fire in the type hole
TRANSCRIPT
![Page 1: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/1.jpg)
Fire in the type hole Why you shouldn’t trust a Java compiler in everything
Heejong Lee (@heejongl)
![Page 2: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/2.jpg)
– Mr. Unknown Java Compiler
“Do you trust me?”
![Page 3: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/3.jpg)
Computer Science
[Tool]
The Study of Programming Languages
[Method]
The Study of Algorithm
![Page 4: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/4.jpg)
• Reliable safety net for programming systems
• Statically verifying that something wrong will not happen in the runtime
• Blazingly fast
A great step forward to the better world :Type System
![Page 5: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/5.jpg)
Type Systems
![Page 6: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/6.jpg)
Type System
Safe programs Unsafe programs
Typed programs
![Page 7: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/7.jpg)
• Verified by a type system implies a program will never violate the rule that the type system defines
• Failed by a type system does not implies a program will violate the rule that the type system defines
• Possibly, there exists a program which is safe but a type system cannot verify its safety
Type System
![Page 8: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/8.jpg)
Type System
1
![Page 9: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/9.jpg)
Type System
1:int
![Page 10: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/10.jpg)
Type System
1:int + “hello”
![Page 11: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/11.jpg)
Type System
1:int + “hello”:string
![Page 12: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/12.jpg)
Type System
1:int + “hello”:string
May cause segmentation fault, exception, unexpected behavior in some languages
![Page 13: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/13.jpg)
Type System
(1:int + “hello”:string):string
In Java, 1 will be automatically converted to string
![Page 14: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/14.jpg)
Type System
(1:int + “hello”:string):int
Or, error: incompatible types: String cannot be converted to int
![Page 15: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/15.jpg)
Type System
String foo(int x) { int y = 10 + x;
return y.toString(); }
void bar() { foo(10); }
foo : int -> string
= +
toString
bar : unit -> unit
foo( )
![Page 16: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/16.jpg)
“…Really?”
![Page 17: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/17.jpg)
One value to rule types all
![Page 18: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/18.jpg)
• The most catastrophic design decision ever made
• Tony Hoare introduced Null references in ALGOL W back in 1965 “simply because it was so easy to implement”
• Can be an any type, ultimately unarm the Java type system
Null
![Page 19: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/19.jpg)
foo : string -> string
bar : unit -> unit
foo( )
Type System
String foo(String x) { return x.toUpperCase();
}
void bar() { String s = null; foo(s); }
toUpperCase
![Page 20: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/20.jpg)
foo : string -> string
bar : unit -> unit
foo( )
Type System
String foo(String x) { return x.toUpperCase();
}
void bar() { String s = null; foo(s); }
toUpperCase
![Page 21: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/21.jpg)
• Impossible in general
• However, recent programming languages introduce a typed null : Option[T] in Scala, Optional<T> in Java8
How could we survive Null attacks
![Page 22: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/22.jpg)
Null Checking Idioms
String x = getString(); String y = null; if(x != null) { y = x.toUpperCase(); } else { y = “none”; }
val x = Option(getString()) val y = x.map{_.toUpperCase}. getOrElse(“none”)
Java 7- Scala
![Page 23: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/23.jpg)
Null Checking Idioms
String x = getString(); String y = x.toUpperCase();
val x = Option(getString()) val y = x.toUpperCase
Java 7- Scala
Okay until it actually runs Compilation error
![Page 24: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/24.jpg)
• Use static analyzers. Not perfect but practical enough
• Do not use null at all. Define empty values. Use alternative languages such as Scala
Possible Solutions for Null
![Page 25: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/25.jpg)
Game is not over yet
![Page 26: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/26.jpg)
Long time ago in the Java type system,
![Page 27: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/27.jpg)
Java Array and Type Variance
String[] strings = new String[10]; Object[] objects = strings; objects[0] = 0;
Compiled well but throw exception in a runtime
Why?
![Page 28: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/28.jpg)
Type Variance
Set[Dog] <: Set[Animal] ?
Assume Dog is a subclass of Animal
Could a set of Dog be a subclass of a set of Animal?
Dog <: Animal
![Page 29: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/29.jpg)
Type Variance
Set[Dog] <: Set[Animal]
Assume Dog is a subclass of Animal
If Set is covariant
Dog <: Animal
If Set is contravariant
Set[Animal] <: Set[Dog]
![Page 30: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/30.jpg)
Type Variance in Action
Assume Dog <: Animal, Rose <: Flower
Animal RoseDog Flower
We can use a function Animal -> Rose as if it were a function Dog -> Flower
![Page 31: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/31.jpg)
Type Variance in Action
Assume Dog <: Animal, Rose <: Flower
Animal RoseDog Flower
val foo : Animal => Rose = { x => …} val bar : Dog => Flower = foo
![Page 32: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/32.jpg)
Type Variance in Action
Assume Dog <: Animal, Rose <: Flower
Animal RoseDog Flower
val foo : Function1[Animal,Rose] = { x => …} val bar : Function1[Dog,Flower] = foo
trait Function1[-T,+R]
![Page 33: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/33.jpg)
Java Array Revisited
String[] strings = new String[10]; Object[] objects = strings; objects[0] = 0;
Java Array is covariant which means
Reading from Java Array is always safe
Writing to Java Array is not always safe
![Page 34: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/34.jpg)
Type Variance Revisited
Variance Explanation Reading Writing
Set[E] Invariance
Set[Animal] should be Set[Animal] Set[Dog] should be Set[Dog] Safe Safe
Set[+E] Covariance
Set[Animal] can be Set[Dog] Set[Dog] should be Set[Dog] Safe Unsafe
Set[-E] Contravariance
Set[Animal] should be Set[Animal] Set[Dog] can be Set[Animal] Unsafe Safe
Assume Dog is a subclass of Animal
![Page 35: Fire in the type hole](https://reader030.vdocuments.us/reader030/viewer/2022032611/55a8e0ee1a28abcb4e8b4631/html5/thumbnails/35.jpg)
• Use generics. Avoid raw types. Avoid arrays
• Use alternative type-safe languages such as Scala
Possible Solutions for Java Type Holes