[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

safety

This page is part of the web mail archives of SRFI 1 from before July 7th, 2015. The new archives for SRFI 1 contain all messages, not just those from before July 7th, 2015.



Olin: as I have pointed out in a private email before, I am concerned about
the lack of `safety' in the specification and reference implementation of
the list library.

Scheme should distinguish itself from languages like C through a proper and
complete (though informal) specification, which permits implementors to
produce `safe' implementations. In particular, Scheme's SRFI library
functions should have the same status as Scheme's built-in functions with
quasi-library status. For comparison, I have lifted the specification of
two such functions from the R5RS:

  [[library procedure]] (list-tail list k)

  Returns the sublist of list obtained by omitting the first k elements. It
  is an error if list has fewer than k elements. List-tail could be defined
  by

    (define list-tail
      (lambda (x k)
	(if (zero? k)
	    x
	    (list-tail (cdr x) (- k 1)))))

  [[library procedure]] (list-ref list k)

  Returns the kth element of list. (This is the same as the car of
  (list-tail list k).) It is an error if list has fewer than k elements.


The reference implementation of list-tail is consistent with the
specification because the Authors chose to assign the meaning "an
implementation may ignore the issue ..." to the phrase 
"it is an error if ...".

Analogously, the specification for a procedure like TAKE should contain a
sentence like 

 "It is an error if <i> is larger than the length of <list>." 

Please note that TAKE is not the only procedure specification that suffers
from this flaw. 

Furthermore, I believe that libraries should go even further and specify 
that 

  "it is an error if a procedure whose i-th parameter is specified to be a
   <list> receives an i-th argument that does not belong to the collection of
   <lists>."

Again, this gives the implementation the freedom to delay signaling an
error until the non-listness of the argument is discovered or not to signal
an error or to be preemptive in checking the nature of all arguments. Of
course, the statement should be generalized over <list> and <lists> as
appropriate. 

I understand that, unless I have overlooked something, R5RS does not 
include an analogous clause, but I consider this an oversight on the 
side of the Authors, not a virtue. 

-- Matthias