Nullable/Notnull : syntax proposal

**pete** · Nov 4 '07, 05:55 PM

Re: Nullable/Notnull : syntax proposal

sarnold@free.fr wrote:

>
Hello,
>
I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are
verified at compile-time. It should not require additional runtime-
checks
to be implemented.
I have posted my description of how it should work at this URL:

http://sarnold.free.fr/wordpress/?p=71

Please read it and tell me what you think of it.

I don't need it.
I don't want it.
I don't like it.
I'm surprised it isn't already in C99.

--
pete

**Richard** · Nov 4 '07, 05:55 PM

Re: Nullable/Notnull : syntax proposal

sarnold@free.fr writes:

Hello,
>
I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are
verified at compile-time. It should not require additional runtime-
checks
to be implemented.
I have posted my description of how it should work at this URL:

http://sarnold.free.fr/wordpress/?p=71

Please read it and tell me what you think of it.
>
Regards,
StÃ©phane A.

Simplify it. There is no need for "nullable" since it's already there.

In addition I think it's a silly idea. Just wrap malloc to do what you want to
do rather than have the assignment to a notnull variable. Much more
efficient. Otherwise every time you assign to a notnull the system will
be performing these checks.

**jacob navia** · Nov 4 '07, 05:55 PM

Re: Nullable/Notnull : syntax proposal

sarnold@free.fr wrote:

Hello,
>
I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are
verified at compile-time. It should not require additional runtime-
checks
to be implemented.
I have posted my description of how it should work at this URL:

http://sarnold.free.fr/wordpress/?p=71

Please read it and tell me what you think of it.
>
Regards,
Stéphane A.
>

You can assert a parameter not being null in standard C by

int function(int MyTable[static 1]);

This means that the parameter MyTable has at least one
element, i.e. it can't be NULL.

True, it is NOT a GREAT syntax but it is standard.

jacob

**santosh** · Nov 4 '07, 06:15 PM

Re: Nullable/Notnull : syntax proposal

sarnold@free.fr wrote:

I am proposing to create two new keywords for C, [ ... ]

Since you are apparently proposing changes to the language the correct
group for that would be <news:comp.std. c>

**Richard** · Nov 4 '07, 06:25 PM

Re: Nullable/Notnull : syntax proposal

santosh <santosh.k83@gm ail.comwrites:

sarnold@free.fr wrote:
>

>I am proposing to create two new keywords for C, [ ... ]

>
Since you are apparently proposing changes to the language the correct
group for that would be <news:comp.std. c>

He is asking for C programmer's opinions. So here is perfectly valid.

**=?iso-2022-kr?q?=1B=24=29CHarald_van_D=0E=29=26=0F** · Nov 4 '07, 07:05 PM

Re: Nullable/Notnull : syntax proposal

On Sun, 04 Nov 2007 18:53:49 +0100, jacob navia wrote:

sarnold@free.fr wrote:

>Hello,
>>
>I am proposing to create two new keywords for C, 'notnull' and
>'nullable'.
>Their meaning is a sort of 'design by contract', ensuring some rules
>are
>verified at compile-time. It should not require additional runtime-
>checks
>to be implemented.
>I have posted my description of how it should work at this URL:
>http://sarnold.free.fr/wordpress/?p=71 Please read it and tell me what
>you think of it.
>>
>Regards,
>StÃ©phane A.
>>
>>

You can assert a parameter not being null in standard C by
>
int function(int MyTable[static 1]);

Almost, but not quite.

This means that the parameter MyTable has at least one element, i.e. it
can't be NULL.

It means you can't call function with the result of malloc(1), while
occasionally (okay, rarely) that's actually useful.

**jacob navia** · Nov 4 '07, 07:15 PM

Re: Nullable/Notnull : syntax proposal

Harald van DÄ³k wrote:

On Sun, 04 Nov 2007 18:53:49 +0100, jacob navia wrote:

>sarnold@free.fr wrote:

>>Hello,
>>>
>>I am proposing to create two new keywords for C, 'notnull' and
>>'nullable'.
>>Their meaning is a sort of 'design by contract', ensuring some rules
>>are
>>verified at compile-time. It should not require additional runtime-
>>checks
>>to be implemented.
>>I have posted my description of how it should work at this URL:
>>http://sarnold.free.fr/wordpress/?p=71 Please read it and tell me what
>>you think of it.
>>>
>>Regards,
>>StÃ©phane A.
>>>
>>>

>You can assert a parameter not being null in standard C by
>>
>int function(int MyTable[static 1]);

>
Almost, but not quite.
>

>This means that the parameter MyTable has at least one element, i.e. it
>can't be NULL.

