O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

Fire in the type hole

892 visualizações

Publicada em

This slide explains the pitfalls you should be aware of when you develop in Java programming language from the perspective of the Java type system. The first part is about null and the second part is about type variance. This talk is intended for a general audience who does not have any background knowledge in a type theory.

Publicada em: Software
  • Seja o primeiro a comentar

Fire in the type hole

  1. 1. Fire in the type hole Why you shouldn’t trust a Java compiler in everything Heejong Lee (@heejongl)
  2. 2. – Mr. Unknown Java Compiler “Do you trust me?”
  3. 3. Computer Science [Tool] The Study of Programming Languages [Method] The Study of Algorithm
  4. 4. • Reliable safety net for programming systems • Statically verifying that something wrong will not happen in the runtime • Blazingly fast A great step forward to the better world : Type System
  5. 5. Type Systems
  6. 6. Type System Safe programs Unsafe programs Typed programs
  7. 7. • Verified by a type system implies a program will never violate the rule that the type system defines • Failed by a type system does not implies a program will violate the rule that the type system defines • Possibly, there exists a program which is safe but a type system cannot verify its safety Type System
  8. 8. Type System 1
  9. 9. Type System 1:int
  10. 10. Type System 1:int + “hello”
  11. 11. Type System 1:int + “hello”:string
  12. 12. Type System 1:int + “hello”:string May cause segmentation fault, exception, unexpected behavior in some languages
  13. 13. Type System (1:int + “hello”:string):string In Java, 1 will be automatically converted to string
  14. 14. Type System (1:int + “hello”:string):int Or, error: incompatible types: String cannot be converted to int
  15. 15. Type System String foo(int x) { int y = 10 + x; return y.toString(); } void bar() { foo(10); } foo : int -> string = + toString bar : unit -> unit foo( )
  16. 16. “…Really?”
  17. 17. One value to rule types all
  18. 18. • The most catastrophic design decision ever made • Tony Hoare introduced Null references in ALGOL W back in 1965 “simply because it was so easy to implement” • Can be an any type, ultimately unarm the Java type system Null
  19. 19. foo : string -> string bar : unit -> unit foo( ) Type System String foo(String x) { return x.toUpperCase(); } void bar() { String s = null; foo(s); } toUpperCase
  20. 20. foo : string -> string bar : unit -> unit foo( ) Type System String foo(String x) { return x.toUpperCase(); } void bar() { String s = null; foo(s); } toUpperCase
  21. 21. • Impossible in general • However, recent programming languages introduce a typed null : Option[T] in Scala, Optional<T> in Java8 How could we survive Null attacks
  22. 22. Null Checking Idioms String x = getString(); String y = null; if(x != null) { y = x.toUpperCase(); } else { y = “none”; } val x = Option(getString()) val y = x.map{_.toUpperCase}. getOrElse(“none”) Java 7- Scala
  23. 23. Null Checking Idioms String x = getString(); String y = x.toUpperCase(); val x = Option(getString()) val y = x.toUpperCase Java 7- Scala Okay until it actually runs Compilation error
  24. 24. • Use static analyzers. Not perfect but practical enough • Do not use null at all. Define empty values. Use alternative languages such as Scala Possible Solutions for Null
  25. 25. Game is not over yet
  26. 26. Long time ago in the Java type system,
  27. 27. Java Array and Type Variance String[] strings = new String[10]; Object[] objects = strings; objects[0] = 0; Compiled well but throw exception in a runtime Why?
  28. 28. Type Variance Set[Dog] <: Set[Animal] ? Assume Dog is a subclass of Animal Could a set of Dog be a subclass of a set of Animal? Dog <: Animal
  29. 29. Type Variance Set[Dog] <: Set[Animal] Assume Dog is a subclass of Animal If Set is covariant Dog <: Animal If Set is contravariant Set[Animal] <: Set[Dog]
  30. 30. Type Variance in Action Assume Dog <: Animal, Rose <: Flower Animal RoseDog Flower We can use a function Animal -> Rose as if it were a function Dog -> Flower
  31. 31. Type Variance in Action Assume Dog <: Animal, Rose <: Flower Animal RoseDog Flower val foo : Animal => Rose = { x => …} val bar : Dog => Flower = foo
  32. 32. Type Variance in Action Assume Dog <: Animal, Rose <: Flower Animal RoseDog Flower val foo : Function1[Animal,Rose] = { x => …} val bar : Function1[Dog,Flower] = foo trait Function1[-T,+R]
  33. 33. Java Array Revisited String[] strings = new String[10]; Object[] objects = strings; objects[0] = 0; Java Array is covariant which means Reading from Java Array is always safe Writing to Java Array is not always safe
  34. 34. Type Variance Revisited Variance Explanation Reading Writing Set[E] Invariance Set[Animal] should be Set[Animal] Set[Dog] should be Set[Dog] Safe Safe Set[+E] Covariance Set[Animal] can be Set[Dog] Set[Dog] should be Set[Dog] Safe Unsafe Set[-E] Contravariance Set[Animal] should be Set[Animal] Set[Dog] can be Set[Animal] Unsafe Safe Assume Dog is a subclass of Animal
  35. 35. • Use generics. Avoid raw types. Avoid arrays • Use alternative type-safe languages such as Scala Possible Solutions for Java Type Holes
  36. 36. Deus ex machina Just use Scala http://scala-lang.org

×