Maybe it will just be easier to make any pointer type implement an Option interface (Rust, Java, Swift, Scala, etc) and encourage people to use that instead of raw pointers, since the later can't realistically be disabled or it will break every program in existence. Seems the world has more or less settled on that type or similar for null safety.

Maybe it will just be easier to make any pointer type implement an Option interface (Rust, Java, Swift, Scala, etc) and encourage people to use that instead of raw pointers, since the later can't realistically be disabled or it will break every program in existence. Seems the world has more or less settled on that type or similar for null safety.

You mean Optional, right?, swift does a pretty good job with optional types

@urandom @nebiros Thanks for your comments.

Maybe it will just be easier to make any pointer type implement an Option interface (Rust, Java, Swift, Scala, etc) and encourage people to use that instead of raw pointers, since the later can't realistically be disabled or it will break every program in existence. Seems the world has more or less settled on that type or similar for null safety.

That's a good point of view, but if we allow the possibility of using the "nillable types" (I'm calling them this way instead of "pointer types" to leave it clear that we are not talking only about pointers) both through the Optional interface and directly, then we would lose compile-time safety, as they can still be nil and, thus, we should check them.

That's one of the reasons why I ended up adding a type modifier. Other reasons are related to adhering to the Go philosophy as much as possible (simplicity, readability, etc.)

For example, here are three examples:

• A) Using filled types

func handleStockChangeEvent(product filled *Product, event filled *StockEvent) filled *Product {
    return &Product{
        ID: product.ID,
        Stock: product.Stock + event.StockIncrement,
    }
}

func main() {
    // ...
    newProduct := handleStockChangeEvent(product, event)
    fmt.Println("New product stock:", newProduct.Stock
}

• B) Implicit Optional types; using them directly: There is nothing different here than using normal pointers:

// We need to change the signature so that we return the new Product and an error
// as, now, the parameters could be nil and, in that case, the function could not proceed.
func handleStockChangeEvent(product *Product, event *StockEvent) (*Product, error) {
    if product == nil {
        return nil, errors.New("product parameter is nil")
    }
    if event == nil {
        return nil, errors.New("event parameter is nil")
    }
    return &Product{
        ID: product.ID,
        Stock: product.Stock + event.StockIncrement,
    }
}

func main() {
    // ...
    newProduct, err := handleStockChangeEvent(product, event)
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println("New product stock:", newProduct.Stock
}

• C) Implicit Optional types; using them through the Optional interface

// We would still need to return a possible error, as the parameters can still be "empty". 
// However, for the shake of showing another option, let's assume that our program 
// doesn't care about the "empty" parameters case
func handleStockChangeEvent(product optional *Product, event optional *StockEvent) optional *Product {
    // Lets assume the "Java" interface for optionals. 
    // We could also think about the `if let` Swift version. 
    if product.empty() || event.empty() {
        return optional(nil) 
    }
    return &Product{
        // However, this `.get()` function can still panic if you didn't check for "nil" before
        ID: product.get().ID, 
        Stock: product.get().Stock + event.get().StockIncrement,
    }
}

func main() {
    // ...
    newProduct := handleStockChangeEvent(product, event)
    if newProduct.empty() {
        return
    }
    fmt.Println("New product stock:", newProduct.get().Stock
}

For me, the example A) is the one that provides more value:

· We have full "compiler assistance": You are completely sure that the parameters "are there" and that it is impossible to have a panic just by inspecting their values.
· You have one less thing to think about: you can just use the parameters without the need for checking for its emptiness. Optimizing the "thinking energy" is one of the most valuable things a technology could bring to you, as that energy can then be spent in solving the real problem.
· The code is simpler and, in my opinion, more Go-like. Although this should be decided by the whole community, I'd say.

Finally, regarding:

Seems the world has more or less settled on that type or similar for null safety

I would say that something refreshing about Go is that it didn't take for granted what the world was settled on (like object orientation, inheritance, exceptions, etc.). It rethought it and created something simpler (or removed it :-) )
Let's try to do the same thing for nils!

In conclusion: There are several ways of overcoming the "nil dereference errors", each one with its strengths and weaknesses. We need to find the one that fits best in Go, not only with its philosophy but with its current state of the art: the mindset of all the developers using it for years, backward compatibility with current programs, orthogonality with existing and planned functionality, etc.
This is the hardest part!

I have made some updates to the proposal:

• New section called "Method set of filled pointer types" added
• New section "A note about performance" added
• Collapsed the details of each section. This helps to understand the foundation and improves readability
• Added a table of contents

Now the idea is to get some feedback, either positive or negative, especially to find out points that do not fit well in Go.
Thanks!

Zero values currently exist in quite a few places in the language. I think you need to address how filled types (which have no zero value) behave in each case.

For example, (map[int]filled*int{})[5]) would produce a zero value of type filled*int. Does this mean that you cannot use filled types as values in maps?

