The JScript Type System Part Seven: Yeah, you’ve probably guessed that I wrote the array stuff

A reader asked me to clarify a point made in an earlier entry:

Note that JScript .NET arrays do not have any of the methods or properties of a CLR array. (Strings, by contract, can be used implicitly as either JScript .NET strings or as System.String values, which I’ll talk more about later.) But JScript .NET arrays do not have CLR array fields like Rank, SetValue, and so on.

When you have a string in a JScript .NET program, we allow you to treat it as both a System.String and as a JScript object with the String prototype.  For example:

var s = "   hello   ";
// calls JScript string prototype's toUpperCase
// calls System.String.Trim

Which is it really?  From a theoretical standpoint, it doesn’t really matter — you can use it as either.  From an implementation standpoint, of course we use System.String internally and magic up the prototype instance when we need one — just as in JScript classic all strings are VT_BSTR variants internally and we magic up a wrapper when we need one.  JScript .NET strings and CLR strings really are totally interoperable.

Arrays aren’t quite so seamless.  

When you try to use a JScript .NET array when a CLR array is expected, we create a copy.  But when you go the other way, things are a little different. Rather than producing a copy, using a CLR array as a JScript .NET array “wraps it up”. No copy is made. The operation is therefore efficient and preserves identity. Changes made to a wrapped array are preserved:

ChangeArray(arr : Array) : void {
  print(arr[0]); // 10
  arr[0] += 100;
  // JScript .NET methods work just fine
  print(arr.join(":")); // 10:20:30

var arr : int[] = [10, 20, 30];
print(arr[0]); // 110

The principal rule for treating a CLR array as a JScript .NET array is that it must be single-dimensional. Since all JScript .NET arrays are single-dimensional it makes no sense to wrap up a high-rank CLR array.

Once the array is wrapped up it still has all the restrictions that a normal hard-typed array has. It may not change size, for instance. This means that an attempt to call certain members of the JScript .NET Array prototype on a wrapped array will fail. All calls to push, pop, shift, unshift and concat as well as some calls to splice will change the length of the array and are therefore illegal on wrapped CLR arrays.

Note that you may use the other JScript .NET array prototype methods on any hard-typed array (but not vice versa). You can think of this as implicitly creating a wrapper around the CLR array, much as a wrapper is implicitly created when calling methods on numbers, Booleans or strings:

var arr : int[] = [10, 20, 30];
// You may call JScript .NET methods on hard-typed arrays
print(arr.join(":"));   // 30:20:10

There might be a situation where you do want to make a copy of a CLR array rather than wrapping it. JScript .NET has syntax for this, namely:

var sysarr: int[] = [10, 20, 30];
var jsarr1 : Array = sysarr; 
// create wrapper without copy
var jsarr2 : Array = Array(sysarr); 
// create wrapper without copy
var jsarr3 : Array = new Array(sysarr); 
// not a wrapper; copies contents

In the last case jsarr3 is not a wrapper. It is a real JScript .NET array and may be resized.

Thin to my chagrin

I’m going to take a quick intermission from talking about the type system, but we’ll pick it up again soon.  I’ve been thinking a lot lately about philosophical and practical issues of thin client vs. rich client development.  Thus, I ought to first define what I mean by “thin client” and “rich client”. 


We used to think of Windows application software as being shrink-wrapped boxes containing monolithic applications which maybe worked together, or maybe were “standalone”, but once you bought the software, it was static — it didn’t run around the internet grabbing more code.  If the application required buff processing power and lots of support libraries in the operating system, well, you needed to have that stuff on the client.  The Windows application model required that the client have a rich feature set.

This is in marked contrast to the traditional Unix model of application software.  In this model the software lives on the server and a bunch of “thin” clients use the server.  The clients may have only a minimal level of memory and processing power — perhaps only the ability to display text on a screen!

The ongoing explosion of massive interconnection via the Internet starting in the 1990’s naturally led software developers to rethink the monolithic application model.  Multi-tiered development was the result — the front end that the user sees is just a thin veneer written in HTML, while the underlying business logic and data storage happens on servers behind the scenes.  The client has to be quite a bit fatter than a Unix “dumb terminal”, but if it can run a web browser, it’s fat enough. 

This was a great idea in many ways.  Multi-tiered development encourages encapsulation and data locality.  Encapsulating the back end means that you can write multiple front-end clients, and shipping the clients around as HTML means that you can automatically update every client to the latest version of the front end.  My job from 1996 to 2001 was to work on the implementation of what became the primary languages used on the front-end tier (JScript) and the web server tier (VBScript).  It was exciting work.

Right now, we’re looking to the future.  We’ve made a good start at letting people develop thin-client multi-tiered applications in Windows, but there is a lot more we can do.  To do so, we need to understand what exactly is goodness.  So let me declare right now Eric Lippert’s Rich Client Manifest

The thin-client multi-tiered approach to software development squanders the richness available on the vast majority of client platforms that I’m interested in.  We must implement tools that allow rich client application developers to attain the benefits of the thin-client multi-tiered model.

