Type Errors redux
There's been a bunch of comments on this post and this post - both on Dynamic typing vs. Static typing. The static language argument that seems to come up over and over again can be summarized thusly: Better Safe than Sorry. For instance, with the vehicle/road analogy raised by Peter Lount, I saw this comment:
Dunno what sort of world you're programming in... but lets see... four extra days of programming time versus losing $1,000,000 on that bank transfer... or not notifying the customer of their flight change... or landing that plane 4 metres BELOW ground level hmmmmm... in programming, safer == better. ALWAYS. Because the impact of extra programming time is known and controllable. The impact of an unexpected bug is NOT.
That's the argument I hear over and over again. But "safety" is relative. We ask for certain levels of safety, but we trade it off vs. pragmatism. For instance - we could all be much safer if we mandated that everyone drive in minvans at 25 mph. Do we mandate that? No, because we have to look at the other issues (Do I really need a vehicle that large? What if I want to get somewhere in a reasonable interval of time?). Sure, we have some roads that forbid trucks and bicycles - but most don't. We make tradeoffs so that we can have a reasonable level of safety vs. a reasonable level of productivity
You can apply this to almost any field you want - take medicine. You can increase the level of safety by having longer testing periods (simulations, animal testing, etc) - but in the meantime, the people who might be saved by the drug aren't being helped. Do we allow safety to trump pragmatism here? No, we attempt a reasonable tradeoff.
There's another issue here as well - there's no actual evidence that statically typed systems prevent catastrophic failures. The Ariane V, for instance - that was a failure caused by lack of understanding and improper module usage - static typing did not prevent the explosion. Algorithmic errors - the sorts that are most likely to cause huge failures - are not going to be caught by a compiler. Subtracting the wrong numbers (and having the compiler chirp happily because they are both ints) won't help me if they are the wrong variables to subtract. You need testing, not irrelevant (and falsely comforting) static typing.
Stating that we must be safe (i.e., use static typing) is an over-extension of the "precautionary principle". It advocates doing nothing that could possibly bring harm. If that's your argument, you need to stop coding now - because static typing isn't going to help you. What you want is formal proof that your application is "safe". Good luck getting there...
Comments
Ariane
[Isaac Gouy] August 16, 2004 12:07:00.238
"no actual evidence that statically typed systems prevent catastropic failures"
For the sake of argument, let's go further and say there's no proof that static checking prevents catastrophic failures. That wouldn't prove that static checking does not prevent catastrophic failures. See http://skepdic.com/ignorance.html
"static typing did not prevent the explosion"
In an earlier post you seemed to considered "this function expected a short, but I'm passing in an int" to be an irrelevant error. One reason for the Ariane explosion was that a similar narrowing-conversion was recognised, but not protected.
The Lessons of Ariane
[Isaac Gouy] August 16, 2004 12:14:15.558
Published version of Meyer's article Design by Contract: The Lessons of Ariane pdf
Re: Type Errors redux
[ James Robertson] August 16, 2004 12:49:48.652
Comment on Type Errors redux by James Robertson
Isaac
In most applications, a short/int issue wouldn't matter. Clearly, there are fields where it matters a lot. However, testing would find this kind of problem, while static checks might not - many developers will just slap a cast onto that sort of error to "make it go away". A failed test would likely raise more attention.
the wrong people
[Isaac Gouy] August 16, 2004 13:36:14.879
"In most applications, a short/int issue wouldn't matter"
Perhaps automatic numeric coercions have shielded you from these issues ;-)
"testing would find this kind of problem"
Exhaustive testing would find this kind of problem.
"would find... while static checks might not"
Nonsense. (The error the wrong people developers are making go away was found by static type checking. No doubt the wrong people developers would also make the "failed test" go away.)