Hi Matthias

Thanks for the pointer to Robby's 2014 keynote.

Here's the link for those interested — it's really good:

* * *

In regard to Racket's use of boundaries,  am I right in thinking that it's
difficult to pull the boundaries in really *tight*?

For instance, the following example does not terminate and cannot help with
the necessary debugging because the contract is only checked on the call
through the module boundary, with recursive calls incorrectly and
implicitly trusted:

#lang racket

(module server racket
  (provide (contract-out
            [unsafe-factorial (-> (and/c integer? (>=/c 0))
                                  (and/c integer? (>=/c 0)))]))

  (define (unsafe-factorial n)
    (if (zero? n)                             ; Naïvely relying on the
contract to rule out -ve n's
        (* n (unsafe-factorial (- n 10))))))  ; Bug

(require 'server)

(unsafe-factorial 5) ; Does not terminate

My best idea at the moment is to add some extra checking, e.g. (just
duplicating the pre-conditions) ...

  (define (safe-factorial n)
    (unless (integer? n)
      (raise-argument-error 'safe-factorial "n must be an integer" n))
    (unless (>= n 0)
      (raise-argument-error 'safe-factorial "n must be >= 0" n))
    (if (zero? n)
        (* n (safe-factorial (- n 10))))))

... but this is verbose, no good for higher-oder conditions, and redundant:
once it has been debugged the contract at the module-boundary suffices.

What do others do / suggest?


You received this message because you are subscribed to the Google Groups 
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to racket-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to