That’s the whole point of the .NET runtime and the coming Longhorn API.  The thin client model lets you easily update the client and keeps the business logic on the back tier?  Great — let’s do the same thing in the rich client world, so that developers who want to develop front ends that are more than thin HTML-and-script shells can do so without losing the advantages that HTML-and-script afford. 


I’ve been thinking about this highfalutin theoretical stuff recently because of some eminently practical concerns.  Many times over the years I’ve had to help out third party developers who have gotten themselves into the worst of both worlds.  A surprisingly large number of people look at the benefits of the thin client model — easy updates (the web), a declarative UI language (HTML), an easy-to-learn and powerful language (JScript) — and decide that this is the ideal environment to develop a rich client application.

That’s a bad idea on so many levels.  Remember, it is called the thin client model for a reason.  I’ve seen people who tried to develop database management systemsin JScript and HTML!  That’s a thorough abuse of the thin client model — in the thin client model, the database logic is done on the backend by a dedicated server that can handle it, written by database professionals in hand-tuned C.  JScript was designed for simple scripts on simple web pages, not large-scale software.

Suppose you were going to design a language for thin client development and a language for rich client development.  What kinds of features would you want to have in each?

For the thin client, you’d want a language that had a very simple, straightforward, learn-as-you-go syntax.  The concept count, the number of concepts you need to understand before you start programming, should be low.  The “hello world” program should be something like

print "hello, world!"

and not

import library System.Output;
public startup class MainClass
  public static startup function Main () : void
     System.Output("hello, world!");

It should allow novice developers to easily use concepts like variables and functions and loops.  It should have a loose type system that coerces variables to the right types as necessary.  It should be garbage collected.  There must not be a separate compile-and-link step.  The language should support late binding.  The language will typically be used for user interface programming, so it should support event driven programming.  High performance is unimportant — as long as the page doesn’t appear to hang, its fast enough.  It should be very easy to put stuff in global state and access it from all over the program — since the program will likely be small, the lack of locality is relatively unimportant. 

In short, the language should enable rapid development of simple software by relatively unsophisticated programmers through a flexible and dynamic programming model. 

OK, what about the rich-client language?  The language requirements of large-scale software are completely different.  The language must have a rigid type system that catches as many problems as possible before the code is checked in.  There must be a compilation step, so that there is some stage at which you can check for warnings.  It must support modularization, encapsulation, information hiding, abstraction and re-use, so that large teams can work on various interacting components without partying on each other’s implementation details.  The state of the program may involve manipulating scarce and expensive resources — large amounts of memory, kernel objects such as file handles, etc.  Thus the language should allow for fine-grained control over the lifetime of every byte.

Object Oriented Programming in C++ is one language and style that fits this bill, but the concept count of C++ OOP is enormous — pure, virtual, abstract, instance, static, base, pointers, references…  That means that you need sophisticated, highly educated developers.  The processing tasks may be considerable, which means that performance becomes a factor.  Having a complex “hello world” is irrelevant, because no one uses languages like this to write simple programs.

In short, a rich-client language should support large-scale development of complex software by large teams of sophisticated professional programmers through a rigid and statically analyzable programming model.

Complete opposites!  Now, what happens when you try to write a rich client style application using the thin client model? 

Apparent progress will be extremely rapid — we designed JScript for rapid development.  Unfortunately, this rapid development masks serious problemsfestering beneath the surface of apparently working code, problems which will not become apparent until the code is an unperformant mass of bugs. 

Rich client languages like C# force you into a discipline — the standard way to develop in C# is to declare a bunch of classes, decide what their public interfaces shall be, describe their interactions, and implement the private, encapsulated, abstracted implementation details.  That discipline is required if you want your large-scale software to not devolve into an undebuggable mess of global state.  If you can modularize a program, you can design, implement and test it in independent parts.

It is possible to do that in JScript, but the language does not by its very nature lead you to do so.  Rather, it leads you to to favour expedient solutions (call eval!) over well-engineered solutions (use an optimized lookup table).  Everything about JScript was designed to be as dynamic as possible.

Performance is particularly thorny.  Traditional rich-client languages are designed for speed and rigidity.  JScript was designed for comfort and flexibility.  JScript is not fast, and it uses a lot of memory.  Its garbage collector is optimized for hundreds, maybe thousands of outstanding items, not hundreds of thousands or millions.

So what do you do if you’re in the unfortunate position of having a rich client application written in a thin-client language, and you’re running into these issues?

It’s not a good position to be in.

Fixing performance problems after the fact is extremely difficult.  The way to write performant software is to first decide what your performance goals are, and then to MEASURE, MEASURE, MEASURE all the time.  Performance problems on bloated thin clients are usually a result of what I call “frog boiling”.  You throw a frog into a pot of boiling water, it jumps out.  You throw a frog into a pot of cold water and heat it up slowly, and you get frog soup.  That’s what happens — it starts off fine when it is a fifty line prototype, and every day it gets slower and slower and slower… if you don’t measure it every day, you don’t know how bad its getting until it is too late.  The best way to fix performance problems is to never have them in the first place.

