Null引用，十亿美元损失，和软件设计的思考

　　图灵奖得主Tony Hoare，在这个Infoq办的大会上，在主题“Historically bad ideas”，它讲了一个主题“Null References: The Billion Dollar Mistake"，详细视频参见： http://www.infoq.com/presentations/Null-References-The-Billion-Dollar-Mi...

　　他在讲演摘要中是这样写的：“I call it my billion-dollar mistake. It was the invention of the null reference in 1965. At that time, I was designing the first comprehensive type system for references in an object oriented language (ALGOL W). My goal was to ensure that all use of references should be absolutely safe, with checking performed automatically by the compiler. But I couldn't resist the temptation to put in a null reference, simply because it was so easy to implement. This has led to innumerable errors, vulnerabilities, and system crashes, which have probably caused a billion dollars of pain and damage in the last forty years. In recent years, a number of program analysers like PREfix and PREfast in Microsoft have been used to check references, and give warnings if there is a risk they may be non-null. More recent programming languages like Spec# have introduced declarations for non-null references. This is the solution, which I rejected in 1965. ”. 中文意思“我叫它是我的十亿美元错误。它的发明是在1965年，那时我用一个面向对象语言( ALGOL W )设计了第一个全面的引用类型系统。我的目的是确保所有引用的使用都是绝对安全的，编译器会自动进行检查。但是我未能抵御住诱惑，加入了Null引用，仅仅是因为实现起来非常容易。它导致了数不清的错误、漏洞和系统崩溃，可能在之后40年中造成了十亿美元的损失。近年来，大家开始使用各种程序分析程序，比如微软的PREfix和PREfast来检查引用，如果存在为非Null的风险时就提出警告。更新的程序设计语言比如Spec#已经引入了非Null引用的声明。这正是我在1965年拒绝的解决方案。”

　　如果传播的是一个思想，并且如果思想到广泛传播，那么思想中一个小的失误可能会造成巨大的损失。而在软件设计中，更不能贪图省力，该怎么设计还是要怎么设计，例如测试驱动设计，乍一看先写测试导致工作量增大，其实不然，正是有不贪图省力的测试在保驾护航，才使得错误不至于漫延。而从不至于陷入焦油坑中。