[MLton] SQLite3 MLton binding
Wesley W. Terpstra
terpstra at gkec.tu-darmstadt.de
Sat Feb 10 05:15:58 PST 2007
On Feb 9, 2007, at 2:17 PM, Vesa Karvonen wrote:
> Quoting "Wesley W. Terpstra" <terpstra at gkec.tu-darmstadt.de>:
> [...]
>
> Just a quick note (I don't have time right now to take a closer
> look at this). Are you familiar with the following article?
>
> Domain Specific Embedded Compilers
> Daan Leijen, Erik Meijer
> http://citeseer.ist.psu.edu/leijen99domain.html
>
> IOW, instead of ad hoc strings of SQL or parameterized SQL templates,
> introduce a (typed) combinator library to express queries.
I've read it now. I'm not particularly convinced. Though it's harsh,
I think it is a lot of dubious work for the developer in order to
make the library harder to use.
1. Despite their effort at making queries safe, the queries still
aren't safe: table structure can be changed by another program after
compilation. eg: "select * from table where x*y=$z" only works if x
and y can be multiplied. If the schema for table changes x to a
string, the binding doesn't do anything but give the user a false
sense of security.
2. Returned columns are only superficially type-safe. The real output
columns might have different types. The staticly compiled expression
has no way of knowing the type of the columns output by the SQL
engine to stop this error---it depends on the schema which the
binding doesn't know.
3. They need to use an inelegant fetch method for each column. My
library asks you the types, and gives you a convenient reader that
converts a row at a time for you.
4. The user has to learn a new set of keywords/meta-language when he
already knows SQL. Their binding also makes queries harder to read,
despite being longer.
5. With such a meta-language you can't allow extensible query results
or user-specified queries.
6. Even if they figured out how to make input and output columns type
safe, the table can be altered and thus breaks any guarantees they
thought they had.
In summary, it seems to me that the only benefit of their proposal is
not having to write the string down. Instead, you use arcane, binding-
specific keywords that eventually create the string you wanted. You
already know SQL, so you knew what string you wanted, so you might as
well have just written it down. Any safety the authors claim to have
added is illusionary, due to the nature of SQL. I guess the compiler
can catch typos in SQL keywords in the string, but so will even
superficial testing. They can't detect logical mistakes due to schema
abuse/changes, and those are exactly the bugs that are hard to track
down.
More information about the MLton
mailing list