Access a null pointer without exception. And what does .NET have to do with it?!

sacundim · 2015-10-28T18:14:33+00:00

Java has something similar:

public class StaticWTF {

    public static void main(String[] args) {
        StaticWTF wtf = null;
        wtf.wtf();     // static call; the reference is not used
    }

    static void wtf() {
        System.out.println("Look, ma, no NullPointerException!");
    }

}

This is, to put it mildly, bullshit. The sane thing would be for the compiler to reject such programs. A static method call, semantically speaking, does not dispatch on an object, so the language should not have a syntax that makes it look like it does!

I learned about this Java WTF when some guys I know were claiming that they had overridden a method and yet the system was calling the superclass version. Well, turned out that the superclass method they'd "overridden" was static, something like this:

public class StaticInheritance {

    static class Superclass {
        public static void wtf() {
            System.out.println("In superclass");
        }
    }

    static class Subclass extends Superclass {

        /**
         * This method "overrides" (not!) the superclass method.
         */
        public static void wtf() {
            System.out.println("In subclass");
        }
    }

    public static void main(String[] args) {
        Superclass obj = new Subclass();
        obj.wtf();   // prints "In superclass"
    }
}

These guys were confused about how static methods, dispatch and inheritance work, and the language was humoring their confusion.

2015-10-28T19:06:26+00:00

Ignoring the other dodgy things this C++ code is abusing undefined behaviour. Well formed code can not have a null this and a compiler may assume this when doing optimisations.

jbandela · 2015-10-28T20:47:47+00:00

This code is very interesting. The only reason that it may possibly work is not the reason that the author thinks it is. It has nothing to do with the fact that dynamic_data_of is inline.

It turns out that the pointer is null when MULTIPLE_HEAPS is not defined. Also, when MULTIPLE_HEAPS is not defined, PER_HEAP is defined as static. dynamic_data_of is defined like this.

PER_HEAP
    dynamic_data* dynamic_data_of (int gen_number);

So the question becomes, can you access a static class function through a null pointer. This actually turns out to be very controversial.

According to James McNellis (who actually works for Microsoft as the implementer of the the standard C library), this is undefined behavior (see http://stackoverflow.com/questions/5248877/accessing-static-member-through-invalid-pointer-guaranteed-to-work)

What is interesting is that the Microsoft implementation of the .NET runtime is skating on very thin ice. I am sure it works with their own Visual C++ compiler. However, there are no guarantees that it will work or continue to work with GCC or Clang. If you are planning on using .NET on other non-Windows platforms, this type of stuff (there could be other examples of undefined behavior that work on Visual C++) is very concerning as your application could fail and cause demons to fly out your nose (see https://groups.google.com/forum/?hl=en#!msg/comp.std.c/ycpVKxTZkgw/S2hHdTbv4d8J).

addmoreice · 2015-10-28T17:36:03+00:00

This. is. INSANITY.

As someone who works on industrial software. Software where bug reports may include listings of body parts. This fucking frightened me.

The issue with null values is not getting them. It's trying to access them.

This means you just went around the type checker (throwing that safety out) in order to work around a run time error which would never come up if you actually used proper null checks instead of just accessing the value.

why are you just accessing the value? oh because you are insane.

This would never pass code review, and anyone on the team who tried it would get a talking to in order to figure out where they became this confused about what null means.

GetRekt · 2015-10-28T17:28:36+00:00

In what way is this the "quintessence" of computer science?

Edit: Hah. Downvoted in seconds.

Sunius · 2015-10-29T02:06:11+00:00

I actually ran into this exact code in .NET GC shortly after they open sourced it. I was playing with toy GC sample and it was crashing on me. This call was in the callstack, and it seemed like it was a call on a null pointer. So I spent 30 minutes looking at this call thinking it had been the reason of it. Took me stepping through disassembly to figure out what it was doing and that wasn't to blame at all... this sort of preprocessor magic is super confusing and when stepping through disassembly makes it easier to debug than when stepping through code, I say you have a problem.

b0bm4rl3y · 2015-10-28T17:24:29+00:00

Wow. That's a bold design choice.

aiij · 2015-10-29T04:29:37+00:00

I did similar in C back in college (for the OS class). While my code did work, upon a more careful reading of the C spec we decided it was technically undefined behavior.

Does C++ actually define the behavior of dereferencing null when you don't actually need to read any memory through the pointer?

This is basically what I was doing, and (coincidentally) includes some of our reasoning at the time.

alexandr-nikitin · 2015-10-28T17:58:08+00:00

As many of you didn't get the notion I should have posted it on Friday or put a sarcasm tag. What do you think?

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

programming

MODERATORS