[R6RS] Safe/unsafe mode

dyb at cs.indiana.edu dyb at cs.indiana.edu
Fri Jul 14 00:43:28 EDT 2006

> > > > Since the only purpose for using unsafe code is to increase efficiency, I
> > > > imagine I wouldn't be the only one upset to learn that unsafe declarations
> > > > effectively disable some optimizations.
> > >
> > > Well, that's going to be the case with any proposal
> > > that has been advanced so far, and with any I can
> > > conceive.
> > 
> > I don't believe this is true.  Can you describe an optimization that can
> > be done on code that is entirely safe that cannot be done on code
> > containing unsafe declarations in my model?
> Yes, I believe so.  The "optimization" to which you
> were referring in the text quoted above was the
> transformation from
>    (let ((f (lambda (x) (- x))))
>      (declare unsafe)
>      (f '(a)))
> into
>    (let ()
>      (declare unsafe)
>      (- '(a)))
> That particular transformation is not legal under my
> preferred semantics, and you seem to regard that fact
> as an argument against my semantics.

Somewhere we got derailed.  The "optimizations" to which I was referring
are eta reduction and inlinining, which appear to be inhibited in some
cases (where they would otherwise be legal) by the presence of unsafe
declarations with your preferred semantics---for good reason, of course,
if the end result is not valid under your preferred semantics.

If this limitation is inherent in your semantics, then I do see it as a
downside of your semantics.  It seems likely, however, that some
adjustment in the eta reduction and inlining mechanisms that allows them
to produce correct code without being inhibited by unsafe declarations,
such as I describe below for my preferred semantics, can be devised.

> Are you claiming
> that this particular transformation would be legal
> under your preferred semantics?

No.  The transformation is also illegal under my preferred semantics, but
again, that's not the issue.  The issue is whether an unsafe declaration
inhibits any optimizations that are otherwise valid.  To determine this,
we have to compare what can be done with the unsafe declaration to what
can be done without the unsafe declaration.  In the example, the version
with the declaration and a version without the declaration can both
properly be reduced to the minimal (- '(a)) by the same series of
transformations, so clearly no optimization is inhibited.  Furthermore, the

  (let ((f (lambda (x) (car x))))
    (declare unsafe)
    (- (f (- '(a)))))

can be reduced properly to (- (car (- '(a)))) where both calls to - are
unsafe but the call to car is safe.  It suffices to mark the identifier
references safe or unsafe and preserve these marks through the series of
transformations.  For example, after marking the relevant identifier
references, the latter example becomes

  (let ((f (lambda (x) (#Scar x))))
    (#U- (f (#U- '(a)))))

where #S is the mark for safe and #U is the mark for unsafe.  This can
be transformed via inlining to:

  (#U- ((lambda (x) (#Scar x)) (#U- '(a))))

which can be transformed via eta reduction to:

  (#U- (#Scar (#U- '(a))))


More information about the R6RS mailing list