Microsoft debuts Bosque – a new programming language with no loops, inspired by TypeScript

Here's that regularized programming you wanted. Bish, bash, er, Bosque

197 Got Tips?

Interview Microsoft Research has introduced a new open source programming language called Bosque that aspires to be simple and easy to understand by embracing algebraic operations and shunning techniques that create complexity.

Bosque was inspired by the syntax and types of TypeScript and the semantics of ML and Node/JavaScript. It's the brainchild of Microsoft computer scientist Mark Marron, who describes the language as an effort to move beyond the structured programming model that became popular in the 1970s.

The structured programming paradigm, in which flow control is managed with loops, conditionals, and subroutines, became popular after a 1968 paper titled "Go To Statement Considered Harmful" by computer scientist Edsger Dijkstra.

Marron believes we can do better by getting rid of sources of complexity like loops, mutable state, and reference equality. The result is Bosque, which represents a programming paradigm that Marron, in a paper he wrote, calls "regularized programming."

"This model builds on the successes of structured programming and abstract data types by simplifying existing programming models into a regularized form that eliminates major sources of errors, simplifies code understanding and modification, and converts many automated reasoning tasks over code into trivial propositions," Marron explains in his technical paper.

Under the hood

What's Bosque look like? Here's an example that's the equivalent of an imperative for loop in JavaScript, where // denotes a single line comment.

//Functor (Bosque) 

var a = List[Int]@{...}; 
//Pre: true 

var b =[Int](fn(x) => x*2); 
//Post: List[Int]::eq(fn(x, y) => y == x*2, a, b)

The GitHub repo for the language contains many more examples.

In an email interview with The Register, Marron said reference equality – when two variables point to the same object in memory – represents an example of the kind of complexity that can cause problems.

"It seems very simple but once you have [reference equality] in the semantics you must constantly think about it along with the pointer aliasing relation it introduces," he said. "One of my favorite papers on aliasing is from 2001 titled 'Pointer Analysis: Haven’t We Solved This Problem Yet?' and here we are in 2019 with the pointer aliasing problem is definitely still not solved."

As an example, Marron describes a method that previously always returned a new object, one that you'd like to optimize so it returns a new object, as a singleton pattern or from a cache.

"In a language where objects have identity, this could change the behavior of the program," he said. "However, in Bosque which does not allow object identity, this sort of change is always safe."

Another example, he says would be various forms of indeterminate behavior. "In JavaScript, the sort function is not required to be stable, so V8 used an unstable sort," he said.

"In theory this seems like a trivial thing, but in practice it meant that every time a developer sorted a list they had to remember that it was unstable and take into account the possible reordering of values with the same sort value. Chromium bug 90 was opened in 2008 with a sort stability problem and, before it was finally closed last year to much fanfare, this bug had over 1700 comments."

The big three

Marron's technical paper explores potential sources of programming language complexity that Bosque tries to deal with. But he says eliminating mutable state, loops, and reference equality represent the big three.

"In the academic literature the associated problems of strong-updates, loop-invariants, and alias analysis have been all been worked on extensively for 30+ years and still remain large open problems," he said. "By eliminating these features, and the need to solve the associated problems, many things like symbolic-execution reduce down to conceptually simple tasks (as first described by Floyd, Hoare, and Dijkstra)."

Marron says the initial goal for Bosque is to build automated zero-effort code validation, automated SemVer checking, and compilation to use SIMD hardware, such as AVX or SSE. "At this point we have only done this by hand on small examples but, fundamentally, there don't appear to be any insurmountable obstacles to practical implementations," he said.

Rust never sleeps: C++-alike language tops Stack Overflow survey for fourth year in a row


At the moment, Marron sees Bosque as a way to explore language design choices and to help create automated developer tools like verifiers and compilers through collaboration with academic and online developer communities.

"The hope is to use Bosque as a proof of concept for various ideas in this space," he said. "In the future we may work to move these ideas into production in some form."

Presently, Bosque relies on an interpreter written in TypeScript, run on Node.js, as a reference implementation. Looking ahead, Marron intends to implement ahead-of-time compilation for WASM and native code. In the coming months, he said, he's going to focus on filling out the various TODO items, bug fixes, and developing features that will support writing larger programs in the language.

He said he has two interns this year, from the University of New Mexico and the University of Colorado Boulder, who will be focused on more advanced developer tooling experiences, like verifying applications are free of runtime errors without additional programmer effort and automatically setting bounds for memory usage over time.

If Bosque finds a place in the development ecosystem outside of academic experimentation, Marron believes it may be in the cloud or IoT space since Bosque code can be compiled into a small footprint, can start quickly, and can be verified for correctness through symbolic analysis. ®

Sign up to our NewsletterGet IT in your inbox daily


Keep Reading

Canary-build Microsoft browser blocks Microsoft extension from inflicting Microsoft search engine

Virtue is its own reward

Microsoft 365 Business to gain more Azure Active Directory toys... oh, and it's called Microsoft 365 Business Premium (from 21 April)

Because this Office branding shake-up isn't confusing at all

Wow, Microsoft's Windows 10 always runs Edge on startup? What could cause that? So strange, tut-tuts Microsoft

Punters asked to hand over their logs if browser keeps coming to life against their wishes

Microsoft: 14 January patch was the last for Windows 7. Also Microsoft: Actually...

Wallpaper-stripping bug will be fixed

Russia-linked Gamaredon hacker crew using Microsoft's Visual Basic for Applications to pwn Microsoft's Outlook

From targeting Ukraine to random mailboxes: how the mighty have fallen

Here's a headline we never thought we'd write 20 years ago: Microsoft readies antivirus for Linux, Android

Redmond knows a thing or two about tackling malware – amirite, Windows fans?!

Non-human Microsoft Office users get their own special licences

Automated operators can pay up like anyone – or anything – else

Microsoft sues coronavirus phishing spammers to seize their domains amid web app attacks against Office 354.5

A very busy six months for Redmond's Digital Crimes Unit

Microsoft to pull support for PHP: Version 8? Exterminate, more like...

No support 'in any capacity' for PHP for Windows for v8 and beyond, but Windows users not to worry, says release manager

Microsoft disbands three-ring Windows Insider circus and replaces it with 'channels'

Redmond decides volunteer crash-test dummies care about quality, not speed

Tech Resources

Building an Incident Response Plan

A well-crafted IR plan will help your organization perform at its best by preparing for the worst.

Latency is the New Outage

More organizations are tying their future success to digital and online business.

Phishing Campaign Targets Multiple U.S., International Government Procurement Services

Anomali researchers have identified a credential harvesting campaign.

2020 Gartner Market Guide for Network Detection & Response

Read the guide to understand which gap we believe NDR fills in the crowded cyber security market, as well as which vendors can support key security objectives including hybrid and multicloud visibility, faster incident response, and stronger security hygiene.