[racket-dev] syntax taints instead of syntax certificates

From: Eli Barzilay (eli at barzilay.org)
Date: Wed Jun 29 22:07:42 EDT 2011

8 minutes ago, Carl Eastlund wrote:
> On Wed, Jun 29, 2011 at 9:19 PM, Matthew Flatt <mflatt at cs.utah.edu> wrote:
> > I've pushed a change to Racket's macro system that throws out the
> > syntax-certificate system and adds a syntax-taint system.
> >
> >
> > Syntax taints, like syntax certificates before, are intended to
> > protect macro expansions from abuse. "Abuse" means using
> > `local-expand' to extract a piece of an expansion, then putting the
> > piece in a new context or using `datum->syntax' to access unexported
> > module bindings using the piece's lexical context. Meanwhile,
> > program-processing tools like `errortrace' or languages like
> > `typed/racket' are supposed to pull apart expansions and reorganize
> > them; code inspectors remain the way to distinguish trusted tools and
> > languages from potential abusers.
> >
> > Things you need to know:
> >
> >  * When writing a macro (without `syntax-rules', `define-syntax-rule',
> >   or `syntax-id-rules'), apply `syntax-protect' to the macro's result
> >   syntax object to protect it from abuse. The `syntax-rules', etc.,
> >   forms use `syntax-protect' automatically.
> Does this mean we should be updating all our old macros now, and
> adding syntax-protect as boilerplate to (nearly) all of our new
> macros?  How often is a manual syntax-protect necessary?  It's great
> to have a system we can reason about, but the nice thing about
> certificates was that they were invisible most of the time.  It
> looks like you're suggesting that at least the use of syntax-protect
> is going to become ubiquitous in this new system.

That's exactly what I'm worried about too.  (I was going to try things
out first, but the build crashed.)

Actually, the certificate system was good enough at being invisible
that explaining the new system in terms of it isn't effective (at
least for me) since certificates were this complicated thing that you
need to be aware of in some rare cases but 5 minutes after you're done
you'd re-forget what you read.  (Again, this is all for a subjective
value of "you", of course.)

          ((lambda (x) (x x)) (lambda (x) (x x)))          Eli Barzilay:
                    http://barzilay.org/                   Maze is Life!

Posted on the dev mailing list.