Assuming that you’re stuck with it now and you want to make it more usable, what can you do?

  • Data is bad. Manipulate as little data as possible.  That’s what the data tier is for.  If you must manipulate data, keep it simple — use the most basic data structures you can come up with that do the job.
  • Code is worse.  Every time you call eval, performance sucks a little bit more.  Use lookup tables instead of calling eval.  Move code onto the server tier. 
  • Avoid closures.  Don’t nest your functions unless you really understand closure semantics and need them.
  • Do not rely on “tips and tricks” for performance.  People will tell you “declared variables are faster than undeclared variables” and “modulus is slower than bit shift” and all kinds of nonsense.  Ignore them.  That’s like mowing your lawn by going after random blades of grass with nail scissors.  You need to find the WORST thing, and fix it first.  That means measuring.  Get some tools — Visual Studio Analyzer can do some limited script profiling, as can the Numega script profiler, but even just putting some logging into the code that dumps out millisecond timings is a good way to start.  Once you know what the slowest thing is, you can concentrate on modularizing and fixing it.
  • Modularize.  Refactor the code into clean modules with a well-defined interface contract, and test modules independently. 

But the best advice I can give you is simply use the right tool for the right job.  The script languages are fabulous tools for their intended purpose.  So are C# and C++.  But they really are quite awful at doing each other’s jobs!

The JScript Type System, Part Six: Even more on arrays in JScript .NET

You might have noticed something odd about that last example using SetValue. The CLR documentation it notes that the function signature is:

public function SetValue(value : Object, indices : int[]) : void

The indices parameter is typed as taking a .NET array of integers but in the example in my last entry we give it a literal JScript array, not a CLR array.

JScript .NET arrays and CLR arrays work together, but because these two kinds of arrays are so different they do not work together perfectly. The problem is essentially that JScript .NET arrays are much more dynamic than CLR arrays. JScript .NET arrays can change size, can have elements of any type, and so on.

The rules for when JScript .NET arrays and CLR arrays may be used in place of each other are not particularly complicated but still you should exercise caution when doing so. In particular, when you use a JScript .NET array in a context where a CLR array is expected you can get unexpected results. Consider this example:

function ChangeArray(arr : int[]) : void
  print(arr[0]); // 10
  arr[0] += 100;
var jsarr : Array = new Array(10, 20, 30);
print(jsarr[0]); // 10 or 110?

This might look like it prints out 10 then 110, but in fact it prints out 10 twice. The compiler is unable to turn the dynamic JScript array into a reference to a CLR array of integers so it does the next best thing. It makes a copy of the JScript array and passes the copy to the function. If the function reads the array then it gets the correct values. If it writes it, then only the copy is updated, not the original.

To warn you about this possibly unintentional consequence of mixing array flavours, the compiler issues the following warning if you do that:

warning JS1215: Converting a JScript Array to a System.Array 
results in a memory allocation and an array copy

You may now be wondering then why the call to SetValue which had the literal JScript .NET array did not prompt this warning. The warning is suppressed for literal arrays. In the case of literal arrays the compiler can determine that a literal array is being assigned to a variable of CLR array type. The compiler then optimizes away the creation of the JScript .NET array and generates code to create and initialize the CLR array directly. Since there is then no performance impact or unexpected copy, there is no need for a warning.

Note that if every element of the source JScript .NET array cannot be converted to the element type of the CLR array then a type mismatch error will result. For instance, this would fail:

var arr1 : int[] = new Array(10, "hello", 20); // Type mismatch error at runtime
var arr2 : int[] = [10, "hello", 20];          // Type mismatch error at compile time

Note also that this applies to multidimensional arrays. There is no syntax for initializing a multidimensional array in JScript .NET:

var mdarr : int[,] = [ [ 1, 2 ], [3, 4] ]; // Nice try, but illegal

A rectangular multidimensional array is not “an array of arrays”. In this case you are assigning a one-dimensional array which happens to contain arrays to a two-dimensional array of integers; that is not a legal assignment. If, however, you want a ragged array it is perfectly legal to do this:

var ragged : int[][] = [ [ 1, 2 ], [3, 4] ];
print(ragged[1][1]); // 4

Rectangular multidimensional arrays are indexed with a comma-separated list inside one set of square brackets. If you use ragged arrays to simulate true multidimensional arrays then the indices each get their own set of brackets.

Note that JScript .NET arrays do not have any of the methods or properties of a CLR array. (Strings, by contract, can be used implicitly as either JScript .NET strings or as System.String values, which I’ll talk more about later.)  But JScript .NET arrays do not have CLR array fields like RankSetValue, and so on.

Next time on FAIC: I’ll talk a bit about going the other way — using a CLR array where a JScript array is expected.

Commentary from 2021:

Unlike the previous episode, this episode solicited some good comments on how BeyondJS / BeyondRhino deal with the very similar problem of making JS arrays interoperate with Java arrays, so that JS scripts could be used to more easily write unit tests for JVM programs. There was a lot of this sort of parallel work going on at the time.