Similarly, slices can be resliced, exposing zero elements:

var x int

var slice []filled*int = []filled*int{&x, &x, &x}

for i := 0; i < 300; i++ {
    slice = append(slice, &x)
}
// at this point, cap(slice) > len(slice)
// (This is not guaranteed by the language, but is very likely)
slice = slice[:cap(slice)]

slice[len(slice)-1] // zero value!

Without allowing capacity to grow larger than length, the performance of append suffers substantially. Does this mean that indexing into a valid index in a slice of filled types can now panic? Or does growing the slice to its capacity do that?

Similarly, when reading from a closed chan filled *int, what do you obtain? Does this mean that you can't make channels of filled types?

The same issues apply whenever a filled type is used as a struct field.

Do you intend to allow implicit conversions from filled X to X when used in arguments or returns from functions? Otherwise, using filled types in user code will make calling filled-unaware library code inconvenient. As a general rule, I think casts should be looked upon with suspicion (since they usually indicate that you're breaking some abstraction moving between a custom type and its underlying abstraction). But if a library expects a *FooRequest and I have a filled *FooRequest I shouldn't need to write something so suspicion-inducing as a cast just to call that one function. Either the implicit cast should be permitted, or some new syntax should be used to indicate that the cast is safe and doesn't change semantics.

Lastly I think the method sets for filled pointer types might lead to some confusion when performing interface assertions.

type Fooer interface {
    Foo()
}

type Example struct{}
func (e filled *Example) Foo() {}

func example() {
    var blob interface{} = &Example{}

    fooer, ok := blob.(Fooer)
    // Is this ok or not? I have a non-nil *Example, so calling Foo should be safe!
}

I think this could lead to the same sort of confusion as "not-nil interfaces can still hold nil". Ensuring that this works in a way that is predictable and intuitive I think is important to preserving Go's readability.

I think it would be best to not distinguish between filled T and T when stored as interface values, and instead when performing a type assertion, check whether the value is nil to decide which method sets it possesses. This provides the best reverse-compatibility between existing filled-unaware code and new filled-aware code and has a low cost to understanding what's going on (a filled T is just a T that isn't nil).

@Nathan-Fenner Thanks for the great analysis.

I would definitely like to have non nillable types in Go (I even wrote an experience report). But @Nathan-Fenner makes some very good points. And I want to add to that with another reason why it currently doesn't fit well in Go: error handling. When there's an error right now you normally return a zero value as well. So what do you do when the return type is nonnil/filled? Do you make it nillable for every function that can return an error?

Another place nil values appear is in struct fields, meaning non-zero-ness would have to be contagious, or else such structs would themselves have to be marked as filled before any filled fields can be treated as non-zero.

Regarding make for slices, make([]int, 0, 10) is already a thing, meaning a slice with zero length and a capacity of ten, so you can't use that syntax to provide a default value. However, if you start with a zero length and then only grow the slice with append, then you don't need to specify a default value. The trick is getting the compiler to enforce this.

Another factor in designing this is that there are many places where Go has a contract based on multiple values. For example

func Foo1() (T, error) { ... }

Generally, the contract is that if the error is nil, then the T value will be initialized. However, if the caller needs filled T instead, they'd have to both check for an error and also then somehow assert that the T is initialized. Without having some way to encode this contract explicitly in the language, using this common Go pattern with filled types would be problematic. This also applies to the v, ok := ... pattern, which is also a first class feature of the language.

One way to allow non-filled values to be promoted to filled that would be relatively painless to use would be flow-aware typing. Basically, if you have if v == nil { return ... }, then after this statement v can be assigned to a filled type. To solve the slicing problem, the compiler would have to understand if i <= len(s) { s = s[x:i] } preserves the filled status of the elements of s, which seems a bit less explicit than you'd expect from Go.

Another way would be to support assertions, like y, ok := x.(filled T). In branches where ok is known to be true, y is known to be filled. This could also work for other comma-ok language features. Unfortunately, this wouldn't work with slices or structs containing filled types. Also, it doesn't really suggest a solution to the slicing problem.

This suggests a potential solution to the multi-value contracts problem. If Go had a couple built-in generic types, like result[T, U...] and optional[T] which were assignable to t, u..., err and t, ok respectively, then these could be used as return types to encode the contract that if err is nil or ok is true, then the other values in the assignment are initialized. Being able to use result in a generic context would require variadics, however, and the language team has not show an interest in supporting variadic generics.

Speaking of generics. The existence of types without zero values suggests that generic code would have to behave as if all type parameter types don't have zero values unless constrained by a some sort of zeroable bound. This complicates adding generics.

Regarding slices and cap: given that index operations and append are so much more frequent than reslicing beyond len, it seems to me that the obvious solution is the same one that I mentioned in #24956 (comment): elements of a filled slice up to len must be initialized, and reslicing past cap should panic.

I think you wanted to write if x == nil instead of if x != nil. ;)

@Nathan-Fenner
Thank you very much for such a nice critic showing the weak points of the proposal!
I will try to address each point one by one, as each one requires a lot of thinking, time and energy:

Regarding the zero value when accessing maps, slices, and channels of filled types

Good point! After thinking a lot, several ideas came to my mind but I think a suggestion by JHunz on Reddit is the one that suits better:

When declaring/creating a map, slice or channel of a filled type, you need to provide a function that provides a default value to be used in those situations where a zero value must be returned.

