in reply to Why do people say 'Perl' is dead?!?!

Why do you care "What people say"?
Does that affect how much jobs pay?

Some like to code in triplicate: String newString = (new StringBuffer(aString)).append(anInt).toString();
Whilst others prefer to masticate: char *newString = strcat( aString, sprintf( malloc( 6 ), "%6d", anInt ) ); (**)
For some, every step is very hard won: (*)
Perlers just like to get the job done: my $newString = $aString . $anInt;

Fashions, as we all know, have a tendancy to come and go.
But functionally, we wear clothes to keep warm.
A dried meat dress, will never suppress
the utility of jeans. Even if they're torn.

So decide for yourself, what's important to you.
Being part of the crowd who cry "Perl's dead!" aloud.
Or one of the thousands that, every day,
get the job done using Perl. Their way.

(*)Hard won:

A basic technique is to use newtype declarations to declare separate 
types for separate intents.
<code>
   module StringSafety
            ( SafeString ()
            , UnsafeString ()
            , quote
            , considerUnsafe
            ) where

     newtype SafeString = SafeString String
     newtype UnsafeString = UnsafeString String

     considerUnsafe :: String -> UnsafeString
     considerUnsafe s = UnsafeString s

     quote :: UnsafeString -> SafeString
     quote (UnsafeString s) = SafeString s' where
       s' = ... s ...

This module does not export the SafeString and UnsafeString 
constructors, so we can be sure that no other code in the program can 
invent SafeStrings which are not really safe. Every string can be safe
+ly 
treated as unsafe, however, so we export a function considerUnsafe whi
+ch 
does so.

Now, if we type our interface to the outside world as
<code>
   getInput      ::  ... -> UnsafeString
   sendOutput    ::  SafeString -> ...

we can be sure that a return value from getInput needs to pass through
+ 
quote on its way to sendOutput, because quote is the only way to produ
+ce 
a SafeString.



This guarantuees safety. It has, however, a practical problem: We can'
+t 
use the usual String functions on UnsafeString or SafeString values. F
+or 
instance, we can't concatenate two UnsafeStrings using (++).

A naive solution would be to provide separate (++) functions for unsaf
+e 
and safe strings:
<code>
   append_safe :: SafeString -> SafeString -> SafeString
   append_safe (SafeString x) (SafeString y)
     = SafeString (x ++ y)

   append_unsafe :: SafeString -> SafeString -> SafeString
   append_unsafe (UnsafeString x) (UnsafeString y)
     = UnsafeString (x ++ y)

Note that at least append_safe needs to be implemented in and exported
+ 
from the StringSafety module. That is a good thing, because this 
function needs to be carefully checked for safety. The programmer need
+s 
to prove (or unit-test, or at least think about) the following theorem
+:
<code>
   If a and b are safe strings, so is a ++ b.

After this fact has been established, other modules are free to use 
append_safe however they like without possibly compromising safety.



<p>Now, the above approach should work, but is still rather impractica
+l: We 
need to copy the definitions of all String functions for unsafe and sa
+fe 
strings. However, since the bodies of all these copies are actually 
identical, so we can use parametric polymorphism to abstract over the 
difference between UnsafeString and SafeString. One way to achieve thi
+s 
is to use phantom types.

<p>With phantom types, we declare only a single newtype for both safe 
+and 
unsafe strings, but we annotate that type with an additional flag to 
distinguish safe from unsafe uses.
<code>
   module StringSafety
            ( AnnotatedString ()
            , Safe ()
            , Unsafe ()
            , quote
            , considerUnsafe
            , append
            ) where

     data Safe = Safe
     data Unsafe = Unsafe

     newtype AnnotatedString safety = AnnotatedString String

     considerUnsafe :: String -> AnnotatedString Unsafe
     considerUnsafe s = AnnotatedString s

     quote :: AnnotatedString Unsafe -> AnnotatedString Safe
     quote (AnnotatedString s) = AnnotatedString s' where
       s' = ... s ...

     append
       :: AnnotatedString a
       -> AnnotatedString a
       -> AnnotatedString a

     append (AnnotatedString x) (AnnotatedString y)
       = AnnotatedString (x ++ y)

[download]

Note that AnnotatedString does not really use its type parameter safety:

That's why it is called a phantom type. The data constructor AnnotatedString can be freely used to convert between safe and unsafe strings, so we better not export it from the module. Inside the module, uses of the data constructor gives rise to proof obligations as above. So the programmer needs to reason that the following is true to justify the implementation and export of append: 

   If x and y have the same safety level,
   then (x ++ y) has again that same safety level.

