Standards Development

Scope

A technical specification of an extension of the programming language C. It describes the syntax, semantics and constraints pertaining to a new type qualifier. It also gives recommendations for how the information provided by the new qualifier can be used to facilitate data-flow analysis.

Purpose

Many operations on null pointer values result in undefined behaviour that can be costly to diagnose during software development, and in the worst cases can cause security vulnerabilities in deployed software. The proposed type qualifier allows programmers to provide information about whether pointers should be assumed to be nullable for the purpose of static analysis and thereby find such errors at translation time instead of at run time. It also provides value to programmers in the form of documenting interface expectations.

The charter of the C committee states that programmers need the ability to check their work, and that software interfaces should be analyzable and verifiable. These are prerequisites for enabling secure programming, which is one of the principles upon which the Committee revises the Standard. The charter also states that the language should allow programmers to write concise, understandable, and readable code. Vendor-specific null pointer annotations are not concise, fragment the software ecosystem, do not integrate seamlessly with the existing language (another charter principle), and consequently are not amenable to other proposed improvements such as enhanced type variance