[R6RS] Safe/unsafe mode

dyb at cs.indiana.edu dyb at cs.indiana.edu
Wed Jul 12 11:39:22 EDT 2006


> > Is the call (car x) unsafe code?
>
> In my view, yes.

That's what I thought from our earlier discussions, but I was confused by
your use of "within a library" and "within a body", since I would usualy
interpret these phrases relative to source code.

> I would say that all bets are off.  That may surprise
> you, ..

No, that's what I thought you'd say.

> but consider how the MLton compiler represents
> higher order procedures, and consider how that might
> interact with even your preferred semantics.

I assume that this refers to defunctionalization, specifically to the
replacement of code pointer indirects with case dispatches.  I can't see
how this could possibly be a problem with either semantics.  Please
elaborate.

> In practice, with all Scheme compilers I know of, the
> - procedure would probably raise an exception.

With the semantics you suggest, Chez Scheme would not necessarily raise an
exception, since the reference to - might be inlined into the map code. 
Actually, - is a bad example, since that will ultimately get into a
generic handler.  With + instead of -, the check would not be done, since
(#u+ (car x)), where #u+ is the unsafe version of +, would be converted to
(car x).  On the other hand, with the semantics I advocate---which Chez
Scheme has implemented since 1992---the reference to + would be inlined as
(#s+ (car x)), where #s+ is the safe version of +, and the check would be
made.

> This gets back to Mike's question about importing - from
> a safe version of the library in which it is defined.
> That would give the behavior you and Mike expect in
> practice, but it is implementation-dependent in theory,
> and the MLton compiler shows why.

First, I'm not conforted by hand waving about behaving the way I expect in
practice.  One can't write robust portable code without guarantees. 
Second, the MLton model seems to be capable of handling calls to safe
code.  In fact, in the case dispatch, some of the calls might be safe and
the others unsafe.  Am I missing some limitation in the MLton model?

Kent



More information about the R6RS mailing list