[download]

So now, we still have to write a wrapper around each string operation, but at least we need to write only one such wrapper for all intents, not a separate wrapper for each intent.

There is an inconvenience left: We can't concatenate safe and unsafe strings, because both arguments to append need to have exactly the same type. To fix this, we first have to figure out what the result of sucha concatenation would be: It would be an unsafe string, because at least one of the inputs is unsafe. We need to teach this kind of reasoning to the compiler, for instance, using type families: 

   type family Join a b
   type instance Join Safe Safe = Safe
   type instance Join Safe Unsafe = Unsafe
   type instance Join Unsafe Safe = Unsafe
   type instance Join Unsafe Unsafe = Unsafe

[download]

The idea is that (Join a b) is the safety level of the result of an operation which consumes data of safety level a and b. I called the type family Join because the safety levels form a lattice, with unsafe levels higher then safe levels, and the type family computes the join operation for that lattice. So we are encoding a simple static analysis into the type system here!

Using this lattice structure of safety level, we can give a more polymorphic type to append: 

   append
     :: AnnotatedString a
     -> AnnotatedString b
     -> AnnotatedString (Join a b)

[download]

The implementation can remain unchanged. Now, the programmer needs to reason that the following statement is true to justify this type of append: 

   (x ++ y) is at least as safe as the least safe of x and y.

[download]

So to conclude, statically checked intent-typing can be expressed in Haskell using newtype wrappers with phantom types, and possibly some type-level computation on these phantom types to teach the compiler domain knowledge about the intents.

(**)Bugs intentional!

Replies are listed 'Best First'.
Re^2: Why do people say 'Perl' is dead?!?!
by ashish.kvarma (Monk) on Dec 12, 2011 at 07:53 UTC

    Does that affect how much jobs pay?

    Nothing against perl or to offend you also cannot comment in general if it affects everyone but it does affect me.

    I started my career as a perl developer and have been coding in perl for last 6 years in a offshore development company. I enjoy working with perl and find it better than many other languages which I learned in past.
    Only issue comes, when I look out for opportunities available in market.
    Most opportunities are where its good to have, as it helps team on deployment and automation testing. Remaining are on maintenance and level 3 support. I don't see many opportunities in pure perl development unless I decide to move out of my home country.

    So here are options for me:

    • Change my primary technology from perl to java/.net/.... (which is not easy in this part of world, if you are a perl developer today you are a perl developer forever.
    • Move to Level 3 support. (which is not my interest area.)
    • Move to some other country where opportunities are better than here. (Once again not an easy task)
    • Stay with the (very) limited opportunity any be satisfied with whatever it pays even if its not at par with rest of the market.
      (Which i have been doing for a while now)

    In short it does affect (at least) me. No matter how much I like perl, sometimes I feel I should have not started my career with perl development. Probably learning it as a helping utility/language would have done better for my career

    Regards,
    Ashish
[reply]

      "No matter how much I like perl, sometimes I feel I should have not started my career with perl development. Probably learning it as a helping utility/language would have done better for my career"

      I find this attitude strange, had you started your career as a cobol programmer would you be complaining that after almost fifty years of it's release the number of cobol job options available to you (feel free to limit this again by your geographic region) has decreased? I didn't start my career as a Perl developer, I may not end it that way. Seems to me like you're putting all of your eggs in one basket. Diversify your skill set. Learning something new doesn't mean you have to completely forget what you knew before.

      Also you seem to limit your options to what others are prepared to do for you, you have the options of telecommuting or setting up your own consultancy etc.

[reply]

      Change my primary technology from perl to java/.net/.... (which is not easy in this part of world, if you are a perl developer today you are a perl developer forever.

