[R6RS] library syntax

William D Clinger will at ccs.neu.edu
Mon Jul 10 14:13:28 EDT 2006

> Mike wrote:
> > That would give us a semantics that is usable for settling
> > perhaps 80% of the safe/unsafe questions, which would be
> > an improvement over the approximately 20% solution of your
> > original semantics.
> It's probably possible to figure out which 20% you're referring to by
> going back in the e-mail history and boiling down the list in your
> notes to Kent's proposal---but could you give one or two examples?

Kent's original proposal described a semantics for references
to standard procedures, which I guessed would account for
about 20% of non-local variable references, but not for
references to procedures that aren't described by R6RS,
which I guessed would account for about 80%.

Both guesses are absurdly wild, and would vary greatly
from program to program in any case.  The point is that
Kent's proposals are incomplete.  For example, he still
hasn't answered my question about references to variables
whose values are strings.

> One thing that bothers me about the discussion so far, and that keeps
> getting buried, is that the concept of unsafety seems to be getting
> hardwired into the compiler, and through the somewhat arbitrary scope
> of R6RS has arbitrary scope as well. ("Scope" referring to the
> colloquial meaning here, not anything lexical.)  Or I'm
> misunderstanding---help me out if that's the case.

In my opinion, the concept of unsafety has much to do
with the compiler.  That is one of the main reasons we
cannot hope to come up with a portable semantics that
nails everything down, and would be foolish to try.

> In both Will's and Kent's proposals, the safe/unsafe mode seems to
> apply to a caller:  If I run the following code in unsafe mode:
> (+ 'foo 'bar)
> ... then all bets are off.  Thus, the Scheme system essentially
> provides two versions of +, but the choice gets made by running the
> *caller* in safe or unsafe mode, rather than making it clear that two
> versions of + exist.  How does a programmer declare safe/unsafe
> distinctions for the stuff exported from her own code?

That's a question for Kent, not me.  My attitude is
that there is no principled, implementation-independent
way to isolate unsafe code from the rest of a program.
Implementation-dependent, ad hoc isolation is possible,
but is not the kind of thing we should attempt to specify
in the R6RS.

> In C, the local equivalent of safety may be declared via various
> compiler flags.

Those flags are different in different C compilers.

> In effect, however, I can generate safe and unsafe
> versions of a certain module, and then pick by linking against one or
> the other.  (And code can express distinctions via the preprocessor.)
> This has many practical downsides, but has the appeal of being fairly
> easy to undertand in principle, and reasonably easy to handle in
> practice.  Is there a strong reason why the same concept won't work
> for us---without the caveats if possible?

Yes, this will work for us.  It is the approach I am
advocating.  It may be foolish of me to point out that
this approach is inherently implementation-dependent,
but it is.


More information about the R6RS mailing list