(define/contract [unsafe-factorial n]
(-> (and/c integer? (>=/c 0)) (and/c integer? (>=/c 0)))
(if (zero? n)
(* n (factorial (- n 10)))))
(define (factorial n) (unsafe-factorial n)) ;; cross the boundary and go right
(unsafe-factorial 5) ; Does not terminate
I suspect you can implement this with a macro now.
> On May 5, 2017, at 5:48 PM, Daniel Prager <daniel.a.pra...@gmail.com> wrote:
> Hi Matthias
> Thanks for the pointer to Robby's 2014 keynote.
> Here's the link for those interested — it's really good:
> * * *
> In regard to Racket's use of boundaries, am I right in thinking that it's
> difficult to pull the boundaries in really *tight*?
> For instance, the following example does not terminate and cannot help with
> the necessary debugging because the contract is only checked on the call
> through the module boundary, with recursive calls incorrectly and implicitly
> #lang racket
> (module server racket
> (provide (contract-out
> [unsafe-factorial (-> (and/c integer? (>=/c 0))
> (and/c integer? (>=/c 0)))]))
> (define (unsafe-factorial n)
> (if (zero? n) ; Naïvely relying on the
> contract to rule out -ve n's
> (* n (unsafe-factorial (- n 10)))))) ; Bug
> (require 'server)
> (unsafe-factorial 5) ; Does not terminate
> My best idea at the moment is to add some extra checking, e.g. (just
> duplicating the pre-conditions) ...
> (define (safe-factorial n)
> (unless (integer? n)
> (raise-argument-error 'safe-factorial "n must be an integer" n))
> (unless (>= n 0)
> (raise-argument-error 'safe-factorial "n must be >= 0" n))
> (if (zero? n)
> (* n (safe-factorial (- n 10))))))
> ... but this is verbose, no good for higher-oder conditions, and redundant:
> once it has been debugged the contract at the module-boundary suffices.
> What do others do / suggest?
You received this message because you are subscribed to the Google Groups
"Racket Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
For more options, visit https://groups.google.com/d/optout.