Tony Hoare, Inventor of QuickSort, Turing Award Winner
I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn’t resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years. In recent years, a number of program analysers like PREfix and PREfast in Microsoft have been used to check references, and give warnings if there is a risk they may be non-null. More recent programming languages like Spec# have introduced declarations for non-null references. This is the solution, which I rejected in 1965.
A fascinating quote. I want a notation for nullable references, rather than non-nullable ones.
I like the question mark for this.
I don’t understand why C# handles this differently between value and reference types.
That’s an implementation detail that shouldn’t seep over into nullability concerns.
In short, this code…
int? x;
should work just like this code…
MyClass? x;
and this code…
int y = 0;
should work just like this code…
MyClass y = … ;
with respect to nullability.
Comment by John DeHope — December 23, 2008 @ 2:36 pm
Go Spec#!!! I HATE the fact that Spec# is in beta and that I haven’t been able to roll it into my mainstream code. I love the project.
Comment by Eric Swanson — December 23, 2008 @ 3:51 pm
What I’d really like is a mainstream language where the default for references is non-nullable. It would be nice to have immutable data as a default also. We are getting some nice language features now, but they are being added to languages where the defaults are no longer nice.
Comment by Michael Feathers — December 23, 2008 @ 6:36 pm
@John DeHope.
I’m not sure I understand your request, but you have to understand that it is impossible for a value type to point to null.
A value type is stored on the stack, there is no pointer, so there can be no null reference. Nullable value types are actually of type Nullable, and it emulates the nullable concept through boilerplate code in that struct.
A reference type on the other hand, is actually formed on the heap, all that is on the stack is a pointer. Obviously, this pointer could point to null, hence a nullable reference type.
You cannot have a nonnullable reference type, the pointer must point to somewhere. The best you could do is enforce assignment at the compilation level, but even then, you could reassign something to null, and throw a run time exception.
Comment by Jonathan Holland — December 23, 2008 @ 7:51 pm
@Michael
That is why I have my Haskell T-Shirt almost always on while at work :) Monads Monads Monads!
I guess it is too late for C# and Java. The language semantics and syntax of today do not allow it. I will hate to see it introduced through Spec# assertions because this will leave the type system ill and will add more complexity to the language to learn for such a trivial thing..
The only thing I can think of for C# is a precompiler that will do the default non nullable check, and will represent all types that are not tagged with a special compiler type attribute as Nullable
Let’s hope that F# will reach the mainstream. As you might already know F# has no nullable types. Null is introduced like in Haskell through an “Option” type. In Haskell it is the “Maybe” type that has a monad implementation for simplicity of use (not to do checks all the time). So in these languages the type system does not introduce nulls but leaves it as an API support (sometimes with a bit of general or specific syntactic sugar). With F# being integrated in the Visual Studio 2010, we can hope for the best :)
In F# types are immutable by default :) Well I do hope that Haskell reaches the mainstream once, but I might be asking for a lot.
Personally I was disappointed to discover that Scala supports nulls :(
@Jonathan That is an implementation detail. Strong type systems like Haskell’s already abstract this and introduce both value types and reference types as non nullable >>hiding the null value for reference types and enforcing initialization through constructors on compiler time. And then introduce the special empty value through an API.
In general I guess what professor Tony Hoare is stating here is that Spec# can be a solution for the existing unfortunate problem(”to correct the mistake”) but more elegant type systems already exist when we think of new or non mainstream languages.
http://www.haskell.org/all_about_monads/html/maybemonad.html
Comment by Sadache — December 23, 2008 @ 8:38 pm
If someone wonders how “Maybe” or “Option” type (or in other words non nullable types with null implemented through monads) would look like in C# here is an excellent post http://blogs.msdn.com/wesdyer/archive/2008/01/11/the-marvels-of-monads.aspx
Comment by Sadache — December 23, 2008 @ 10:06 pm