The JScript Type System, Part Five: More On Arrays In JScript .NET

As I was saying the other day, CLR arrays and JScript arrays are totally different beasts. It is hard to imagine two things being so different and yet both called the same thing. Why did the CLR designers and the JScript designers start with the same desire — create an array system — and come up with completely different implementations?

Well, the CLR implementers knew that dense, nonassociative, typed arrays are easy to make fast and efficient. Furthermore, such arrays encourage the programmer to keep homogenous data in strictly bounded tables. That makes large programs that do lots of data manipulation easier to understand. Thus, languages such as C++, C# and Visual Basic have arrays like this, and thus they are the basic built-in array type in the CLR.

Sparse, associative, untyped arrays are not particularly fast but they are far more dynamic and flexible than Visual Basic-style arrays. They make it easy to store heterogeneous data in any table without worrying about picky details such as exactly how big that table is. In other words, they are “scripty”. Languages such as JScript and Perl have arrays like this.

JScript .NET has both very dynamic, scripty arrays and more strict CLR arrays, making it suitable for both rapid development of scripts and programming in the large. But like I said, making these two very different kinds of arrays work well together is not trivial.

JScript .NET supports the creation of multidimensional typed arrays. As with single-dimensional arrays, the array size is not part of the type. To annotate a variable as containing a typed multidimensional array the syntax is to follow the type with brackets containing commas. For example, to annotate a variable as containing a two dimensional array of Strings you would say:

var multiarr : String[,];

The number of commas between the brackets plus one is equal to the rank of the array. (By this definition if there are no commas between the brackets then it is a rank-one array, as we have already seen.)

A multidimensional array is allocated with the new keyword as you might expect:

multiarr = new String[4,5];
multiarr[0,0] = "hello";

Notice that elements of typed arrays are always accessed with a comma-separated list of integer indices. There must always be exactly one index for each dimension in the array. You can’t use the ragged array syntax [0][0].

There are certain situations in which you know that a variable or function argument will refer to a CLR array but you do not actually know the element type or the rank, just that it is an array. Should you find yourself in one of these (rather rare) situations there is a special annotation for a CLR array of unknown type and rank:

var sysarr : System.Array;
sysarr = new String[4,5];
sysarr = new double[10];

As you can see, a variable of type System.Array may hold any CLR array of any type and rank. However, there is a drawback. Variables of type System.Array may not be indexed directly because the rank is not known. This is illegal:

var sysarr : System.Array;
sysarr = new String[4,5];
sysarr[1,2] = "hello";  // ILLEGAL, System.Arrays are not indexable

Rather, to index a System.Array you must call the GetValue and SetValue methods with an array of indices:

var sysarr : System.Array;
sysarr = new String[4,5];
sysarr.SetValue("hello", [1,2]);

The rank and size of a System.Array can be determined with the RankGetLowerBound and GetUpperBound members.

Thinking about this a bit now, I suppose that we could have detected at compile time that a System.Array was being indexed, and constructed the call to the getter/setter appropriately for you, behind the scenes.  But apparently we didn’t.  Oh well.

Next time on FAIC: mixing and matching JScript and CLR arrays.

Commentary from 2021:

As I say rather a lot, design is the art of coming up with compromises, and of course a good compromise leaves everybody mad. I expected more pushback on these decisions; trying to make it all work in a manner that felt both true to JScript and made efficient use of CLR types designed for a statically-typed world led to a lot of compromises to be mad about. But it went over pretty well, insofar as JScript .NET went over anywhere at all.

There was some good discussion in the comments on the original post about how you might write a fold so that it worked on JScript arrays, CLR arrays, multidimensional arrays, and so on, and did so efficiently.

The JScript Type System, Part Four: JScript .NET Arrays

One of the major differences between JScript .NET and JScript Classic is that JScript .NET now supports optional type annotations on variables.  The number of built-in primitive types has also increased dramatically.  JScript .NET adds value types boolean, byte, char, decimal, double, float, int, long, sbyte, short, uint, ulong and ushort.  In addition, JScript .NET integrates its type system with the CLR type system — a string in JScript has all the properties and methods of the string prototype and all the properties and methods of a System.String.  Backwards compatibility and interoperability with the CLR were two very important design criteria.

The primitive types are pretty straightforward though.  Some more interesting stuff happens when we think about how complex types like arrays interoperate between JScript .NET and the CLR. Let’s quickly review the terminology:

sparse array may have “holes” in the valid indices. A sparse array with three elements might have elements 0, 10 and 1000 defined but nothing in between. The opposite of a sparse array is a dense array. In a dense array all the indices between the lowest and highest indices are valid indices. A dense array with elements 0 and 1000 has 1001 elements.

fixed-size> array has a particular valid range of indices. Typically the size is fixed when the array is created and it may not be changed. A variable-sized array does not have any maximum size. Elements may be added or removed at any time.

single-dimensional array maps a single index onto a value. A multi-dimensional array may require any number of indices to fetch a value.

The number of dimensions an array has is called its rank. (Other terms
such as dimensionality or arity are occasionally used but we will stick to rank.)

uniformly-typed array has every element of the same type. An any-typed array may have elements of any type.

