und aus dem Chaos kam eine Stimme, und die Stimme sprach zu mir
"Lächle und sei fröhlich, denn es könnte schlimmer kommen."
und ich lächelte und war fröhlich
und es kam schlimmer.

External Content not shown. Further Information.

A common pattern in discussions on programming languages is that somebody asks why there is no language that has $feature. And then I answer that there is one. And people who know me already know the most probable answer: Common Lisp.

One notable example comes from Fefe's Blog (German), who ignored my answer (maybe he did not read it or find it interesting).

So his question was whether it was possible to extend some programming language such that the argument that a string argument which is passed is actually constant, and not generated at runtime, such that people cannot generate SQL strings on the fly but must use an abstraction library. His example of the desired behaviour:

int SQL_statement(constexpr string& s);

SQL_statement("select * from table"); // ok
SQL_statement("select * from table where name='" + userinput + "'"); // compiler error

So here is the Common Lisp code I proposed:

(defun sql-statement-unsafe (str)
  "Unsafe function. In a production environment, this would not be
  exported from the namespace. In our case, it just outputs the string."
  (format t "~A" str))

(defmacro sql-statement (str)
    (assert (constantp str))
    `(sql-statement-unsafe ,str))

(sql-statement (format nil "~d" (random))) ; compile-time error
(sql-statement "hallo") ; no error

Well, furthermore, gcc has an extension __builtin_constant_p. And I guess the same can be done with C++11 static assertions meanwhile, but not sure, how.