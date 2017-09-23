Do Strongly Typed Languages Reduce Bugs? (acolyer.org) 90
"Static vs dynamic typing is always one of those topics that attracts passionately held positions," writes the Morning Paper -- reporting on an "encouraging" study that attempted to empirically evaluate the efficacy of statically-typed systems on mature, real-world code bases. The study was conducted by Christian Bird at Microsoft's "Research in Software Engineering" group with two researchers from University College London. Long-time Slashdot reader phantomfive writes: This study looked at bugs found in open source Javascript code. Looking through the commit history, they enumerated the bugs that would have been caught if a more strongly typed language (like Typescript) had been used. They found that a strongly typed language would have reduced bugs by 15%.
Does this make you want to avoid Python?
Since I have programmed in many different languages I have personally discovered that strongly statically typed languages do solve a lot of problems because the problems are encountered already at compile time, not during runtime. The problems are also less elusive.
There are of course still bugs around, but they are more often on the strategical level than on a pure sloppiness level caused by misspellings and mismatching methods where a method is changed but one caller isn't.
Two additional advantages of strongly typed languages: ability to use refactoring tools, and easier code maintenance - particularly in code reading to recover business logic.
I am currently working with a Python (sub)program, part of a large web system that I do not have access to. The data comes in in messages of an undocumented JSON format, so from beginning to end the type of a variable is whatever the type it is, and the name of the 'variable' is whatever the label string associated with the data was. It
Exactly what I was thinking. It isn't just that the end code might have 15% fewer bugs development will be quicker/more confident because a bunch of the stupid little mistakes you make while coding are automatically checked for and swigglies tell you fix them right away.
Except that weakly typed languages, Python, JS, and Perl, tend to more concise and quicker to write than strongly typed languages such as C, C++, and Java.
It really depends on the resources you're willing to invest in the project. If you have a good staff and are willing to invest the time then a strongly typed language can give you something more reliable.
But if you're investing fewer resources than weakly typed might be the way to go, you'll miss some dumb bugs due to the typing but you have less complexi
Of course strongly typed reduces bugs (Score:2)
The answer is obvious that for identical code strong typing will reduce bugs. And yet does typing force people to write in ways that lead creating bugs?
More importantly why isn't there some gray scale on typing that I could slowly turn on as my program design matures? THis is what I would dearly love. Let me abuse polymorphism to add calling arguments during my exploratory phase but then don't make me switch to a different language when I want to tighten the screws.
What I'd like for example is an option
Microsoft's big platforms are C,C++,C# this really doesn't do much for them.
Lots of Borland/Pascal programmers are saying we told you so though.
That I can see.
Yup. Many errors are detected at compile time. And, given the speed of the Borland Pascal and Delphi compilers, there was little time wasted. This resulted in most errors being of the run time variant. Strong debugging tools make it a breeze to knock them out.
Needless to say, neither the compiler nor debugger saved you from a piss poor algorithm or design.
C++ is pretty strongly typed. It's only static type analysis though, but no weaker than Pascal or Ada.
A lot of the bugs I see aren't messing up static types, but when you do see static typing problems then that means the programmer needs better training (not just experience since a lot of "experienced" people are stuck with bad habits). In particular the static type errors often come from sloppy thinking, a rush to get code checked in quickly, a misunderstanding of types, and so forth. Especially programm
Well, in that sense "gcc -Wall" is strongly typed. In actual reality, it is not. Strong typing means the language stands actually in your way when you want to type anything dynamically, not that it only warns you that you may be doing something wrong.
Personally, I think strong typing is vastly overrated and those that need it should not be coding professionally. Warnings by the compiler about suspicious things are a whole different matter, as long as they can be turned off selectively. These are useful for
Personally, I think strong typing is vastly overrated and those that need it should not be coding professionally.
Oblig. car analogy: those who need road signs shouldn't be driving professionally.
Why would Microsoft do that when they have been trying to push HTML5+Javascript as the best way to write "Modern" (Metro) apps?
Typescript [wikipedia.org] - mentioned in TFS - is Microsoft's baby, too, and "compiles" to JavaScript.
Urgh, Typescript. Well, MS has creates some truly bad languages and they are still hard at it. Of course, the only aim MS ever had with its own languages was to chain people to its equally horrible platforms. This study seems to be just another element of this strategy.
What is wrong with Typescript?
I used JS for some of my hobby projects, but then switched to TS.
I found that the compiler catches a LOT of bugs. Type-Os, incompatible type assignments, incomplete branching (not all cases covered). At the end I even switched on the NULL checking, and I was astonished how many possible problems were still hiding in my code with regards to possibly NULL objects...
During my use, I did not see any real drawback.
The dependency on the compiler (external tool) was of course a negati
you speculate grandparent in writing his comment used "zero thought, logic or investigation whatsoever".
and your use of "most likely", "hit job", "living in his mom's basement ", etc., expose your prejudices.
that is your idea of rational thoughtfulness?