An associative array is an array where the indices are strings. A nonassociative array has integer indices.

literal array is a JScript .NET array defined in the actual source code, much as “abcde” is a literal string or 123.4 is a literal number. In JScript .NET a literal array is a comma-separated list of items inside square brackets:

var arr = [10, 20, "hello"];
var item = arr[1]; // 20

JScript arrays are sparse, variable-sized, single-dimensional, any-typed, associative arrays. CLR arrays are the opposite in every way! They are dense, fixed-size, multi-dimensional, uniformly-typed, nonassociative arrays. It is hard to imagine two more different data structures with the same name.  Making them interoperate at all was a pain in the rear, believe me.

This is a pretty big topic, so I think I’ll split it up over a few entries.  Let me talk a bit about annotation and typing, and we’ll pick up where we left off tomorrow.

Traditional JScript arrays are soft-typed; they can store heterogeneous data:

var arr = new Array();
arr[0] = "hello";
arr[1] = 123.456;
arr[2] = new Date();

CLR arrays, on the other hand, are uniformly typed. Every element of a CLR array is the same type as every other element. This difference motivates the type annotation syntaxes for each. In JScript .NET the traditional arrays are annotated with the Array type and CLR arrays are annotated with the type of the element followed by []:

var jsarr : Array = new Array()
jsarr[0] = "hello";
var sysarr : double[] = new double[10];
sysarr[0] = 123.4;

Note that CLR arrays are fixed-size, but the size is not part of the type annotation; sysarr can be a one-dimensional array of double of any size. This is perfectly legal, for example:

var sysarr : double[] = new double[10];
sysarr[0] = 123.4
sysarr = new double[5];

This throws away the old array and replaces it with a new, smaller array. But once a typed array is created it may not be resized.

Tomorrow: true multidimensional arrays in JScript .NET.


Commentary from 2021:

This post was one of the very few over the lifetime of my blog that got no comments. As an introductory post to a rather arcane subject, I suppose that is not particularly surprising. I put a lot of work into arrays in JS.NET and it was not very well documented, so I figured that getting it out in my blog would be generally helpful.

The JScript Type System, Part Three: If It Walks Like A Duck…

A commenter on part two asked “can you explain the logic that a string is not always a String but a regexp is always a RegExp? What is the recommended way of determining if a value is a string?”

Indeed, the commenter is correct:

print(/foo/ instanceof RegExp);             // true
print(new RegExp("foo") instanceof RegExp); // true
print("bar" instanceof String);             // false
print(new String("bar") instanceof String); // true
print(typeof("bar"));                       // string
print(typeof(new String("bar")));           // object

Why’s that? First off, the question about strings.

In JScript there is this bizarre feature where primitive values — Booleans, strings, numbers — can be “wrapped up” into objects.  Doing so leads to some bizarre situations. The type of a wrapped primitive is always an object type, not a primitive type.  Also, we use object equality, not value equality:

print(new String("bar") == new String("bar")); // false

I strongly recommend against using wrapped primitives.  Why do they exist?  The reasoning has kind of been lost in the mists of time, but one good reason is to make the prototype inheritance system consistent.  If bar is not an object then how is it possible to say


? From the point of view of the specification, this is just a syntactic sugar for

print((new String("bar")).toUpperCase());

Of course as an implementation detail we do not actually cons up a new object every time you call a property on a primitive value! That would be a performance nightmare.  The runtime engine is smart enough to realize that it has a value and that it ought to pass it as the this object to the appropriate method on String.prototype and everything just kind of works out.

This also explains why it is possible to stick properties onto value types that magically disappear.  When you say

var bar = "bar";
bar.hello = "hello";
print(bar.hello); // nada!

what is happening is logically equivalent to:

var bar = "bar";
(new String(bar)).hello = "hello";
print((new String(bar)).hello); // nada!

The magical temporary object is just that — magical and temporary.  Once you’ve used it, poof, it disappears.

But this magical temporary object does not appear when the typeof or instanceof operators are involved.  The instanceof operator says “hey, this thing isn’t even an object, so it can’t possibly be an instance of anything”.  For both consistency and usability, it would have been nice if "bar" instanceof String logically created a temporary object and hence said yes, it is an instance of String. But for whatever reason, that’s not the specification that the committee came up with.

The question about regular expressions is easily answered now that we know what is going on with strings. The difference between regular expressions and strings is that regular expressions are not primitives. Just because you have the ability to express a regular expression as a literal does not mean that it is a primitive! That thing is always an object, so there is no behaviour difference between the compile-time-literal syntax and the runtime syntax.

The question about how to determine whether something is a string is surprisingly tricky. If typeof returns "string" then obviously it is a string, end of story.  But what if typeof returns "object" — how can you tell if that thing is a wrapped string?

