Why Only Type-hints?

First published on

Whether you're working with Javascript / TypeScript or in Python, type annotations are a thing. On Hacker News we've seen big debates on whether types improve code quality or are just cargo-cult slowing us down. Now here's the thing: I've come to believe there's something very backwards in our approach to type hinting. Let me explain why.

Historically most languages were designed with types baked in. Think C, Fortran and probably most languages one level above Assembly. Types are a simple idea and were needed so that the compiler could figure out what operations to perform, e.g. the + operator has defined behavior on integers, and another on strings. With dynamic languages such as Python or Javascript, types were handled in the interpreter at runtime and no longer necessary in the language itself. In the last decade, with the rise of TypeScript and Python type hinting we're adding types back, not because the language needs them, but so that tooling can help us with the correctness of our software. I believe adding type hints helps with that but why are types the only language affordances to add when we are trying to improve correctness? We should be asking ourselves a different question: Are most of our software problems actually with types? I believe we are short-sighted in that we simply try to add features we've already seen in other languages. We are thinking inside the box.

If I look at most problems in the codebases I've managed, I've seen errors in performance, side-effects, security, etc. To be honest, types or not the first thing on my list. Now why do type hints improve quality? They allow the compiler to reason about the software that we make and it helps us to check our assumptions, faster than any human could do. We should allow our programming environment to help us with other aspects too. Here's an over-the-top example for Python:


When we put our expectations down, the system can help us with the following kinds of problems:
  • Performance: a method was slow on the production set, but another developer didn't know and used it in the UI anyway.
  • Side-effects: developers are not sure if functions are pure or if it could lead to external APIs being called, so how do we handle that if there are database rollbacks?
  • Security: it's not clear who is allowed to execute this function, is it only for system administrators, customer service employees, or end-users?
  • Data Privacy: Is there any PII going into the data lake that is only supposed to contain anonymized data?
  • Memory: This function handles incoming video files and buffers them in memory. It will break when someone uploads a 1GB video file to your tiny server.
  • Intent: the intent of the original developer is completely unclear. We can use free-form comments and things like pydoc for this, but it's a horrible solution in my view.
  • Tests: test systems are add-on tools to our languages, there's nothing in the language itself that allows us to ensure input/output or other kinds of tests.

Now obviously this is ugly. There's no inference or other clever things, and it builds on the annotation functionality in python which makes it only available at runtime. We want it when we are writing our software. I'm not proposing this syntax, but I do want a programming environment where we can add other hints than just type hints. It will probably never fit on one line like current type annotations do. But I do believe we will find solutions for this in the future.

Comments

Post a Comment

Popular posts from this blog

The unreasonable effectiveness of i3, or: ten years of a boring desktop environment

First published on
Image
My wife uses Windows and over the years I've helped her move things to new systems. Win8, 10 and now 11. With every change the UI changes. Now I can't right click the bottom right corner anymore to open Task Manager. The UI feels "fresh" and up-to-date I guess, but does it really matter? My desktop has looked like this since 2008. I love the picture of the gearbox, it's a testament to the hidden precision engineering that goes on inside the built world all the time. I don't see much of the gearbox though, because most of the time my screens look like this: The environment around my background picture has changed a little more, but has been stable for the last 10 years. My experience is very different to my wife's constantly changing system. In 2009 I moved from Windows to Ubuntu, then to Debian using Gnome. Then finally to i3 in 2013 after a brief affair with XMonad in 2012. So by now in early 2024, I've had the same minimal UI for more than 10 years,
Read more

Idea time: RFID+E-Ink, electronic price tags without batteries

First published on
I got this idea years ago, somewhere in 2004 after I had heard both of RFID and E-Ink. The order is irrelevant ;) The idea is simple, we take: 1) RFID readers, which send radio waves to tags, which pick up some of the energy in the wave, do some computations and send a reply. The tags are brilliant: no batteries, no connected power source of any kind except for the antenna. 2) E-Ink displays, which need power only to change pixels. After the power is cut off, the pixels remain in their current state. The result: a small tag with a display. The display gets initialised and updated by an RFID-reader and after that retains its state indefinitely. Perfect for price tags on shelves in supermarkets, which need to be updated every now and then but are hellish to replace. I soon found out in 2004 that Epson had already done this:  http://gizmodo.com/026090/epsons-electronic-ink-%252B-rfid--21st-century-price-tags
Read more

Parsing 10TB of Metadata, 26M Domain Names and 1.4M SSL Certs for $10 on AWS

First published on
Last May I was working on hobby project similar to this:  https://github.com/zakjan/cert-chain-resolver/  . As I found the cert-chain-resolver project a couple of days later I did nothing with the results, but I got some nice comments on how I used 1 VM to download & process 10TB in a couple of hours on this HN thread recently so I decided to do a write up on the process and publish the data. See the parts below: Part 1: downloading 10TB of metadata in 4 hours Part 2: fetching a ****load of certificates Part 3: playing with the data Total costs My approach was somewhat different from the github project above, instead of using the AIA extension I wanted to brute-force the solution by finding all known intermediate and root certificates in advance. Based on the checksum of the issuer/subject fields I could look up which certificates "claimed" to be the signer of the certificate and then using the signature I could filter out which ones actually were. You can us
Read more