[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Strong Typing, Dynamic Languages, What to do?

Yes -- if we just had a machine available that we could set-up to run
the shootout it would be quite useful.

> -----Original Message-----
> From: Anton van Straaten [mailto:anton@appsolutions.com]
> Sent: Wednesday, March 27, 2002 10:59 AM
> To: Chris Uzdavinis
> Cc: plt-scheme@fast.cs.utah.edu
> Subject: Re: Strong Typing, Dynamic Languages, What to do?
> I don't want to fan any flames, but since things seem to have settled 
> down a bit, I'd like to clarify my perspective on the "C++ is broken" 
> issue. Chris Uzdavinis replied to my charges of the brokenness of the 
> C++ type system:
> > A vector of 5 elements is the same type as a vector of 6 
> > elements.  The type of the vector is not a function of its 
> > size.  Adding a new element doesn't change the type of the 
> > vector.  You can go out of bounds on a vector, but that's 
> > not due to type checking, it is due to range checking... 
> > two orthogonal concepts, IMHO.
> As already observed, a big part of this discussion has 
> revolved around terminology that we haven't agreed on.  What 
> I've really been talking about would usually be described as 
> "type safety".  C++ can't offer type safety, since C++ 
> doesn't protect its own types from accidental corruption, for 
> example. That's a fundamental flaw, because it *does* lead to 
> tricky bugs which could otherwise simply be handled 
> gracefully as exceptions with meaningful stack traces.
> > Also, you are assuming that every access in C++ is unsafe, 
> > or that for every potentially unsafe access some 
> > validating abstraction has to be written.  Sometimes it 
> > comes in handy, but if you write code that depends on range
> > checking, I'd claim that the program is seriously buggy. 
> Of course!  The point about protecting the integrity of a 
> language's types is that it prevents problems from escalating 
> from simple, reportable logic errors, into hard-to-detect 
> bugs that may end up in production code, even unbeknownst to 
> the developer.  In many circumstances, turning off runtime 
> integrity checks for performance reasons may be perfectly 
> acceptable.  Never being able to turn them on, and suffering 
> hard-to-detect bugs as a result, is not.
> > If a bug causes an invalid index to be calculated, and the "type
> > system" checks that such an access is out of range and attemps to
> > recover, the real problem has shifted:
> > 
> > * the original bug remains in your code, which keeps on calculating
> >   the wrong value (which is now "allowed" by your program)
> I don't understand what you mean.  Type-safe languages 
> generate an exception in the case of an error like this, so 
> there's no sense in which this is "allowed".  In fact, it's 
> C++ that can "allow" this in the sense that memory corruption 
> due to an error like this may not be detected until much 
> later (too late).
> > * now that the access has translated into an error, recovery code 
> >   is written to handle the error.  This is misleading to people,
> >   because they think that it's OK to go out of bounds in the first
> >   place, and that if they do, all that is necessary is to handle the
> >   error. 
> Sorry, but I think you're way off-base here.  If a programmer 
> doesn't take the correct action in response to an error 
> that's reported clearly and accurately by the language, 
> that's the programmer's fault.  I'm saying that C++ doesn't 
> report the error in the first place, and that can't 
> reasonably be construed as a good thing.
> The only way to justify these kinds of shortcoming is 
> historically, and by the current state of software technology 
> in general.  I can't see how it can reasonably be argued that 
> the inability of a language to protect its types is a 
> feature.  Being able to turn off runtime checks for 
> performance reasons, once a program is debugged and tested, 
> can be desirable, but the inability to automatically guard 
> against this, if you want to, especially during development, 
> is bad.  In C++, The switch for the "unsafe" feature is 
> permanently turned on.
> I'm not saying C++ is an unusable or useless language.  I've 
> written hundreds of thousands of lines in it myself, shipped 
> commercial products written in it, and I'm still using it.  
> I'm merely pointing out that aspects of it which many people 
> take for granted as inevitable could be improved, and that 
> the current behavior shouldn't be defended as being somehow 
> fundamentally valid.  Many C++ developers are very used to 
> running bounds-checking tools and the like to compensate for 
> its deficiencies.  They also regularly rely (even if 
> inadvertently) on operating system memory protection to tell 
> them when a range or pointer bug is present.  This is 
> accepted as a status quo, but it's unlikely to remain 
> acceptable as mainstream technology improves.  (C++ is 
> already taking market-share heat from Java over this issue).
> Sure, you can guard against these problems, and most 
> competent developers don't tend to find them a burden.    
> You've found this to be the case. But if you've worked with 
> teams of programmers using C++, you can't tell me you've 
> never seen any of them spending time tracking down an access 
> violation due to these kinds of issues.  One only has to look 
> at commercial shrinkwrapped software to see this, where 
> unclean crashes are a common occurrence.  If everything were 
> written in type-safe languages, software would be 
> significantly more reliable.  What I'm talking about is an 
> issue related to the costs - in both developer and user time, 
> and cash - of using the language.
> I'm not suggesting that everything *can* be written in safe 
> languages, as of today.  Theoretically, it's possible to 
> write everything in a safe language and have it perform on 
> par with the best compiled code out there.  Various examples 
> of such languages exist.  But in practice today, mainstream 
> and commercially accepted tools to do this aren't always 
> available, so language selection is often driven by the 
> realities of performance requirements.  Often, such choices 
> are quite valid or at least easily defended: the case of 
> importing hundreds of millions of stock quotes sounds like 
> one such case.  In many, *many* other cases, though, 
> languages like C or C++ are used without good technical 
> reasons, and their shortcomings are accepted when they don't 
> have to be, and probably shouldn't be.
> > > C++ filled an important need when I began using it in the mid-80s.
> >
> > C++ has changed a lot since then.
> Yes, I know.  My comment was intended to indicate that I 
> didn't just read "Teach Yourself C++ in 21 Days" and draw my 
> conclusions from that.  I've avidly consumed every new book 
> on advanced C++ techniques, absorbed new features as they 
> come out, and worked with some of the most advanced 
> frameworks.  But there's a sense in which this is all window 
> dressing on an insufficiently robust base.  I don't like 
> doing work that I know I shouldn't have to do, and C++ makes 
> me do that.  Being aware of its shortcomings and the 
> underlying technical factors allows for more appropriate 
> choice of tools.
> Anton
> *
> *