[Ur] typechecker rejects form handler

Adam Chlipala adamc at csail.mit.edu
Sun Jan 5 13:37:44 EST 2014 

On 01/05/2014 11:00 AM, Sergey Mironov wrote:
> If I understand correctly, it is the two specialized versions of
> `validator' which cause problems in my example. But does this mean
> that specializations are not usable in practice at the moment?

More precisely, you'll run into trouble if you cause multiple 
specializations of a function that defines local functions that need to 
have URIs assigned to them!

> Do you plan to introduce some kind of automatic names generator for cases
> like this one?

No, I advise folks to use functors for such cases.  One principle of 
Ur/Web is not to try to come up with URI schemes automatically, like in 
e.g. some functional-language frameworks that assign long random-looking 
identifiers to continuations.  I want URLs to look pretty!  To that end, 
Ur/Web solicits the programmer's help in URI choice.  An application of 
a functor will have a programmer-provided name, which will appear as a 
subdirectory name in URLs.

> I think, it would be fine If urweb had made two urls
> (say, `validator0' and `validator1' ) out of two static copies of
> `validator' in my example. I vote for this improvement until there are
> counterexamples demonstrating how this improvement may violate the
> security or confuse something.
>    

Well, what if your program already contained a function literally named 
'validator0'?  Now URL generation depends arbitrarily on the other code 
in a program!  With the current scheme, it is possible to audit one 
module (e.g., .ur file) in isolation and know exactly what URI scheme 
will be generated for it.

> 2014/1/4 Adam Chlipala<adamc at csail.mit.edu>:
>    
>> On 01/04/2014 01:57 PM, Sergey Mironov wrote:
>>      
>>> Wow, sorry for that. Unfortunately, it is not my only trouble with
>>> this sample. Please, see FormBug2.ur (in attach). I've replaced !=
>>> with `eq' call.
>>> The new errors are
>>>
>>>    $ urweb -dbms sqlite FormBug2
>>>    :0:0: (to 0:0) Duplicate HTTP tag validator
>>>
>>>        
>>
>> Your code needs to create URLs referencing the function [validator], but
>> multiple versions of it must exist due to multiple (static) calls to its
>> enclosing function, and they'd all get the name "validator" in URLs.  Try
>> making the enclosing function a functor instead, so you get to choose a
>> module name for its outputs manually, providing the compiler with advice
>> about namespacing.
>>

More information about the Ur mailing list