Re: Type safety on wikipedia

["Alex R. Mosteo" <devnull@mailinator.com>]

Florian Weimer wrote:
>>Even with unchecked conversion Ada has the 'Valid attribute, allowing
>>the programmer to determine if the result of an unchecked conversion is
>>a valid value.
> 
> 
> Only in very limited cases.
> 
> 
>>I do not see how Unchecked_Deallocation interferes with type safety.
> 
> 
> The following is just a rough sketch, but maybe it helps to clarify
> the terms.
> 
> A type system gives you a subset of all expressions which are
> well-typed (in Ada, 1 + 1 is well-typed, but 1.0 + 1 is not).
> 
> A type-safe language has a type system with these two properties: any
> well-typed expression which is not a value can be reduced to a simpler
> expression, according to a set of run-time evaluation rules (which
> define the semantics of the language) -- and these simplification
> steps preserve the well-typedness of expressions.
> 
> (Of course, considerable notational overhead is needed to apply this
> definitions in a rigorous manner to real-world programming languages.)
> 
> Now, suppose that X is a pool-specific access value for some type T,
> and Free is a corresponding instance of Ada.Unchecked_Deallocation.
> Suppose that
> 
> 
>    Free (X);
> 
> has just been exected.  Suppose the next thing to be evaluated is
> 
>    declare
>       Y : T := X.all;
>    begin
>       ...
> 
> Now X.all is not a value, so it has to reduce (at run-time) to some
> other expression.  But the language definition explicitly tells you
> that no such rule exists.  Therefore, the first rule I mentioned is
> violated, and Ada with Ada.Unchecked_Deallocation is not type-safe.

Thanks for your effort in making us understand. However, there's still 
something fundamental that I'm not grasping.

According to the current Wikipedia article, Java is believed to be type 
safe. However, one can have null pointers in Java. For example:

public class Test {
	public static void main (String args[]) {
		Integer x = new Integer (5);
		Integer y = null;
		
		System.out.println ("X + Y: " + (x + y));
	}
}

will compile without warnings with latest JDK1.5 and run as:

$ java Test
X: 5
Exception in thread "main" java.lang.NullPointerException
         at Test.main(Test.java:7)

This means that Java has explicit rules for when this happens that 
differ from those in Ada? Since Ada also detects null pointer usage, and 
per your example it makes Ada type unsafe.

Conversely, I understand that evaluations that yield out-of-range values 
don't make a language type-unsafe because these cases have well-defined 
rules of behavior.

Maybe I should go now to read the original paper linked from the wikipedia.