[R6RS] draft statement on safety

William D Clinger will at ccs.neu.edu
Wed Aug 9 15:00:51 EDT 2006 

Mike wrote:
> >> I'm still wondering what this statement says about the possible
> >> behaviors of ((lambda (x) x) (values 1 2)).  Since it won't be covered
> >> by the semantics, it seems we're saying it must raise an exception.
> >
> > I don't see why you would draw that conclusion.
> 
> That's because I don't know what wording we should put where to say
> that this sentence:
> 
> > its execution cannot go so badly wrong as to behave in ways that are
> > inconsistent with the semantics described in this document, unless
> > said execution first encounters some implementation restriction or
> > other defect in the implementation of Scheme that is executing the
> > script.
> 
> doesn't apply.

You don't want to say that sentence doesn't apply.
You want that sentence to apply, and to constrain
otherwise unspecified behavior in safe mode.

> It seems the safety statement itself isn't enough.

That may be, but if so then the solution will be to
strengthen the safety statement, not to say that it
doesn't apply.

> Putting something in the operational semantics is good, but some
> natural-language statement somewhere is also needed,

Agreed.  I was just guessing that you were concerned
about the operational semantics.  Apparently I guessed
wrong.

> and I don't know
> how to put it in a way that allows yours and Kent's semantics but
> doesn't allow, for instance, crashes.  I was hoping you or somebody
> else could suggest something to help me out.

I suggest you consider what you mean by the word "crash".
If you believe that the meaning of the word "crash" is
sufficiently well-understood so it can be used without
defining it, then you could revise the safety statement
to say

    If a Scheme script is said to be safe, then its execution
    cannot go so badly wrong as to crash or to behave in ways
    that are inconsistent with the semantics described in this
    document, unless said execution first encounters some
    implementation restriction or other defect in the
    implementation of Scheme that is executing the script.

Will

More information about the R6RS mailing list