[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Proposal #1



I am in agreement that "is an error" and "signals an error" don't
express enough variety and that more classes are needed in order to help
us toward the goals mentioned on pages 1-3, with the addition of
Robustness.  [I don't really want to start a side discussion, but I
think one of the goals >should be< that the language is Robust, meaning
that it encourages the user to write correct code, both because of the
definition and by run time checking.  This isn't really mentioned on
pages 1-3, even under the goals of Expressiveness or Power.]

The following is a little off-the-wall, and can be ignored if nobody
else sees any worth in it.  There are some more substantive questions in
the last paragraph that shouldn't be lightly ignored.  I'm wondering if
the three levels is enough.  Given that there are four values of SAFETY,
one could imagine five classes.  Assign the five classes a "severity"
number ranging from 0 to 4 (inclusive).  A class arranges for the error
to be signalled if its number is <= the setting of the safety switch.
Therefore, Severity 0 errors ("Signals an error") always signals an
error because 0 <= all safety settings.  Severity 4 ("is an error")
doesn't necessarily generate code, because all 4 is not <= any settings
of safety.  The third class you are proposing (that fits between), would
be Severity 2, since 2 <= 2,3.  [I don't really like the word "severity"
because intuition says that higher severity implies a higher number.]
This gives us a set of finer knobs, but on the other hand makes it
harder for the language designers to assign a severity to each of the
many possible cases.

The not-so-light issue which I don't remember the answer to: Does safety
affect the caller or the callee, or both, and what burden does this put
on the implementor.  For example, if I write:

	(defun safe-slow-2d-aref (array sub1 sub2)
	  (declare (optimize (speed 0) (space 3) (safety 3))
		   (notinline aref)) 
	  (aref array sub1 sub2))

	(defun unsafe-fast-2d-aref (array sub1 sub2)
	  (declare (optimize (speed 3) (space 3) (safety 0))
		   (notinline aref)) 
	  (aref array sub1 sub2))

What does this imply about the AREF function?  Is the implementor bound
to implement a variety of functions that may be called by programs
compiled with different switch settings, or is there one AREF function
that always checks the number of arguments, always does bounds checking,
etc?  [I think this is more an issue for the builtin "subprimitives"
than the more complex (e.g., FIND, REMOVE-IF-NOT, etc) functions, but
the latter may need to be addressed too.]