DEV Community

loading...

Discussion on: Java is Unsound: The Industry Perspective

Collapse
jlongo62 profile image
jlongo62

Does c# suffer these kinds of security related issues? Does it have it's own kind of different issues ? If so can you elaborate on them?

Collapse
rosstate profile image
Ross Tate Author

I don't think it does. The subtitle of the paper is "The Existential Crisis of Null Pointers" because there seem to be two key requirements for a language to exhibit this problem:

  1. Something that represents existential quantification strong enough that it can introduce new evidence. So for Java, the type Constrain<U,? super T> is essentially the type "there exists some type X that is a supertype of T and a subtype of U", which in turn implies T is a subtype of U if it's inhabitable.

  2. Implicit null pointers, meaning a null value that inhabits most types, or at least the ones used to form the existential quantification.

C# satisfies #2 but not #1. It doesn't really have any form existential quantification, and certainly not anything strong enough to introduce new evidence. Thus I don't think there's a way to use null to trick the type-checker into thinking two unrelated types are related.