Consider changing the treatment of null pointers. about checkedc HOT 3 OPEN

Two things we need to think about, as brought up in the meeting today:

• Array to Pointer Decays: What kind of pointers do arrays become? This probably changes when we consider local arrays vs global arrays vs parameter arrays (which "decay" in the declaration to array_ptrs)
• Function Pointers: I assume named functions become non-null ptrs to functions, and nullary ptrs to functions get a dynamic check before every call.

from checkedc.

There was additional feedback from the meeting that it would be useful to understand where nullable pointers would be useful. The conjecture was that nullable pointers would be used a lot in data structures, but not used that much for local variables. A suggestion was that it would be useful to take some real-world code (such as OpenSSL) and mock up part of it with the proposed changes.

I think one reason why nullable pointers might be used in data structures is that requiring that members have non-nullable pointers means that we need to check that members are initialized properly to non-null before they are used. This would mean expanding the treatment of initialization of data structures in the Checked C specification - zeroing allocated data would not be sufficient. For objects, we would have to make sure that an object with a non-null ponter does not escape before it is initialized. We would probably also need a flow-sensitive treatement of initialization of variables and data structures.

from checkedc.

After thinking about this, we decided that this would be a substantial language change that would require some effort to implement in the Checked C version of clang. We think it is more useful to get a working compiler with runtime checking first before making this language change, that is, implement the version 0.6 spec before making substantial changes to the language extension in this area.

from checkedc.