It’s not easy. instanceof String doesn’t tell you whether that thing is a string, it tells you whether String.prototype is on the prototype chain.  There’s nothing stopping you from saying

function MyString() {}
MyString.prototype = String.prototype;
var s = new MyString();
// See part two for why this happens:
print(s.constructor == String);            // true
print(s instanceof String);                // true
print(String.prototype.isPrototypeOf(s));  // true

So now what are you going to do?  JScript is excessively dynamic! You can’t rely on any object being what it says it is. JScript forces people to be operationalists. (Operationalism is the philosophical belief that if it walks like a duck and quacks like a duck, it is a duck.) In the face of the kind of weirdness described above, all you can do is try to use the thing like a string, and if it acts like a string, it s a string.

Commentary from 2020

  • A commenter pointed out that I must be a “Lisp geek” because I used “cons” to mean “allocate”. I am not much of a Lisp programmer but I’m willing to use Lisp jargon to get street cred from genuine Lisp geeks. 🙂 (If you are a casual user of Lisp you might think of cons as the function which pushes an item onto the head of a list, but a better way to think of it is that it is an allocator for a head, tail pair. Such a pair is called a “cons cell” for historical reasons.)
  • The title obviously refers to “duck typing” which usually thought of as the characteristic of a type system where what we care about is the existence of the right “shape”; we don’t care if it is a duck, we care if it is a thing that can quack. What I wanted to illustrate here is that JavaScript carries that concept even farther than you might think. It’s not just “does this thing have the properties of a duck?” It’s that in some situations, there is no by-design way to even get a reliable answer to the question “is this a duck or not?” The JavaScript type system is weird and I hope that anyone building a new type system these days has the good sense to not create a situation where you cannot even reliably tell if a string is a string.

The JScript Type System, Part Two: Prototypes and constructors

A number of readers made some good comments on my article on JScript typing that deserve to be called out in more detail.

First, I was being a little sloppy in my terminology — I casually conflated static typing with strong typing, and dynamic typing with weak typing. Thanks for calling me on that. Under the definitions proposed by the reader, JScript would be a dynamically typed language (because every variable can take a value of any type) and a strongly typed language (because every object knows what type it is.) By contrast, C++ is a statically typed language (because every variable must have a type, which the compiler enforces) but also a weakly typed language (because the reinterpret cast allows one to turn pointers into integers, and so on.)

Second, a reader notes that one of the shortcomings of JScript is that though it is a strongly typed language (in our new sense) that it is a royal pain to actually determine the runtime type an object. The typeof operator has a number of problems:

  • null is listed as being of the object type, though technically it is a member of the Null type.
  • primitives (strings, numbers, Booleans) wrapped in objects are listed as being of the object type rather than their underlying type.
  • JScript, unlike VBScript, does not interrogate COM objects to determine the class name.
  • If JScript is passed a variant from the outside world that it cannot make sense of then typeof returns “unknown”.

Perhaps there is some other way. Prototype inheritance affords a kind of type checking, for example.

Prototype inheritance works like this: every JScript object has an object (or possibly null) called its prototype object.  Suppose an object foo has prototype object bar, and bar has prototype object baz, and baz has prototype object null. If you call a method on foo then JScript will search foo, bar and baz for that method, and call the first one it finds.

The idea is that one object is a prototypical object, and then other objects specialize it. This allows for code re-use without losing the ability to dynamically customize behaviour of individual objects.

Prototypes are usually done something like this:

var Animal = new Object();
// omitted: set up Animal object
function Giraffe()
  // omitted: initialize giraffe object.
Giraffe.prototype = Animal;
var Jerry = new Giraffe();

Now Jerry has all the properties and methods of an individual Giraffe object AND all the properties and methods of Animal.  You can use IsPrototypeOf to see if a given object has Animal on its prototype chain. Since prototype chains are immutable once created, this gives you a pretty reliable sort of type checking.

Note that Giraffe is not a prototype of Jerry. Note also that Animal is not the prototype of Giraffe! The object which is assigned to the prototype property of the constructor is the prototype of the instance.

Now, you all are not the first people to point out to me that determining types is tricky. A few years ago someone asked me what the differences are amongst

if (func.prototype.IsPrototypeOf(instance))


if (instance.constructor == func)


if (instance instanceof func)

The obvious difference is that the first one looks at the whole prototype chain, whereas the second two look at the constructor, right? Or is that true? Is there a semantic difference between the last two?

There is. Let’s look at some examples, starting with one that seems to show that there is no difference:

function Car() { }
var honda = new Car();
print(honda instanceof Car); // true
print(honda.constructor == Car);  // true

It appears that instance instanceof func and instance.constructor == func have the same semantics. They do not. Here’s a more complicated example that demonstrates the difference:

var Animal = new Object();
function Reptile() { }
Reptile.prototype = Animal;
var lizard = new Reptile();
print(lizard instanceof Reptile); // true
print(lizard.constructor == Reptile); // false

In fact lizard.constructor is equal to Object, not Reptile.

Let me repeat what I said above, because no one understands this the first time — I didn’t, and I’ve found plenty of Javascript books that get it wrong. When we say

Reptile.prototype = Animal;

this does not mean “the prototype of Reptile is Animal“.  It cannot mean that because (obviously!) the prototype of Reptile, a function object, is Function.prototype.  No, this means “the prototype of any instance of Reptile is Animal“.  There is no way to directly manipulate or read the prototype chain of an existing object in JScript.