The syntax (one of the trickiest part in this case) for this would be consistent with the section "Converting a nillable type to its fillable type"

Here are examples for each container type and for all the different ways of initialization:

• Maps
  For example, a map of filled pointers:

func zeroIntPointer() filled *int {
	return new(int)
}

// With make
var m = make(map[string]filled *int, zeroIntPointer)
// With make and capacity
var m = make(map[string]filled *int, 100, zeroIntPointer)
// With map literal
var legs = 4
var m = map[string]filled *int{
	"Dog":     &legs,
	"Cat":     &legs,
	"Octopus": &legs,
}(zeroIntPointer)

• Channels
  For example, a channel of functions

func zeroProcessor() filled func() error {
	return func() error {
		return nil
	}
}

// With make
var c = make(chan filled func() error, zeroProcessor)
// With make, buffered channel
var c = make(chan filled func() error, 10, zeroProcessor)

• Slices
  For example, a slice of interfaces

type defaultStringer struct {}
func(defaultStringer) String() string {
	return ""
}

func zeroStringer() filled fmt.Stringer{
	return defaultStringer{}
}

// With make
var s = make([]filled fmt.Stringer, 3, zeroStringer)
// With literal
var s = []filled fmt.Stringer{a, b, c}(zeroStringer)

This is the most flexible way I have come up with. With this, we don't need to do any exceptions to the already-established pattern of returning zero-values from maps, slices, and channels when using filled types (which is one of the intentions of this proposal: try to be orthogonal and less disruptive as possible).

What is more, if Generics make it to the language one day, those functions to provide the default value could be greatly simplified, as even the standard library could provide generic implementations for some cases:

// This could be in the standard library
func zeroPointer(type T)() filled *T {
	return new(T)
}

// Then we could use it in the Maps example

There is always the alternative of forbidding having maps, slices, and channels of filled types. You can always use normal types in those cases. For me, this would be too restrictive.

@alvaroloes

// With make
var c = make(chan filled func() error, zeroProcessor)
// With make, buffered channel
var c = make(chan filled func() error, 10, zeroProcessor)

If we were to go for zero processors, I'd suggest to at least keep the arguments always the same. So argument 2 is always capacity. If you want to declare a non-buffered channel, one would do:

// With make (non-buffered)
var c = make(chan filled func() error, 0, zeroProcessor)

Thanks for the extensive proposal. It would be nice to have ways to make the language safer. But this approach seem out of place with how Go works today. Go currently has only one rarely-used type qualifier (send-only and receive-only channels). If people started using filled or some shorter equivalent, it would likely appear all over Go programs. That would give the language a different feel.

The notion of the zero value of a type is built into the language at a pretty deep level, as @Nathan-Fenner discusses in the comment above. Adding additional arguments to make to pass in a function to return a non-zero value is a complex workaround.

We would also need additional functions in the reflect package, to return initialized values of filled types.

All of this additional complexity only helps us avoid some programming errors, at least some of which can be detected by static analysis. Is this change worth the cost?

Thanks for the comment @ianlancetaylor . Yes, I'm aware of the added complexity and it is something I don't like much, but I haven't had time lately to simplify the proposal.
This is my third attempt to deal with nils, but I know it needs some more iterations to make it suitable for Go.

For me and other folks I know, forgetting about nil issues is something that adds a lot of value (for the reasons stated in the "Introduction and justification" section). I remember, when I started with Go, loving the fact that strings are never nil, unlike other languages. I wish all the types work in the same way.

Some quick comments about some of your sentences:

If people started using filled or some shorter equivalent, it would likely appear all over Go programs. That would give the language a different feel.

Yes, I thought about this. My first attempt was to make all nilable types "filled" by default, and then you would need to use the modifier nilable if you want that type to contain nil. This will make the modifier to appear rarely.
But this will break backward compatibility. This is the reason I opted for the opposite behavior (nilable by default, as it is now)

The notion of the zero value of a type is built into the language at a pretty deep level, as @Nathan-Fenner discusses in the comment above. Adding additional arguments to make to pass in a function to return a non-zero value is a complex workaround.

I know! To be honest, I'm not proud of that workaround.

Once I get some time, my idea is to explore the zero value "issue" in more detail and see if there is something we can do to make the zero value of all the current "nilable" types useful (without being nil), in the same way as the zero value of strings or slices.

For the reasons given above at #33078 (comment), this is a likely decline.

There is probably something we can do in this area, based on static checking, and perhaps annotations and dynamic checking. Complicating the type system doesn't seem like the right approach for Go.

Leaving open for four week for further comments.

All right.
Right now I don't have more spare time to spend on this proposal, so feel free to close it once the final comment period finishes.

Thanks for your time

Right now I don't have more spare time to spend on this proposal, so feel free to close it once the final comment period finishes.

Will do.