C needs a new type qualifier: it's time for null pointer safety
14 days ago
- #type qualifiers
- #C programming
- #null safety
- The article discusses the need for a new type qualifier in C to indicate pointer nullability, inspired by Python's Optional type annotations.
- Current solutions in C for null safety, like static array extents, GNU attributes, and Clang annotations, are criticized for being verbose, error-prone, or not general-purpose.
- The proposed solution is a new type qualifier called _Optional, which would indicate that a pointer may be null, improving null safety without requiring path-sensitive analysis.
- The _Optional qualifier would be applied to the pointed-to type, not the pointer itself, aligning with C's existing type qualifier semantics.
- The article suggests modifying the semantics of the unary & operator to implicitly remove the _Optional qualifier, enabling safer conversions from maybe-null to not-null pointers.
- Prototyping in Clang showed that the _Optional qualifier could be useful for finding null-related issues even without static analysis.
- The proposal emphasizes maintaining C's simplicity and economy of expression, avoiding the complexity of existing solutions like Clang's _Nullable and _Nonnull qualifiers.
- The article calls for community support to standardize the _Optional qualifier, including implementing it in open-source compilers and contacting national standards bodies.