>
It means you can't call function with the result of malloc(1), while
occasionally (okay, rarely) that's actually useful.

Can you explain what you say?

I didn't understand what you are saying.

**Jack Klein** · Nov 5 '07, 04:05 AM

Re: Nullable/Notnull : syntax proposal

On Sun, 04 Nov 2007 09:23:20 -0800, sarnold@free.fr wrote in
comp.lang.c:

Hello,
>
I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are
verified at compile-time. It should not require additional runtime-
checks
to be implemented.
I have posted my description of how it should work at this URL:

http://sarnold.free.fr/wordpress/?p=71

Please read it and tell me what you think of it.

No. Because...no.

Not even if you made them _Notnull and _Nullable, which I'm fairly
sure the committee would insist on to keep them in the implementation
namespace to avoid breaking existing code.

Just no.

--
Jack Klein
Home: http://JK-Technology.Com
FAQs for
comp.lang.c http://c-faq.com/
comp.lang.c++ http://www.parashift.com/c++-faq-lite/
alt.comp.lang.l earn.c-c++

http://www.club.cc.cmu.edu/~ajo/docs/FAQ-acllc.html

**Eric Sosman** · Nov 5 '07, 01:35 PM

Re: Nullable/Notnull : syntax proposal

sarnold@free.fr wrote:

Hello,
>
I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are
verified at compile-time. It should not require additional runtime-
checks
to be implemented.
I have posted my description of how it should work at this URL:

http://sarnold.free.fr/wordpress/?p=71

Please read it and tell me what you think of it.

Your proposal should describe why the proposed feature
would be useful, why it would make life better for programmers
and/or improve the quality of programs. If the information
is already there, it is presented too subtly for me to grasp.

By the way, the example with free() is not well-chosen.
The behavior of free() with a NULL argument is well-defined;
there is no need to assert that the argument cannot be NULL,
because it can be. Perhaps an example with fclose() or
strlen() would raise fewer eyebrows.

--
Eric Sosman
esosman@ieee-dot-org.invalid

**Richard** · Nov 5 '07, 01:45 PM

Re: Nullable/Notnull : syntax proposal

Eric Sosman <esosman@ieee-dot-org.invalidwrit es:

sarnold@free.fr wrote:

>Hello,
>>
>I am proposing to create two new keywords for C, 'notnull' and
>'nullable'.
>Their meaning is a sort of 'design by contract', ensuring some rules
>are
>verified at compile-time. It should not require additional runtime-
>checks
>to be implemented.
>I have posted my description of how it should work at this URL:
>http://sarnold.free.fr/wordpress/?p=71
>Please read it and tell me what you think of it.

>
Your proposal should describe why the proposed feature
would be useful, why it would make life better for programmers
and/or improve the quality of programs. If the information
is already there, it is presented too subtly for me to grasp.

It is pretty obvious what "notnull" means. But as I said in a previous
post if the use is limited to allocation assignments better to do the
checks and relevant dumps in the allocation functions themselves.

>
By the way, the example with free() is not well-chosen.
The behavior of free() with a NULL argument is well-defined;
there is no need to assert that the argument cannot be NULL,
because it can be. Perhaps an example with fclose() or
strlen() would raise fewer eyebrows.

**=?iso-2022-kr?q?=1B=24=29CHarald_van_D=0E=29=26=0F** · Nov 5 '07, 05:35 PM

Re: Nullable/Notnull : syntax proposal

On Sun, 04 Nov 2007 20:12:30 +0100, jacob navia wrote:

Harald van DÄ³k wrote:

>On Sun, 04 Nov 2007 18:53:49 +0100, jacob navia wrote:

>>You can assert a parameter not being null in standard C by
>>>
>>int function(int MyTable[static 1]);

>>
>Almost, but not quite.
>>

>>This means that the parameter MyTable has at least one element, i.e.
>>it can't be NULL.

>>
>It means you can't call function with the result of malloc(1), while
>occasionally (okay, rarely) that's actually useful.

>
Can you explain what you say?
>
I didn't understand what you are saying.

Assuming sizeof(int) 1, and some free memory, malloc(1) is a non-null
pointer that doesn't point to at least one int. So if you pass that
pointer to a function defined as taking int[static 1], the behaviour is
undefined. If you could specify a function as needing a non-null pointer,
it would (presumably) be allowed, since it is a valid pointer which is not
a null pointer.

