Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site harvard.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!godot!harvard!macrakis
From: macrakis@harvard.ARPA (Stavros Macrakis)
Newsgroups: net.lang
Subject: Nil dereferencing protection
Message-ID: <338@harvard.ARPA>
Date: Mon, 28-Jan-85 16:46:04 EST
Article-I.D.: harvard.338
Posted: Mon Jan 28 16:46:04 1985
Date-Received: Wed, 30-Jan-85 05:23:30 EST
References: <2340@hplabsc.UUCP> <4948@utzoo.UUCP> <6292@boring.UUCP> <536@mako.UUCP>
Distribution: net
Organization: Aiken Comp. Lab., Harvard
Lines: 33

> > For instance, it is possible to statically guarantee that nil
> > pointers are never dereferenced  --Pemberton
> Ada supports this...  --Steinman

Unfortunately, this is not and cannot be true.  (consider "a := if
program P halts, then nil else new foo; deref(a)")

What Ada could have done and didn't would be to define a subtype of access
types `non-null'; no dereferences of a variable of such subtype would need
be dynamically checked, but of course assignments to values not of that
subtype would have to be.  Such a subtype would probably make possible the
elimination of essentially all dynamic nil deref checks in many programs,
if properly used.

	-s

Appendix: Example

type ptr is access foo;
subtype goodptr is ptr.all;	-- Arbitrary syntax; suggests .all exists

XXX v: goodptr;			--Illegal: default initialization is nil
v,w: goodptr := new foo;
x,y: ptr;
function ptrptr(a:ptr) return ptr;
function ptrgoodptr(a:ptr) return goodptr;
function goodptrptr(a:goodptr) return ptr;
...
    v := x;			-- Must check for non-null
    w := v;			-- Check not necessary
    v := ptrptr(v);		-- Must check result
    v := ptrgoodptr(v);		-- No checks necessary
    x := goodptrptr(v);		--      "