{"id":152,"date":"2017-03-21T00:41:07","date_gmt":"2017-03-21T00:41:07","guid":{"rendered":"http:\/\/jschuster.org\/blog\/?p=152"},"modified":"2020-05-25T14:16:15","modified_gmt":"2020-05-25T14:16:15","slug":"what-is-type-soundness","status":"publish","type":"post","link":"https:\/\/jschuster.org\/blog\/2017\/03\/21\/what-is-type-soundness\/","title":{"rendered":"What is Type Soundness?"},"content":{"rendered":"<p><em>UPDATE (26 March 2017): In class, most people said the below example is not an example of unsoundness because the program will throw a well-known exception rather than allow undefined behavior. Whether this is sound or not may depend on your point of view, <a href=\"https:\/\/hackernoon.com\/java-is-unsound-28c84cb2b3f\">as Cornell professor Ross Tate explains<\/a>, although the short version is that the Java designers generally consider this sound. I may discuss the definition of soundness we used in class and explore this apparent gap between &#8220;the type system guarantees what you expect from the annotations&#8221; and &#8220;no undefined behavior occurs&#8221; in a future post, but for now I recommend waiting for a summary of our class discussion on the PRL blog.<\/em><\/p>\n<p>As part of this semester&#8217;s <a href=\"http:\/\/www.ccs.neu.edu\/home\/matthias\/7480-s17\/index.html\">History of Programming Languages course<\/a> at Northeastern, Matthias tasked the students (and people like me who just sit in from time to time) to figure out how they would explain type soundness to the typical software developer who&#8217;s not familiar with programming languages research or formal semantics. The in-class discussion is tomorrow, so watch <a href=\"http:\/\/prl.ccs.neu.edu\/blog\/\">the PRL blog<\/a> for a summary of the full class discussion. In the meantime, here&#8217;s what I came up with:<\/p>\n<p>Type soundness is a formal means of proving that your language&#8217;s type system won&#8217;t &#8220;lie&#8221; to you. For example of what I mean by lying, take the following example Java snippet:<\/p>\n<pre class=\"font-size-enable:false lang:default decode:true \" >String[] strings = new String[1];\r\nObject[] objects = strings;\r\nobjects[0] = new Integer(42);\r\nString s = strings[0];<\/pre>\n<p>This snippet type-checks, but it appears to do something weird: line 3 inserts an integer into an array, but when we retrieve that item from the array, somehow we can magically treat it as a string! That shouldn&#8217;t happen: the whole point of the type system should ensure that if we have a variable of type <code>String<\/code>, then it should definitely be a string.<\/p>\n<p>It turns out that at run-time, when an item is inserted into an array, Java will check that the type of the item matches the <em>actual<\/em> type of the array and throw an <code>ArrayStoreException<\/code> if they don&#8217;t match.<\/p>\n<p>This is an example of how Java&#8217;s type system is <em>unsound<\/em>: the type-checker confirms that &#8220;objects&#8221; is an array of <code>Object<\/code>s (into which we expect to be able to store <em>any<\/em> kind of object), but in reality it can only store strings.<\/p>\n<p>A <em>sound<\/em> type system is one that guarantees a type-related error will not occur if the program type-checks. Exactly what a &#8220;type-related error&#8221; is depends on the particular language, but generally it means applying an operation to the wrong kind of arguments, such as inserting an integer into an array of strings, or concatenating a boolean onto a string.<\/p>\n<p>Sound type systems reduce the amount of reasoning programmers have to do by ensuring that certain kinds of executions will never happen. An unsound type system, on the other hand, helps find bugs, but programmer can&#8217;t rely on the type-checker to prove that <em>no<\/em> type-related bugs exist in their program.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>UPDATE (26 March 2017): In class, most people said the below example is not an example of unsoundness because the program will throw a well-known exception rather than allow undefined behavior. Whether this is sound or not may depend on your point of view, as Cornell professor Ross Tate explains, although the short version is &hellip; <a href=\"https:\/\/jschuster.org\/blog\/2017\/03\/21\/what-is-type-soundness\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">What is Type Soundness?<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-152","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/posts\/152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/comments?post=152"}],"version-history":[{"count":11,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/posts\/152\/revisions"}],"predecessor-version":[{"id":196,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/posts\/152\/revisions\/196"}],"wp:attachment":[{"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/media?parent=152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/categories?post=152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jschuster.org\/blog\/wp-json\/wp\/v2\/tags?post=152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}