Now that we’ve got that out of the way, the simple one first:

instance instanceof func means “is the prototype property of func equal to any object on instance’s prototype chain?”  So in our second example, the prototype property of Reptile is Animal and Animal is on lizard‘s prototype chain.

But what about our first example where there was no explicit assignment to the Car prototype?

The compiler creates a function object called Car.  It also creates a default prototype object and assigns it to Car.prototype.  So again, when we way

print(honda instanceof Car);

the instanceof operator gets Car.prototype and compares it to the prototype chain of honda. Since honda was constructed by Car it gets Car.prototype on its prototype chain.

To sum up the story so far,  instance instanceof func is actually a syntactic sugar for func.prototype.IsPrototypeOf(instance) This explains why lizard instanceof Reptile returns trueReptile.prototype is a prototype of lizard.

So what the heck is going on with the constructor property then?  How is it possible that we can say lizard = new Reptile(); and at the same time lizard.constructor == Reptile is false???

Let’s go back to our simple first example.  I said above that since Car has no prototype assigned to it, we create a default prototype.  During the creation of the default prototype, the interpreter assigns Car to Car.prototype.constructor.  That might be a little confusing, so let’s look at some pseudocode.  This:

function Car(){}

logically does the same thing as

var Car = new Function();
Car.prototype = new Object();
Car.prototype.constructor = Car;

Now we say

var honda = new Car();
print(honda.constructor == Car );

and what happens? honda has no constructor property, so it looks on the prototype chain for any object with a constructor property. In this case Car.prototype is on the prototype chain and it has a constructor property equal to Car, so the comparison is true.  Remember, any property of an object’s prototype object is treated as a property of the object itself – that’s what “prototype” means.

Now let’s look at our second example:

var Animal = new Object();
function Reptile(){ }
Reptile.prototype = Animal;

Logically this does the same thing as

var Animal = new Object();
var Reptile = new Function();
Reptile.prototype = new Object();
Reptile.prototype.constructor = Reptile;
Reptile.prototype = Animal;

Whoops. The default prototype has been thrown away.  Now when we say

print(lizard.constructor == Reptile );

what happens? lizard does not have a constructor property, so we look at the prototype chain and find Animal.  But Animal also does not have a constructor property either! So we look on Animal‘s prototype chain. Animal was constructed via new Object() so therefore it has Object.prototype on its prototype chain, and Object.prototype has a constructor property.  As you might expect from our previous discussion of how the constructor property is initialized, Object.prototype.constructor is set to Object.

Therefore lizard.constructor is equal to Object, not Reptile, even though lizard is an instance of Reptile and was constructed by the Reptile function object!

You would think that the script engine would automatically assign the constructor property to the object when it was constructed, but it does not. It assigns the property to the prototype and relies on prototype inheritance. I was not a member of the ECMAScript committee when this decision was made, so I don’t know why we standardized this rather bizarre behaviour, but we’re stuck with it now!

Notes from 2020:
This article is one I referred back to so many times over the years I worked on JScript; the prototype mechanism can be very confusing.

There were a few interesting comments when I first wrote this. A couple highlights:

  • In some implementations of ECMAScript you can manipulate the proto chain directly with the __proto__ property. Make sure you understand what you’re doing before you change it!
  • Using “new String” to make a string can lead to an object that has different properties than just making the “primitive” string. This is by design — bad design, but design nevertheless. This was the subject of part three of this series.

What is the Matrix?

I’m going to make a rare departure from technical stuff for a moment.  I’ve seen Matrix Revolutions twice in the last twelve hours, once in IMAX.

A number of people have asked me for an opinion.  To sum up in a spoiler-free manner:

First off, IMAX was better, though not enormously so.  (Oddly enough, Reloaded was enormously better in IMAX.)  As an example of state-of-the-art action movie making, it kicked ass.  But what about the underlying theme?  Let’s summarize:

The Matrix was a movie about kung fu vs. evil robots that asked and answered the philosophical question “what is the nature of reality?”

The Matrix Reloaded was a movie about kung fu vs. evil robots that asked and answered the philosophical question “what is the nature of free will?”

Matrix Revolutions was a movie about kung fu vs. evil robots that asked and answered the philosophical question “if Neo got into a fight with Agent Smith, who would win?”

We return you now to your regularly scheduled programming.

Commentary from 2019:

As I’ve noted before, the VSTO team code names and whatnot were all taken from The Matrix, and it was a fun theme.

I am not “spoiler averse” but I saw the first movie in the series knowing absolutely nothing about it, and was thrilled to discover that it had kung fu, evil robots, and literal brain-in-a-vat philosophy undergrad thought experiments. Sure, lots of it was hokey and unbelievable, but it had such energy, and was genuinely surprising.

I should not have been surprised by a reversion to the mean in the sequels; the original was hard to top.


The JScript Type System, part one

I thought I might spend a few days talking about the JScript and JScript .NET type systems, starting with some introductory material.