**jacob navia** · Nov 5 '07, 06:55 PM

Re: Nullable/Notnull : syntax proposal

Harald van DÄ³k wrote:

On Sun, 04 Nov 2007 20:12:30 +0100, jacob navia wrote:

>Harald van DÄ³k wrote:

>>On Sun, 04 Nov 2007 18:53:49 +0100, jacob navia wrote:
>>>You can assert a parameter not being null in standard C by
>>>>
>>>int function(int MyTable[static 1]);
>>Almost, but not quite.
>>>
>>>This means that the parameter MyTable has at least one element, i.e.
>>>it can't be NULL.
>>It means you can't call function with the result of malloc(1), while
>>occasionall y (okay, rarely) that's actually useful.

>Can you explain what you say?
>>
>I didn't understand what you are saying.

>
Assuming sizeof(int) 1, and some free memory, malloc(1) is a non-null
pointer that doesn't point to at least one int. So if you pass that
pointer to a function defined as taking int[static 1], the behaviour is
undefined. If you could specify a function as needing a non-null pointer,
it would (presumably) be allowed, since it is a valid pointer which is not
a null pointer.

I think the "static 1" means that you have AT LEAST 1 int (in this case)

This means that passing a pointer to a buffer less than sizeof(int)
is illegal. Of course you can pass a non null pointer to a wrong
buffer but the interface requirements mean that the pointer points
to a buffer AT LEAST bigger than sizeof(int).

--
jacob navia
jacob at jacob point remcomp point fr
logiciels/informatique

403 Forbidden

http://www.cs.virginia.edu/~lcc-win32

**=?iso-2022-kr?q?=1B=24=29CHarald_van_D=0E=29=26=0F** · Nov 5 '07, 08:05 PM

Re: Nullable/Notnull : syntax proposal

On Mon, 05 Nov 2007 19:54:40 +0100, jacob navia wrote:

Harald van DÄ³k wrote:

>On Sun, 04 Nov 2007 20:12:30 +0100, jacob navia wrote:

>>Harald van DÄ³k wrote:
>>>On Sun, 04 Nov 2007 18:53:49 +0100, jacob navia wrote:
>>>>You can assert a parameter not being null in standard C by
>>>>>
>>>>int function(int MyTable[static 1]);
>>>Almost, but not quite.
>>>>
>>>>This means that the parameter MyTable has at least one element, i.e.
>>>>it can't be NULL.
>>>It means you can't call function with the result of malloc(1), while
>>>occasional ly (okay, rarely) that's actually useful.
>>Can you explain what you say?
>>>
>>I didn't understand what you are saying.

>>
>Assuming sizeof(int) 1, and some free memory, malloc(1) is a non-null
>pointer that doesn't point to at least one int. So if you pass that
>pointer to a function defined as taking int[static 1], the behaviour is
>undefined. If you could specify a function as needing a non-null
>pointer, it would (presumably) be allowed, since it is a valid pointer
>which is not a null pointer.

>
I think the "static 1" means that you have AT LEAST 1 int (in this case)

Exactly.

This means that passing a pointer to a buffer less than sizeof(int) is
illegal.

Exactly.

Of course you can pass a non null pointer to a wrong buffer but
the interface requirements mean that the pointer points to a buffer AT
LEAST bigger than sizeof(int).

Which means int[static 1] is a stronger requirement than what
int *nonnull would mean if nonnull existed as a keyword.

**Stephen Sprunk** · Nov 6 '07, 01:55 AM

Re: Nullable/Notnull : syntax proposal

<sarnold@free.f rwrote in message
news:1194197000 .255553.199040@ d55g2000hsg.goo glegroups.com.. .

I am proposing to create two new keywords for C, 'notnull' and
'nullable'.
Their meaning is a sort of 'design by contract', ensuring some rules
are verified at compile-time. It should not require additional runtime-
checks to be implemented.

I don't see the point if there's no runtime checking. A compile-time check
could only flag cases where a pointer _might_ be null, but any pointer
_might_ be null if you don't know where it came from.

For this to be useful, you'd need to do the checks at runtime; that
basically boils down to the compiler inserting an assert() for the
programmer either before each assignment and either before each function
call or after each function entry. If I wanted that (and I almost always
do), I'd put the necessary assert()s in myself, or use some sort of if/else
logic for more friendly results.

S

--
Stephen Sprunk "God does not play dice." --Albert Einstein
CCIE #3723 "God is an inveterate gambler, and He throws the
K5SSS dice at every possible opportunity." --Stephen Hawking

--
Posted via a free Usenet account from http://www.teranews.com

Nullable/Notnull : syntax proposal

Nullable/Notnull : syntax proposal

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment