[R6RS] safe and unsafe; declarations

William D Clinger will at ccs.neu.edu
Sat Mar 4 11:52:56 EST 2006


Mike wrote:
> As we'll be sorting out the various exceptional situations in the
> report anyway, wouldn't it be preferable to use language saying: "In
> safe mode, this will raise an XXX exception; in unsafe mode, the
> behavior is unspecified." ?

Maybe.  We'd have to use that kind of language everywhere
the R6RS allows or requires an exception to be raised.

I was trying to find a way to avoid cluttering the report
with so many references to unsafe mode.  If the description
of almost every procedure mentions unsafe mode, it will
be perceived as one of the most prominent misfeatures of
the language.

Kent wrote:
> This proposal differs from Will's proposal, as I understand it, in the
> following ways:

The primary difference, as I understand it, is that Kent
proposes to require implementations that pay attention to
an unsafe declaration to pay attention to any nested safe
declarations.  Aside from that, I think Kent's proposal
is pretty close to what I had in mind.

> If we agree to this proposal, then I also intend to suggest that an
> identifier-priority procedure be included in the standard syntax-case
> system.  This procedure can be used to extract a priority associated with
> an identifier, e.g.:
>
>   (define-syntax frobitate
>     (lambda (x)
>       (syntax-case x ()
>         [(k (x ...) e)
>          (if (= (identifier-priority 'safe #'k) 0)
>              #'<unsafe code>
>              #'<safe code>)])))
>
> This will allow user-defined syntactic forms to be sensitive to declared
> priorities.  In conjunction with identifier macros, it will also allow a
> similar effect for user-defined procedures.

That is a feeping creature.  It will *not* allow user-defined
syntactic forms to be sensitive to declared priorities unless
we also require implementations to notice declarations, which
I would oppose.  Furthermore it would introduce a way for
programmers to make their code arbitrarily sensitive to all
priorities, not just the safe priority.  The programmer of
some random library module could use Kent's proposed feature
to make a (fast 3) declaration in some client module behave
like an unsafe declaration.

I don't mind if Kent wants to add that kind of dangerous hair
to Chez Scheme's implementation of syntax-case, but we shouldn't
require every implementation to do this on behalf of the few
programs and systems that will use or implement an unsafe mode.

Will



More information about the R6RS mailing list