> >> 8 minutes ago, Carl Eastlund wrote: > >> > On Wed, Jun 29, 2011 at 9:19 PM, Matthew Flatt <mfl...@cs.utah.edu> > >> > wrote: > >> > > Things you need to know: > >> > > > >> > > * When writing a macro (without `syntax-rules', `define-syntax-rule', > >> > > or `syntax-id-rules'), apply `syntax-protect' to the macro's result > >> > > syntax object to protect it from abuse. The `syntax-rules', etc., > >> > > forms use `syntax-protect' automatically. > >> > > >> > Does this mean we should be updating all our old macros now, and > >> > adding syntax-protect as boilerplate to (nearly) all of our new > >> > macros? How often is a manual syntax-protect necessary?
I think you want to use `syntax-protect' on any exported macro. It only actually matters if some untrusted code is going to use a trusted instance of your library. Macros exported by `racket' are surely in that category, but maybe it doesn't matter for most libraries. > >> > It's great > >> > to have a system we can reason about, but the nice thing about > >> > certificates was that they were invisible most of the time. It > >> > looks like you're suggesting that at least the use of syntax-protect > >> > is going to become ubiquitous in this new system. Having to decorate trustworthy libraries with `syntax-protect' is definitely a drawback. > On Wed, Jun 29, 2011 at 10:10 PM, Eli Barzilay <e...@barzilay.org> wrote: > > An attempt to clarify what's unclear to me: if I'm supposed to almost > > always "arm" the result of a transformer, then why not have the > > expander do that for me, and add some new thing so in the exceptional > > cases I could do > > > > (define-syntax (foo stx) > > (dont-arm ...blah...)) > > > > ? Sorry --- that point was buried too deeply in my message (first sub-bullet for the last bullet in the third set of bullets). The problem with having the macro transformer add `syntax-protect' for (define-syntax bar (lambda (stx) ...)) is that some other transformer can say ((syntax-local-value #'bar) stx) to get the transformer's result without `syntax-protect' --- which was a gaping hole that Ryan noticed in the certificate system. We considered ways of automating `syntax-protect' for all macros, but the ways we found seemed to create more problems than they solved. _________________________________________________ For list-related administrative tasks: http://lists.racket-lang.org/listinfo/dev