Perhaps so. On the other hand, Microsoft has written tons of software over the years and perhaps this study might be born out of decades of experience?
From my own ~20 years of experience writing software (never at Microsoft, mind you), I'd tend to agree with them that dynamic typing is a very good way to introduce subtle errors that would have been easily detected in a static typed system. God knows how many man hours of my life were burned hunting down such bugs created by people before me in my software e
On the other hand, static typing generally induces a slow compilation step that you have to wait through hundreds of times when developing a significant application.
Hopefully the compilation step isn't that slow -- if it is, ask your boss for a faster development computer, it will pay for itself many times over. In my C++ coding, a partial recompile (just of the files I've edited recently) rarely takes longer than 10 seconds. (A full recompile could take several minutes, but that generally isn't necessary).
When that 10-second recompile step immediately catches newly-introduced bugs that would have taken me minutes or hours to detect and diagnose via run-time testing
Ignoring the fact Microsoft sponsored this paper, could you point out the specific issues you have with Typescript and why you would avoid it?
I am a NodeJS developer, who has been considering Typescript, so I would be curious by your insight. I just want to make sure you aren't judging with a similar bias?
I'm not entirely sure. The Code Complete book was written for Microsoft employees to help them write better code (too bad they didn't learn too much from it). Given the abysmal state of Microsoft quality I could believe that there's a group languishing and underfunded at Microsoft that is hoping to improve their own quality.
Bug Conservation (Score:2)
I suspect that there is something like a "law of conservation of bugs" or something in software - you take away one vector for bugs to originate and you just move them into another place.
Dynamic languages do have an easy way to introduce bugs - especially languages like javascript that simply create new variables if you have a typo.
But there is the old adage in statically typed compiled languages "Hey, my code compiles! Now I get to find out where all my bugs really are."
This also applies to other aspects
I fully agree. Bugs are just getting more destructive and harder to find the less permissive a language is. Also, if you cannot make type-errors, then any random person can write type-error free code. Type-errors simply cease to become a quality-metric in that case. That does not mean that the code is better in any way though.
If there is some truth to what you I suspect its for tangental reasons. I'd hypothesize that languages that solve many of those categories of errors have much
That is pretty much how the argument goes. And if you look at the abysmal state of competence of most modern "web coders", you can see a very nice example of this idea in practice.
And I suspect there is no such law at all as it seems based on nothing.
Better languages do result in less bugs. They may open vectors for a different type of bug, but that does not mean they are as frequent or as dangerous.
Take memory management. One misstep and your program gets killed or crashes because it reads or writes from memory that does not belong to it. Very easy to do in some languages, while other languages completely eliminate this class of bugs. Of course poor memory management can then re
It is funny how code written in your "inherently more secure" languages gets exploited at the same or higher rates these days. What actually happens when languages get "safer" is that coder competence drops and bugs just move to a higher level, without being any less destructive. If you cannot see that happening over the last few decades, then you seem to be blind to what is going on.
I know, with the same degree of certainty that there is an objective universe that exists independently from my perception, that what you just said is bullshit.
There is correct code, and there is flawed code. It is possible to write software that doesn't crash, that can't be exploited, and does precisely what it is supposed to do for all possible inputs. The only thing standing in the way of that is incompetence
Python and Javascript is to this decade the same as Basic was to the 80's.
Spoken like a true cretin. While JavaScript is admittedly a really bad programming language, Python is a very good one. But both are real in any sense that matters and a competent coder can do real work of any size in both of them. The actual problem is that many people writing code these days are not "real" coders, but incompetent wannabees that like to blame the tools used for their personal limitations.
While JavaScript is admittedly a really bad programming language, Python is a very good one.
You sound like one of those weenie user-space developers.
You mean you cannot code in user-space? That seems to be a pretty peculiar disability....
Just imagine where Python could have been if it had static typing and delimited blocks which are the main problems opposed developers have with it. It would not have reduced the language in usability much at all, and it would still be highly suitable for scripting tasks.
I think it could then have been a real contender in the language space and would have been far more widely adopted. It could have been the default language for Android for example.
... real programming languages. They are for idiot kids who like to play dress-up and pretend to be real developers.
They are also great for rapid prototyping and cases where you only need something basic. They have issues, but I am wondering whether you are just rocking your high horse?
Current python programmer, and former C programmer here. Dynamic typing is great for a small to medium sized code bases but I would hate to work on anything really big and mature without static type checking. I have worked on large code bases with maybe 100 megabytes of code and C and Ada, a lot of it dating back 20 years or so. You can't safely refactor code that old, and you can't allow data of the wrong type to get in to it, so type checking at compile time is an important line of defense.
You can do that
Yes, it's easy to throw together something quick, but this also means that it's common that something that was intended to be quick and dirty will become what's going into production - full with bugs and security holes.
This. Somebody builds a perfectly good Tom Sawyer raft which is fine - until it gets extended, enhanced and fuck knows what, bit by bit, into an aircraft carrier.
same number of bugs, just caught in a different way. In defense of the dynamically typed languages they do allow some quick progress to be made finding flaws in algorithms while the syntax nazi languages are still griping about non static thingamajigs being called from static whatchamacallits.
I'd be interested to see if languages like clojure tend to reduced bugs in the compiled code, the only reason I think that it might is because it took me so much effort to get event the most trivial program to even ap
It's cute that you need a language altogether. When you're ready to be a real programmer, you can learn how to write all your own op-codes in assembler, like a grown-up developer.
And fail. Assembler is a language (or rather a family of languages). You probably meant machine code.
FUCK! I had hex-editor in my head and I fucked it up. Fuck me. I failed. And fuck you, too, for sinking to my level. We all fail together.
Hehehehehehehehehe
It's cute that you need a language altogether. When you're ready to be a real programmer, you can learn how to write all your own op-codes in assembler, like a grown-up developer.
Assembly language is also a language. Toggle in the bits directly via the front panel switches, like a real man
On the contrary - strong typing is preferred by those that have coded a long time and have to maintain systems that has been around for a long time.
As soon as you inherit code written by someone else you will waste a lot of time to understand how it works - and if it's not strongly typed you can easily miss something that previous coders did introduce. A strongly typed system will tell you quite fast that the code you changed the method header on was actually used by 200 subroutines. On a system written in
If you have these problems, then something else is rather badly broken, like, say, the architecture of your code and the documentation that came with it. Sure, this sad state of affairs is the norm, but it is not a good state at all as it stems from developer incompetence.
Also you are quite wrong about "those that have coded a long time". You would be probably right if you had said "have coded for a long time and still cannot do it well".
Yes, the language it was written in was broken.
Or are you suggesting that the people that actually write in these loose languages "because it saves me typing 5 characters" actually will write documentation saying that said function is called at new years eve? And will spend time on proper architecture? Perhaps in your fantasy world they also wrote unit tests with 90+% coverage?
No. You get the code dumped in your lap, and you will be praising the gods if there's an old completely outdated Confluence site
C/C++ suffers from a complexity problem, which it needs to do low level stuff. Often this the result of just too many types, too many #ifdefs, just too many edge cases. However its static typing and the amount of errors it catches at compile time is something to be praised.
Python has much less types and does away with compiler directives, and is generally a bit more expressive. This removes a lot of complexity, but it is not perfect. It could have been statically typed as well, without losing much in e
I found that C++ is not worth it for me. Far too complicated and most of its features are not needed. I use Python as glue and C for the heavy lifting these days. That works pretty well. Of course, this is not an approach a beginner can take, as you rightfully point out. And, of course, somebody experienced and competent can indeed write good code with almost anything.
No, I assume it is code written by competent people. Sure, if the developers that wrote the code needed those training wheels, then removing them will have them fall over all the time. But leaving the wheels on is the wrong place to fix things.
Language matters (Score:1)
What a silly question (Score:2)
This observation doesn't make me wish to ditch a programming language, but it does make me glad I do test-driven development.
Well duh (Score:2)
Python solves this with decorators (Score:2)
I do that whenever it matters. In many places it does not, but sometimes it is really worthwhile.
Ofcourse that static is better, for teams (Score:2)
Python is very powerful when working alone. When working in teams, it becomes nightmare, because if one changes something, others are not automatically informed, and runtime errors (which may hide under conditionals) are introduced.
Also, javascript is shit and a typed language would be better, whether it is typescript or elm or whatever else.
Title of this thread is messed up. (Score:2)
They are two completely different things.
Makes sense to me (Score:2)
As someone that has had to program in a number of languages I can say that strongly typed languages can catch a lot of trivial bugs quickly. One example is an if/then statement that allows non-Boolean arguments. If I mistype a comparison in an if/then statement then I should expect an error on compile. If I type an assignment "if (foo = bar)" instead of a comparison "if (foo == bar)" I expect this to get flagged, but some languages don't see this as a problem.
I prefer strongly typed languages as it can c
By the same token (Score:2)
Have they also looked at bugs that typically plague statically typed languages but dynamically typed languages usually don't suffer?
For example, many statically typed languages do little or nothing to help you avoid integer overflows, which can result in severe crashes and vulnerabilities. Many dynamically typed languages, such as Python, gracefully switch to big integer types as needed.
Mod parent up
Strong types (Score:2)
I've been using Janson and Bookman lately. Futura for san-serif. What was the question, again?
type errors in scalars (int, etc) (Score:2)
In my experience, type errors are a lot more likely for scalars than for composite objects, i.e. I'm less likely to "add apples to oranges" than I am to add "count of apples" to "count of oranges". (Or horizontal pixels to vertical pixels, a real mistake I made once.)
I suppose it's possible to do typed scalars in C++, not sure about Java (without tool extensions). But making a scalar into a full 'class' is probably overkill (with runtime impacts).
The combination of typed scalars and named parameter associ