I worked with in the same lab as the author adam chipala two summers ago. He's a brilliant hacker/computer scientist, and any work he does is worth taking seriously.
To quote from the manual:
The signature (ed: the type or interface) of the standard library is such that well-typed Ur/Web programs “don’t go wrong” in a very broad sense. Not only do they not crash during particular page generations, but they also may not:
• Suffer from any kinds of code-injection attacks
• Return invalid HTML
• Contain dead intra-application links
• Have mismatches between HTML forms and the fields expected by their handlers
• Include client-side code that makes incorrect assumptions about the “AJAX”-style services that the remote web server provides
• Attempt invalid SQL queries
• Use improper marshaling or unmarshaling in communication with SQL databases or between browsers
and web servers
Thats pretty cool, and it looks like the language is able to statically catch that all using the type system (the types are presumably mostly inferred by the compiler), and presumably the error messages do or will provide informative information about the location of errors.
It is also worth noting that when you compile an Ur/web program, the executable you get is a web server dedicated to serving the page that is described by the programmer! So presumably, aside from setting up the compiler toolchain, the actual server setup is easy!
edit2: also you got to love that the theres a formal semantics for the language and the types which makes it clear to those with the right background that theres a formal proof that the type system also prevents bad stuff from happening! :)
While it would be nice to imagine something like this catching on, somehow I suspect that any language whose reference manual gives a specification of semantics using sequent calculus before discussing the standard libraries is unlikely to gain much use.
Fast, expressive, flexible, with static analysis that can prevent entire classes of common bugs? That sounds great! Oh wait, no, it uses words that sound like math, obviously that makes it unsuitable for the real world. Sigh.
I find that the deal-breaker for most languages is just a case of missing "production gloss." Things like seamless installations, breadth of packages, language interoperability, platform compatibility, documented quirks.
Take, for example, Ur vs. Python. Python has a plentitude of frameworks, template libraries, protocol implementations, dev tools, packaging and deployment mechanisms. Ur has just started, thus it has little to offer in any one of these categories. The raw language advantages of safety can't be justified in a commercial environment where speed of deployment is mostly contingent on having the ecosystem there - if you plow ahead without having them in place, you're going to tack on weeks or months building and refining new implementations of those things.
Fortunately, it's entirely possible for language designers to bootstrap the entire ecosystem. It just takes a long time and lots of dedication to do so. The author indicates that he is eager to make this language worthy in these ways, so I'm wishing him the best. :)
I'm trying to run the demo, and it keeps starting up emacs in order to compile html templates. It doesn't use -nw or -q, so for each file, it creates a window, loads my init files, runs a tiny bit of elisp to expand a template (or something), writes it out, and closes down emacs (running everything in kill-emacs-hook).
I could just move my emacs directory temporarily or add some reasonable commands to the process (even use emacsclient!), but I'd rather complain about it here.
Well, it will exit very quickly and not open 38 Emacs frames. It's a hack, and I don't want it to be necessary, but it will accomplish the desired goal.
To quote from the manual: The signature (ed: the type or interface) of the standard library is such that well-typed Ur/Web programs “don’t go wrong” in a very broad sense. Not only do they not crash during particular page generations, but they also may not:
• Suffer from any kinds of code-injection attacks
• Return invalid HTML
• Contain dead intra-application links
• Have mismatches between HTML forms and the fields expected by their handlers
• Include client-side code that makes incorrect assumptions about the “AJAX”-style services that the remote web server provides
• Attempt invalid SQL queries
• Use improper marshaling or unmarshaling in communication with SQL databases or between browsers and web servers
Thats pretty cool, and it looks like the language is able to statically catch that all using the type system (the types are presumably mostly inferred by the compiler), and presumably the error messages do or will provide informative information about the location of errors.
It is also worth noting that when you compile an Ur/web program, the executable you get is a web server dedicated to serving the page that is described by the programmer! So presumably, aside from setting up the compiler toolchain, the actual server setup is easy!
Kudos! -Carter
edit: http://adam.chlipala.net/papers/UrPLDI10/ is the link to the paper the focuses on the research novelty elements of the system.
edit2: also you got to love that the theres a formal semantics for the language and the types which makes it clear to those with the right background that theres a formal proof that the type system also prevents bad stuff from happening! :)