[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

safe code [was Aaron Larson's comments]

To: 05-Oct-1989 0247 <chapman@aitg.enet.dec.com>, RPG@Lucid.com
Subject: safe code [was Aaron Larson's comments]
From: David A. Moon <Moon@STONY-BROOK.SCRC.Symbolics.COM>
Date: Mon, 30 Oct 89 23:59 EST
Cc: quinquevirate@sail.stanford.edu, KMP@STONY-BROOK.SCRC.Symbolics.COM, sandra%defun@cs.utah.edu
In-reply-to: <8910050648.AA05484@decwrl.dec.com>

    Date: Wed, 4 Oct 89 23:48:05 -0700
    From: chapman@aitg.enet.dec.com (05-Oct-1989 0247)

    pg 1-9 in the description of safe code:

      The statement: Thus the phrase "the function F should signal an error"
      ... an error will be signalled.  Appears wrong to me (it is consistent
      with the cleanup proposals however) E.g.

      (let ((safe #'(lambda (f a b)     (declare (optimize (safety 3)))
					(funcall f a b)))
	    (not-safe #'(lambda (f a b) (declare (optimize (safety 1)))
					(funcall f a b))))
	 (declare (optimize (safety XXX)))
	 (funcall #'safe #'+ 1 nil)
	 (funcall #'not-safe #'+ 1 nil))

      If the "safeness" of this program is not dependent on the value of XXX,
      then I don't think we've captured the essense of "lexical property of
      code" correctly in the definition of "safe code".  Perhaps the statement 
      needs to take into account the coercion from symbol to function.  If you
      like, I will make a general posting about this issue.

I think he has a valid point here, although the example is sufficiently
difficult to follow that I found the point hard to see at first.

Page 1-9 says: "the phrase ``the function F should signal an error''
means that if F is invoked from code processed with the highest safety
optimization...".  The problem is what exactly does "invoked" mean?
 From what I remember of our discussion of this, the idea was that the
defined name F (or + in this case) could refer to different actual
functions, depending on safety level.  Thus when the efunctuation is
separated from the application, it's the safety level of the
efunctuation that matters, not the safety level of the APPLY/FUNCALL.

Here's a simpler example.  Assuming = should signal an error if its
arguments are not all of type NUMBER, then (FIND 3 LIST :TEST #'=),
where (FIRST LIST) is not a number, signals an error depending on
the safety level of this call to FIND, not on the safety level of
FIND itself.  It's actually the safety level of the #'= expression
that matters.  In (FIND 3 LIST :TEST '=) the safety of the = test
is unpredictable I think.

I suggest this replacement wording:  "the phrase ``the function F should
signal an error'' means that if (F ...) or (FUNCTION F) is processed
with the highest safety optimization..."  Also the word "situation" is
missing from this paragraph in a couple of places; as written it implies
that F will always signal an error, where what it means to say is that F
will signal an error if the indicated erroneous situation occurs.

References:
- Aaron Larson's comments
  - From: chapman@aitg.enet.dec.com (05-Oct-1989 0247)

Prev by Date: re: more cleanups
Next by Date: Aaron Larson's comments
Previous by thread: Aaron Larson's comments
Next by thread: Aaron Larson's comments
Index(es):
- Date
- Thread