Consider a JScript variable:

var myVar;

Now think about the possible values you could store in the variable. A variable may contain any number, any string or any object. It can also be true or false or null or even undefined. This is a rather large set of possible values. In fact, the set of all legal values is infinite. Countably infinite, and in practice limited by available memory, but in theory there is no upper limit.

A type is characterized by two things, a set and a rule. First, a type consists of a subset (possibly infinitely large) of the set of all possible values. Second, a type defines a rule for transforming values outside the set into values in the set. (This rule may specify that certain values are not convertible and hence produce “type mismatch” errors.)

For example, String is a type. The set of all possible strings is an (infinite) subset of the set of all possible values, and there are rules for determining how all non-string values are converted into strings.

JScript Classic is a dynamically typed language. This means that any value of any type may be assigned to any variable without restriction. It is often said — inaccurately — that “JScript has only one type”. This is true only in the sense that JScript has no restrictions on what data may be assigned to any variable, and in that sense every variable is “the same type” – namely, the “any possible value” type. However, the statement is misleading because it implies that JScript supports no types at all, when in fact it supports six built-in types.

JScript .NET, by contrast, is an optionally statically-typed language. A JScript .NET variable may be given a type annotation which restricts the values which may be stored in the variable. This annotation is optional; an unannotated variable acts like a JScript variable and may be assigned any value.

JScript has the property that a value can always describe its own type at runtime. This is not true in, say, C, where you can have a void* and no way of asking it “are you pointing to an integer or a string variable?” In JScript, you can always ask a value what its type is and it will tell you.

The concept of subtyping is not particularly important in JScript Classic though it will become quite useful when we discuss JScript .NET classes later. Essentially a type T1 is a subtype of another type T2 if T1’s set of values is a subset of T2’s set of values. A type consisting of the set of all integers might be a subtype of a type consisting of all the numbers, for instance. (This is not how the integers are traditionally construed; the C type system makes integers and floats disjoint types, where the integer 1 and the float 1.0 are different values that happen to compare as equal — but comparisons across types is a subject for a later blog entry.)

Anyway, JScript Classic has six built-in types, all of which are disjoint. They are as follows:

  • The Number type contains all floating-point numbers as well as positive Infinity, negative Infinity and a special Not-a-Number (“NaN”) values. It may seem odd that “Not-a-Number” is a Number but this does in fact make sense. NaN is the value returned when an operation logically must return a number but no actual number makes sense. For example, when trying to convert the string "banana" to a Number, NaN is the result. Because numbers in JScript are actually represented by a 64 bit floating point number there are a finite number of possible Number values. The number of numbers is very large (in fact there are 18437736874454810627 possible numbers, which is just shy of 2^64.) Numbers have approximately fifteen decimal digits of precision and can range from as tiny as 2.2 x 10-308 to as large as 1.7 x 10308.
  • The String type contains all Unicode strings of any length (including zero-length empty strings.) The string type is for all practical purposes infinite, as the length of a string is limited only by the ability of the operating system to allocate enough memory to hold it.
  • The Boolean type has two values: true and false
  • The Null type has one value: null
  • The Undefined type has one value: undefined. All uninitialized JScript variables are automatically set to undefined
  • The Object type has an infinite number of values. An object is essentially a collection of named properties where each property can be a value of any type. In JScript many things are objects: functions, dates, arrays and regular expressions are all objects.

Types are not themselves “first class” objects in JScript, though they are in JScript .NET. I’ll discuss that, along with the differences between prototype and class inheritance, in later entries.

Notes from 2020

It would be interesting to revisit this series in the context of the TypeScript type system, which is a great example of how rich and powerful a gradually typed language can be. The JScript.NET gradual type system was very simple compared to the TS system!

This series got a lot of good comments from readers. A few highlights from this first episode:

  • the typeof operator in JScript bizarrely does not follow the rules of the type system that I just laid out. It identifies null as an object, but does not identify functions as objects, for example. External functions, like DOM functions, may not be identified as functions. It can also return “unknown” in some rare cases.
  • Also confusing: typeof(3) is number, but typeof(new Number(3)) is object.
  • And also confusing, typeof(this) when called from the body of a user-defined function on the prototype of Number is object.
  • A number of inconsistencies and confusions regarding prototypes were also raised; I discuss these in a later episode.
  • In the earliest published version of this article I used the terms “strong” and “weak” with respect to the type system, and readers rightly took me to task for that. This was the beginning of a realization that I have since strongly expressed: “strong” and “weak” are so vague that they are meaningless. I haven’t checked lately, but one time when I read the Wikipedia article on strong typing, it listed eleven different contradictory meanings. I’ve since expressed the (strong!) opinion that “strongly typed” simply means “a type system that I admire”. Instead of characterizing type systems as “strong” or “weak”, instead say what properties they really have: what restrictions do they impose, when are they imposed, and in what ways can those restrictions be violated, and what are the consequences?
  • Readers similarly noted that “untyped” is vague; it is often used to mean “no restriction is placed on the possible values of variables” (as is the case in classic JavaScript) but is also used to mean “no type system is imposed at all on any values” (as is the case in, say, untyped lambda calculus, where all values are function from function to function; there are no integers or strings at all.)