Now Reading
Ur/Web, A Simple and Powerful Language For Secure Web Applications

Ur/Web, A Simple and Powerful Language For Secure Web Applications

by Giulio PriscoDecember 24, 2014

A new programming language, called Ur/Web, lets developers write Web applications as self-contained programs. The language’s compiler – the program that turns high-level instructions into machine-executable code – then automatically generates the corresponding XML code and style-sheet specifications and embeds the JavaScript and database code in the right places.

Ur/Web is described in a paper presented at the ACM Symposium on Principles of Programming Languages by MIT Professor of Software Technology Adam Chlipala. The paper describes the problem that the new programming framework is intended to solve as:

The World Wide Web has evolved gradually from a document delivery platform to an architecture for distributed programming. This largely unplanned evolution is apparent in the set of interconnected languages and protocols that any Web application must manage.

Simple, Secure, and Efficient Web Applications

UR/WebUr is a programming language in the tradition of ML and Haskell, but featuring a significantly richer type system. Ur is functional, pure, statically typed, and strict. Ur supports a powerful kind of metaprogramming based on row types. Ur/Web is Ur plus a special standard library and associated rules for parsing and optimization. Ur/Web supports construction of dynamic web applications backed by SQL databases. The signature of the standard library is such that well-typed Ur/Web programs “don’t go wrong” in a very broad sense.

Ur/Web is described as a domain-specific programming language with a much simpler model for programming modern Web applications. Ur/Web’s model is unified, where programs in a single programming language are compiled to other “Web standards” languages as needed, and supports novel kinds of encapsulation of Web-specific states.

According to the developers, the main benefits of Ur/Web over competing tools are:

  • Ur/Web makes programmers more productive by providing abstraction and modularity features not found in any other language.
  • Ur/Web provides guaranteed security; certain kinds of security vulnerability are impossible. For example, modulo any compiler bugs, any Ur/Web application that the compiler accepts is free of code injection vulnerabilities.
  • Ur/Web provides much better run-time performance than any competing system. Server-side components are native code and don’t use garbage collection.

Chlipala founded Impredicative LLC, a company for consulting related to the Ur/Web programming language.

Ur and Ur/Web were considered as beta software by the developers until recently, but the new December 2014 release is considered as a candidate production version. On the Ur/Web website at the developers say:

It’s probably not crazy to give this release a try in building your next serious application.

A production web application developed with Ur/Web is the Bitcoin Merge Mining Pool, which allows users to merge mine for a number of different bitcoin-derived virtual currencies.

Images from Impredicative and Shutterstock.

Advertised sites are not endorsed by us. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
What's your reaction?
Love it
Hate it
  • No garbage collection? I can just see people complaining about memory leaks in the future… The server would crash and have to be restarted when it runs out of memory.