Re: Q: type ... is new String

[Brian Drummond <brian@shapes.demon.co.uk>]

On Mon, 04 Jun 2012 06:36:31 -0700, Maciej Sobczak wrote:

> On 4 Cze, 13:39, Brian Drummond <br...@shapes.demon.co.uk> wrote:
> 
>> Now it seems to me that he would be better off saying "type
>> UnsafeString is new String;"
>> and bypassing the rest of that (rather long) article entirely.
> 
> Except that it would not work in the language that he used for
> presentation (which is VBScript, I guess).

"pseudocode" he called it, having started the article using C. And in 
pseudocode, anything the author wants will work...

>> Or am I missing something in that article?
> 
> Yes, this:
> 
> "Let’s pretend that you’re building some kind of a web-based application
> [...]"
> 
> The author describes a problem in a well-defined domain (web-based apps
> written in some dynamically-typed language similar in nature to
> VBScript) and presents a possible solution. Given the constraints, the
> solution he proposed is probably the best he could do.

Joel Spolsky did indeed define it as a web-based application, though the 
nature of the language is not discussed. Since there are some tools like 
AWS for building Web apps using Ada, I believe the _stated_ constraints 
don't prohibit strong typing. (I can't rule out unstated constraints 
along the lines you suggest)

Dynamic typing and scripting do not necessarily imply weak typing, though 
they are usually used that way. There is even an Ada-based scripting 
language as one counterexample.

> Like it or not, for many people switching to Ada is not a viable
> solution.

While I have to agree with that, I suspect that for many more, it might 
be viable, but is automatically dismissed without consideration; this 
article being just one example. 

The article works AGAINST reliable software by dismissing not just Ada, 
but strong typing in general. The fact that it does so by omission rather 
than by discussion and disagreement helps foster ignorance; at least if 
it said "the Ada approach is stupid because ... (see ref #) " at least it 
would raise awareness and let the reader think, read further, and agree 
or disagree as she saw fit.

Or the article could add "a strongly typed language would allow a better 
solution using ... but this is all you get in C (VBScript, whatever), 
so ..."

I do not know whether the author is to blame, or if he is genuinely 
unaware of the power of a good type system. My point in this post is 
simply that if people are unaware of a good thing, then there will be no 
demand for it.

> Having said that, I agree that most of the security problems that plague
> the web-development ecosystem could be solved with a proper type system
> and static type-safety.

Or at least some type safety. Even in a well designed dynamic language, 
type safety is possible. In the context of the example, let all the input 
methods return UnsafeString (i.e. the base String class has no input 
methods), the encode methods return String, then you simply (explicitly) 
make the write methods reject UnsafeString. 

It is of course possible that not all dynamic languages are well-designed.

- Brian