[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Issue: SAFE-CODE (Version 1)

Issue:        SAFE-CODE
Forum:	      Compiler
References:   OPTIMIZE declaration (p160),
Edit history: 07-Mar-89, Version 1 by Pitman
Status:	      For Internal Discussion

Problem Description:

  The new error terminology refers to ``safe code'' in the definition
  of the term and CLtL refers to 
  individual meanings of OPTIMIZE qualities, but there is no standardized
  way of relating the two concepts.

Proposal (SAFE-CODE:SAFETY-3):

  Define that, formally, the term ``safe code'' is code refers to any
  code in which the OPTIMIZE quality for SAFETY has a value of 3.

  Implementors might wish to consider treating other situations as safe
  as well, but in making that decision both the relative values of other
  OPTIMIZE qualities and the idiosyncratic properties of the particular
  implementation should also be taken into account.


  1. The body of the following is safe...

     a. (LOCALLY (DECLARE (OPTIMIZE (SAFETY 3))) . body)
     b. (LOCALLY (DECLARE (OPTIMIZE SAFETY    )) . body)

  2. The body in each of the following is unsafe. They might
     or might not be treated as safe, possibly depending
     on the values of other qualities and specifics of the

     a. (LOCALLY (DECLARE (OPTIMIZE (SAFETY 0))) . body)
     b. (LOCALLY (DECLARE (OPTIMIZE (SAFETY 1))) . body)
     c. (LOCALLY (DECLARE (OPTIMIZE (SAFETY 2))) . body)


  Programmers will probably intuitively expect that the term 
  ``highest safety'' refers to giving the SAFETY quality its
  highest safety.

Current Practice:

  Implementors ...

    Symbolics Genera does error checking always, and ignores OPTIMIZE
    Symbolics Cloe heeds OPTIMIZE declarations, but effectively makes
    `judgment calls' in every case because there is no clear guidance
    on how to interpret them.

  Programmers ...

    Many programmers write (DECLARE (SPEED 0) (SAFETY 3)) even when all
    they really want to control is SAFETY because they are afraid that
    unless they explicitly sacrifice speed, the compiler will ignore
    their plea for error checking.

Cost to Implementors:

  Some implementations might require a lot of nitpicky little changes.

Cost to Users:

  Technically none.  No portable code can really rely on much of any
  reliable effect out of any of the OPTIMIZE qualities. However, some
  users may rely on implementation-specific features of implementations,
  and if those implementations are forced to change, non-portable user
  code might break in some ways.

Cost of Non-Adoption:

  The meaning of ``safe code'' will not be clearly defined.


  Programmers will be able to say what they mean. They can stop
  superstitiously putting (SPEED 0) next to (SAFETY 3) just to
  assure they get safe code.


  Improved. This will make the English align well with the code.


  It is very important that we reach consensus in some form on this issue.

  Pitman supports SAFE-CODE:SAFETY-3.