
Java is not a safe language - ingve
https://lemire.me/blog/2019/03/28/java-is-not-a-safe-language/
======
favorited
Honestly, I have a problem with the term "safety" WRT programming languages –
it is a very overloaded word.

Does "safety" mean memory safety? Does it mean that things like OOB array
access trap at runtime? Or should they return some kind of optional object to
prevent trapping? Does it mean that it's possible to recover from every kind
of exception? Does it mean that the language APIs make it difficult to get
confused (I wouldn't think so, but the author's point #4 seems to make that
case)?

As a concrete example from this article, take #3: "Java lacks null safety."
That's only true if you consider throwing on an unexpected null value to be
unsafe. Why is trapping (or catching the exception) here a quality of an
"unsafe" language, when #1 said Java was unsafe because it " _does not_ trap
overflows" (emphasis mine)?

I think any conversation of safe vs. unsafe needs to define in specific terms
what "safety" means in a given context.

Are there things that everyone can agree are unsafe? Absolutely. But then
there's a sea of gray-area which seems to shift depending on the context.

~~~
spydum
agree, I think there is a massive distinction between a buffer overflow, which
can end up rewriting memory of the stack vs an integer overflow, which might
cause the value in the specific segment of allocated memory to represent a
different value. Yes, java has some behaviors which are not ironclad safe, but
you have to recall it was designed in the world dominated by C/C++ at the
time. Certainly modern attempts such as Rust and Go should have learned a
thing or two since.

At the end of the day, most of the unexpected/nasty behaviors of java dont
fall to the issues listed in the article anyways, except maybe data races
(even there, I was pretty sure there were solutions, just maybe not native to
the runtime).

~~~
favorited
Even more than the divide between older & more modern languages, I think
specific context is key.

I talk to lots of app devs who think that array indexing isn't "safe" in
languages where OOB will trap – because for lots of UI operations (say, the
user selected item #5 and our local datastore thinks there's only 4 items),
the answer can really be to tell the user something went wrong, reload the UI,
and try again. That's what "safety" to them.

I hear related perspectives with services – where devs understand that if
they're doing OOB array access, it's a bug and needs to be fixed. But if that
bug traps the process, now there's a potential DOS attack vector. They want
some way of throwing away an invalid execution environment, but return to a
known-good state without respawning.

Is Java a safe language? I think you have to start by asking, "in what
context?"

------
admax88q
Java is _memory_ safe. You cannot write a buffer overflow in java. When people
say java is a "safe" language that's usually shorthand for "memory safe"

~~~
avmich
What's NullPointerException if not a buffer overflow?

~~~
shermanyo
Its more like a software interrupt that prevents the bytes in memory being
read or executed. That's a level of safety over what you get in C, where a
buffer overflow can lead to remote code execution or data leakage.

------
exabrial
The best part of this article is one can you use sed s/Java/$atop5tiobe/g and
nearly everything still true.

------
syockit
Regarding #4, I don't write Java at work, but don't people use IDE to write
them? It's easy to check the parameter order with it. (When I used Netbeans
for C programming, the hints that automatically come out really helped me a
lot)

~~~
justbaker
Yes, most Java IDEs tend to show the argument name in functions to get past
this.

------
_bxg1
Man. I've been working in Flow/TypeScript for the last couple years, but for a
long time my comfort zone was Java. Now I can't imagine going back to a world
where every non-primitive type declaration was potentially null, and there was
no way to mark it otherwise. Who ever thought JavaScript would end up having a
more type-advanced ecosystem than Java?

