[R6RS] draft statement on safety
William D Clinger
will at ccs.neu.edu
Fri Aug 11 12:01:44 EDT 2006
Mike wrote:
> I don't disagree with your language. I just don't understand what
> leeway we're giving an implementation *in safe mode* that chooses to
> *not* raise an exception for ((lambda (x) x) (values 1 2)). (I'm not
> trying to fight you or your wording. I really don't understand.) For
> instance, is
>
> ((lambda (x) x) (values 1 2)) =3D> 7
>
> OK?
Yes.
> If so, how is that covered by your wording?
Apart from its operational semantics, whose interpretation
should be explained separately, the R6RS amounts to an
axiomatic specification. Any behavior that is consistent
with the axioms, i.e. with the explicit statements of the
R6RS, is an allowed behavior.
If the R6RS does not specify the semantics of
((lambda (x) x) (values 1 2)), and does not rule out 7
as a result of that expression, then 7 will be a legal
result of that expression. A &values exception would
also be a legal outcome of that expression, and that
outcome is likely enough that it is worthwhile for the
R6RS to say so explicitly using the "may/might/should
raise an exception" language.
My wording does *not* cover the possibility that
((lambda (x) x) (values 1 2)) may evaluate to 7.
The very fact that my wording does *not* cover
that possibility, even to rule it out, is what
allows it.
On the other hand, the general statement about safety
should be sufficient to say that, in code that is said
to be safe, ((lambda (x) x) (values 1 2)) does not
crash.
Will
More information about the R6RS
mailing list