Manuel Fähndrich and K. Rustan M. Leino
Manuel Fähndrich and K. Rustan M. Leino
Manuel Fähndrich and K. Rustan M. Leino
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Article: Declaring <strong>and</strong> Checking Non-null Typesin an Object-Oriented LanguageAuthors: <strong>Manuel</strong> Fähndrich <strong>and</strong> K. <strong>Rustan</strong> M. <strong>Leino</strong>
Authors• <strong>Manuel</strong> Fähndrich• Diplome, Ecole Polytechnique Fédérale de Lausanne (1993)• PhD, University of California, Berkeley (1998)• Senior Researcher, Microsoft−PLA, Programming Languages <strong>and</strong> Analysis• K. <strong>Rustan</strong> M. <strong>Leino</strong>• BA, The University of Texas at Austin (1989)• MS, California Institute of Technology (1993)• PhD, California Institute of Technology (1995)• Principal Researcher, Microsoft−−RiSE, Research in Software EngineeringLeads the Spec# project
Article• Published: 2003• OOPSLA'03• Conference on Object-Oriented Programming, Systems,Languages, <strong>and</strong> Applications
Article Outline• Introduction• Non-null types• Adding non-null to C#• Implementation of checker• Experiment• Design alternatives• Related work• Conclusion
Introduction• What is “null”?• What is the problem with “null”?• Basicly, h<strong>and</strong>ling a value that does not exists• NullReferenceException• ArgumentNullException
Non-null type• What is “non-null”?• T+, types including null, “possible-null”• T-, “proper objects”• What is the advantages?• Removal of null types <strong>and</strong> exceptions
Non-null in C#• Local variables• Construction of objects• this• Traw, “partially initialised”• Class frames• Array types• Value types, structs• Call-by-reference (ref)• Static class fields
Implementation• Adds custom attributes to C#• [MayBeNull], [Raw]• [NotNull], [Inits]• Checker at CIL level• Not all is implemented• Assumes e.g. thread-safety
Experiment• Checks one of their old projects• ~20.000 lines of code• Validated ~8000 places• Found higher-level design issues• Annotation density• Fairly low− (2.6% of fields, 0.5% of parameters)• Shortcomings
Finalizing• Design alternatives• Constructor in three parts• Related work• Conclusion
My Comments• Article• Implementation lacks a bit• Probably been used in Spec#• Non-null types• Not in C# today• Raised with the C++ “null-pointer exception”− Often a sign of bad code• Good example of how lazy we are!
Fin
Change language