A pointer variable is an object that can point to another object. Here int *ptr = NULL; declares ptr as a pointer object, that potentially points to an object of int.

The value initially stored into this pointer object is NULL (it is initialized to NULL, so ptr does not point to any object).

Now, ptr too resides in memory. It needs enough bytes to contain the address of the pointed-to object. So it too needs to have an address. Therefore

• ptr evaluates to the address of object that ptr points to.
• &ptr evaluates to the location of the ptr object itself in memory
• *ptr evaluates to the value of the object that ptr points to, if it points to an object. If it does not point to an object, then the behaviour is undefined.

Also, %p needs a void * as the corresponding argument, therefore the proper way to print them is

printf("%p\n", (void *)ptr);
printf("%p\n", (void *)&ptr);

You're setting a pointer to 0 (NULL) and then adding 1 to it; then you're converting the result to an int and printing the result. The key piece of knowledge you need here is that when you increment (add 1 to) a pointer, you actually add the size of the pointed-to object -- an int pointer is advanced to point to the next int. Since int is (apparently) 4 bytes on your platform, p is incremented to point to an address 4 bytes past where it starts.

In general, yeah you can choose any arbitrary address that you want for null address.

The reason you can do that is because it is almost impossible for you to choose a random address that somebody already has a private key for it. Let's do some math to prove it, an address is 256 which mean it can go up to 2^256. The earth population at this time (12/2021) is about 7.9 billion but i will make it 8 billion for ease in calculation. Assume every person in the planet has 100 private key corresponding to the address they have. Then the possiblity that you can choose an address that they already choosen is about 10^-66 (https://www.wolframalpha.com/input/?i=800%2C000%2C000%2C000+%2F+2%5E256).

The possiblity that you win a Powerball is one in 292.2 million, roughly 10^-9 (https://www.thebalance.com/what-are-the-odds-of-winning-the-lottery-3306232). So you will have to win Powerball roughly 7 times in a row to even get a chance in picking a random address that somebody already has the private key given that everybody on the earth have 100 private keys

Dereferencing NULL is undefined behavior. Anything could happen, and most of the time bad things happen. So be scared.

Some old architectures (VAX ...) permitted you to derefence NULL.

The C11 standard specification (read n1570) does not require the NULL pointer to be all zero bits ( see C FAQ Q5.17); it could be something else, but it should be an address which is never valid so is not obtainable by a successful malloc or by the address-of operator (unary &), in the sense of C11. But it is more convenient to have it so, and in practice most (but not all) C implementations do so.

IIRC, on Linux, you might mmap(2) the page containing (void*)0 with MAP_FIXED, but it is not wise to do so (e.g. because a conforming optimizing compiler is allowed to optimize dereference of NULL).

So (void*)0 is not a valid address in practice (on common processors with some MMU and virtual memory running a good enough operating system!), because it is convenient to decide that it is NULL, and it is convenient to be sure that derefencing it gives a segmentation fault. But that is not required by the C standard (and would be false on cheap microcontrollers today).

A C implementation has to provide some way to represent the NULL pointer (and guarantee that it is never the address of some valid location). That might even be done by a convention: e.g. provide a full 2³² bytes address space, but promise to never use address 0 (or whatever address you assigned for NULL, perhaps 42!)

When NULL happens to be derefencable, subtile bugs are not caught by a segmentation fault (so C programs are harder to debug).

Couldn't I invent a new architecture where the memory address 0 is accessible to processes?

You could, but you don't want to do that (if you care about providing any standard conforming C implementation). You prefer to make address 0 be the NULL. Doing otherwise make harder to write C compilers (and standard C libraries). And make that address invalid to the point of giving a segmentation fault when derefencing make debugging (and the life of your users coding in C) easier.

If you dream of weird architectures, read about Lisp machines (and Rekursiv, and iapx 432) and see The circuit less traveled talk at FOSDEM2018 by Liam Proven. It really is instructive, and it is a nice talk.