> The idea is not to try to abolish null pointers (which are useful), but
> avoid dereferencing null pointers at compile-time.
>
How often does that happen? Why can't compilers detect this now and warn
you (as part of QoI)? It seems like a *lot* of complexity and machinery to
address what is at best a very rare problem (at least in my experience).
And when the detection moves to run time (your 'if (local : sr)'), I still
don't see why your solution is any better than a pointer ('if (p)'). (The
argument for std::optional<T&> is that it is uniformity is useful in
generic code; that argument does not apply here.)
--
Nevin ":-)" Liber <mailto:nevin@eviloverlord.com> (847) 691-1404
--
--0015175cfccc7b5f4404d0feaafd
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 16 December 2012 14:45, Fernando Pelliccioni <span dir=3D"ltr"><<a hr=
ef=3D"mailto:fpelliccioni@gmail.com" target=3D"_blank">fpelliccioni@gmail.c=
om</a>></span> wrote:<br><div class=3D"gmail_quote"><blockquote class=3D=
"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding=
-left:1ex">
<div>( This is related to <a href=3D"https://groups.google.com/a/isocpp.org=
/d/topic/std-proposals/QPNQCEwlxQE/discussion" target=3D"_blank">https://gr=
oups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion</=
a> )<br>
</div><div>
<br></div><div>The problem I'm trying to solve is called "Null Ref=
erences: The Billion Dollar Mistake" by Tony Hoare.</div><div><a href=
=3D"http://qconlondon.com/london-2009/presentation/Null+References:+The+Bil=
lion+Dollar+Mistake" target=3D"_blank">http://qconlondon.com/london-2009/pr=
esentation/Null+References:+The+Billion+Dollar+Mistake</a></div>
<div><br></div><div>The idea is not to try to abolish null pointers (which =
are useful), but avoid dereferencing null pointers at compile-time.</div></=
blockquote><div><br></div><div>How often does that happen? =A0Why can't=
compilers detect this now and warn you (as part of QoI)? =A0It seems like =
a *lot* of complexity and machinery to address what is at best a very rare =
problem (at least in my experience).</div>
<div><br></div><div>And when the detection moves to run time (your 'if =
(local : sr)'), I still don't see why your solution is any better t=
han a pointer ('if (p)'). =A0(The argument for std::optional<T&a=
mp;> is that it is uniformity is useful in generic code; that argument d=
oes not apply here.)</div>
<div>--=A0</div></div>=A0Nevin ":-)" Liber=A0 <mailto:<a href=
=3D"mailto:nevin@eviloverlord.com" target=3D"_blank">nevin@eviloverlord.com=
</a>>=A0 (847) 691-1404<br>
<p></p>
-- <br />
<br />
<br />
<br />
--0015175cfccc7b5f4404d0feaafd--
.
Author: Sebastian Gesemann <s.gesemann@gmail.com>
Date: Mon, 17 Dec 2012 11:45:31 +0100
Raw View
On Sun, Dec 16, 2012 at 9:45 PM, Fernando Pelliccioni
<fpelliccioni@gmail.com> wrote:
> ( This is related to
> https://groups.google.com/a/isocpp.org/d/topic/std-proposals/QPNQCEwlxQE/discussion
> )
>
> The problem I'm trying to solve is called "Null References: The Billion
> Dollar Mistake" by Tony Hoare.
> http://qconlondon.com/london-2009/presentation/Null+References:+The+Billion+Dollar+Mistake
>
> The idea is not to try to abolish null pointers (which are useful), but
> avoid dereferencing null pointers at compile-time.
Is this really an issue in C++? I can see that it might be more of a
PITA in other languages that force a level of indirection onto you
even if you don't need it. But I can't remember the last time I ran
into this problem in C++. In the domain of number chrunching that I
work in, this is not an issue. My impression is that you try to solve
a different language's problem in C++.
> Idea:
> - T&
> - nullable
> - re-assignable
> - safe dereferencing
How do you intent to differentiate between "reseating the reference"
and "assigning to the referee"?
int i = 17;
int j = 29;
int safe& ref = i;
i = j; // what does this do?
Does it make the reference 'ref' now refer to j or does it assign the
value of j to i?
Apart from this issue, I don't see the point in introducing a third
kind of pointer/reference that is nullable.
If you want things to be checked at compile-time think about how a
static analyzer could work and what additional information it needs to
be able to catch these errors.
From your initial post I gather that you are also interested in
runtime checking. This could be solved with a simple pointer wrapper
like
template<class T>
class checking_ptr
{
T* ptr;
public:
checking_ptr(T* p = 0) : ptr(p) {}
template<class U
,class=typename std::enable_if<
std::is_convertible<U*,T*>::value
>::type
>
checking_ptr(checking_ptr<U> p) : ptr(p.get()) {}
T& operator*() const { assert(!!ptr); return *ptr; }
T* operator->() const { assert(!!ptr); return ptr; }
T* get() const { return ptr; }
};
Just let your debugger break on an assertion failure.
Cheers!
SG
--
.