      “You are not the only movie-star who feared becoming “type-cast.”   Self-marketing is always part of this constantly-changing business, and by the way, “the grass is always greener on the other side of the fence.”   Don’t worry too much about people in other countries taking your jobs away (especially given that you are ... uhhh....), and don’t worry too much about having to move to another country to find work (unless, of course, you want to move to America where, if you are a highly experienced programmer, you can very easily not-find work).   ;-)

      Seriously:   Master the tools that you currently know, and never, ever stop learning.   You are part of a profession where the opportunities for self-learning never end, no matter where in the world you are.   I would also suggest that you start working very hard now to groom contacts and professional relationships that do not involve working for the companies who are currently outsourcing work from the USA, even though it might be somewhat difficult to find those companies “where you are planted” and even if it involves a pay cut.   Purely as a self-defensive move, because that gravy train is going to dry up completely someday soon, and the lushest green grass quickly turns back into the desert from whence it came.

        Thanks marto and sundialsvc4 for responding.

        I am not at all worried that somebody is some part of world would take opportunity out of my hand. In fact it may be true otherwise considering I am working in/for .... (totally agree to sundialsvc4) ;).
        I do feel that there are less opportunities (in comparison to Java/.Net) but when you compare it with number of people in queue its probably balanced out. Only concern remains is $ paid by job. Many/most companies (in this region) take advantage of the situation and .... (hence my frustration)

        I have the option to start up on my own but (in the burst of emotions) missed that in my post. It takes some time but seems to be the (probably the only) solution

        Regards,
        Ashish
[reply]
Re^2: Why do people say 'Perl' is dead?!?!
by ricDeez (Scribe) on Dec 12, 2011 at 08:45 UTC

    This is one of the best posts, I have ever seen here! and I have seen some really good ones!!!

    Pity I can only upvote it once...

[reply]
Re^2: Why do people say 'Perl' is dead?!?!
by locked_user sundialsvc4 (Abbot) on Dec 12, 2011 at 14:04 UTC

    I only regret that I can only up-vote a posting once.   This one (especially with the spoiler revealed   :-O !! .. what language-monstrosity is that?!?!) is well worth printing and hanging on the office wall.

      what language-monstrosity is that?!?!

      Haskell.

      And if you follow the thread forward a couple of posts, you encounter a seemingly innocent question: "and what if you want to concatenate three pieces?"

      The most telling story is that in the year since it was asked, no one has attempted to answer that; never mind the follow-ons: four pieces; five pieces; ...

      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.

      The start of some sanity?
[reply]

        Gack.

        There are definitely what I call “proof-of-concept” (POC, a.k.a. PITA) languages, which are designed by academics for academics (or for military contracts).   They trust the computer so much, and the programmer so little, that an actual programmer can’t actually do a damn thing with it.   :-)   And then there are the handful “war-horse” languages such as Perl (and, in its own world, COBOL) that can be relied upon to ride into battle with you and to bring you out both victorious and alive.

        As I have related before, I have also watched a very famous company that should have known better dive into a Ruby project to replace a Perl project ... only to discover, not only that they were “merely re-implementing something that already worked,” but that the replacement didn’t work because the actual implemented state of the Ruby libraries they were relying on were not as thoroughly implemented as those they were conditioned to rely-upon in Perl.   The entire project turned into a death march.   A pragmatic language implementation, I think, lives-or-dies more based on its available library base than by the properties of the language itself.

        The best thing is that the whole idea of a "safe string" with a single "quoting" is ... erm ... nonsense.

        I mean what makes string "safe" to insert into "INSERT INTO Foo VALUES ('$here') is totally different than what makes it safe to insert into <input ... value="$here"/> or <span onclick="alert('$here')">..., or "open my $IN, $here or die;</c> etc. etc. etc.

        It makes sense to mark something "unsafe" (aka. tainted = coming from an non-trusted source), but what makes it safe differs.

        OTOH, try to implement something similar (without the use of the builtin tainting!) in Perl. It's also gonna take a bit of code to overload all string operators to work for the String::Safe and String::Unsafe.

        Jenda
        Enoch was right!
        Enjoy the last years of Rome.

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom