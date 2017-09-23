Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Programming Bug Python

Do Strongly Typed Languages Reduce Bugs? (acolyer.org) 90

Posted by EditorDavid
"Static vs dynamic typing is always one of those topics that attracts passionately held positions," writes the Morning Paper -- reporting on an "encouraging" study that attempted to empirically evaluate the efficacy of statically-typed systems on mature, real-world code bases. The study was conducted by Christian Bird at Microsoft's "Research in Software Engineering" group with two researchers from University College London. Long-time Slashdot reader phantomfive writes: This study looked at bugs found in open source Javascript code. Looking through the commit history, they enumerated the bugs that would have been caught if a more strongly typed language (like Typescript) had been used. They found that a strongly typed language would have reduced bugs by 15%.

Does this make you want to avoid Python?

Do Strongly Typed Languages Reduce Bugs?

  • I suspect that there is something like a "law of conservation of bugs" or something in software - you take away one vector for bugs to originate and you just move them into another place.

    Dynamic languages do have an easy way to introduce bugs - especially languages like javascript that simply create new variables if you have a typo.

    But there is the old adage in statically typed compiled languages "Hey, my code compiles! Now I get to find out where all my bugs really are."

    This also applies to other aspects

    • Re: (Score:2)

      by gweihir ( 88907 )

      I fully agree. Bugs are just getting more destructive and harder to find the less permissive a language is. Also, if you cannot make type-errors, then any random person can write type-error free code. Type-errors simply cease to become a quality-metric in that case. That does not mean that the code is better in any way though.

    • That seems to imply that the number of bugs is (relatively) constant. Adding automatic bounds checking to a language prevents a whole category of bugs, particularly ones that can be quite nasty. Sure if you had only skillful and exceptionally careful programmers, you wouldn't get those types of bugs either, but that's wishful thinking in most cases.

      If there is some truth to what you I suspect its for tangental reasons. I'd hypothesize that languages that solve many of those categories of errors have much

      • Re: (Score:2)

        by gweihir ( 88907 )

        That is pretty much how the argument goes. And if you look at the abysmal state of competence of most modern "web coders", you can see a very nice example of this idea in practice.

    • Re: (Score:2)

      by swilver ( 617741 )

      And I suspect there is no such law at all as it seems based on nothing.

      Better languages do result in less bugs. They may open vectors for a different type of bug, but that does not mean they are as frequent or as dangerous.

      Take memory management. One misstep and your program gets killed or crashes because it reads or writes from memory that does not belong to it. Very easy to do in some languages, while other languages completely eliminate this class of bugs. Of course poor memory management can then re

      • Re: (Score:2)

        by gweihir ( 88907 )

        It is funny how code written in your "inherently more secure" languages gets exploited at the same or higher rates these days. What actually happens when languages get "safer" is that coder competence drops and bugs just move to a higher level, without being any less destructive. If you cannot see that happening over the last few decades, then you seem to be blind to what is going on.

    • I suspect that there is something like a "law of conservation of bugs" or something in software

      I know, with the same degree of certainty that there is an objective universe that exists independently from my perception, that what you just said is bullshit.

      There is correct code, and there is flawed code. It is possible to write software that doesn't crash, that can't be exploited, and does precisely what it is supposed to do for all possible inputs. The only thing standing in the way of that is incompetence

  • A friend of mine likes to say: "If you want to do something robust, code it in Ada. If you want to do something quick, code it in Python".

  • This observation doesn't make me wish to ditch a programming language, but it does make me glad I do test-driven development.

  • The more you catch at compile time, the less there is to bite you on the ass at runtime. Cheaper in terms of development effort too to fix bugs before customer reports them.
  • Easy enough to add strong typing in Python by adding a type check decorator to each function and method.

    • Re: (Score:2)

      by gweihir ( 88907 )

      I do that whenever it matters. In many places it does not, but sometimes it is really worthwhile.

  • Python is very powerful when working alone. When working in teams, it becomes nightmare, because if one changes something, others are not automatically informed, and runtime errors (which may hide under conditionals) are introduced.

    Also, javascript is shit and a typed language would be better, whether it is typescript or elm or whatever else.

  • The title of this thread incorrectly conflates "strongly typed" with "statically typed".

    They are two completely different things.

  • As someone that has had to program in a number of languages I can say that strongly typed languages can catch a lot of trivial bugs quickly. One example is an if/then statement that allows non-Boolean arguments. If I mistype a comparison in an if/then statement then I should expect an error on compile. If I type an assignment "if (foo = bar)" instead of a comparison "if (foo == bar)" I expect this to get flagged, but some languages don't see this as a problem.

    I prefer strongly typed languages as it can c

  • Have they also looked at bugs that typically plague statically typed languages but dynamically typed languages usually don't suffer?

    For example, many statically typed languages do little or nothing to help you avoid integer overflows, which can result in severe crashes and vulnerabilities. Many dynamically typed languages, such as Python, gracefully switch to big integer types as needed.

  • I've been using Janson and Bookman lately. Futura for san-serif. What was the question, again?

  • In my experience, type errors are a lot more likely for scalars than for composite objects, i.e. I'm less likely to "add apples to oranges" than I am to add "count of apples" to "count of oranges". (Or horizontal pixels to vertical pixels, a real mistake I made once.)

    I suppose it's possible to do typed scalars in C++, not sure about Java (without tool extensions). But making a scalar into a full 'class' is probably overkill (with runtime impacts).

    The combination of typed scalars and named parameter associ

