emacs.d/clones/download.racket-lang.org/releases/8.6/doc/guide/stx-certs.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=0.8"/><title>16.2.7&nbsp;Tainted Syntax</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,&quot;tocview_0&quot;);">&#9658;</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x">The Racket Guide</a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1&nbsp;</td><td><a href="intro.html" class="tocviewlink" data-pltdoc="x">Welcome to Racket</a></td></tr><tr><td align="right">2&nbsp;</td><td><a href="to-scheme.html" class="tocviewlink" data-pltdoc="x">Racket Essentials</a></td></tr><tr><td align="right">3&nbsp;</td><td><a href="datatypes.html" class="tocviewlink" data-pltdoc="x">Built-<wbr></wbr>In Datatypes</a></td></tr><tr><td align="right">4&nbsp;</td><td><a href="scheme-forms.html" class="tocviewlink" data-pltdoc="x">Expressions and Definitions</a></td></tr><tr><td align="right">5&nbsp;</td><td><a href="define-struct.html" class="tocviewlink" data-pltdoc="x">Programmer-<wbr></wbr>Defined Datatypes</a></td></tr><tr><td align="right">6&nbsp;</td><td><a href="modules.html" class="tocviewlink" data-pltdoc="x">Modules</a></td></tr><tr><td align="right">7&nbsp;</td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">8&nbsp;</td><td><a href="i_o.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">9&nbsp;</td><td><a href="regexp.html" class="tocviewlink" data-pltdoc="x">Regular Expressions</a></td></tr><tr><td align="right">10&nbsp;</td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Exceptions and Control</a></td></tr><tr><td align="right">11&nbsp;</td><td><a href="for.html" class="tocviewlink" data-pltdoc="x">Iterations and Comprehensions</a></td></tr><tr><td align="right">12&nbsp;</td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">13&nbsp;</td><td><a href="classes.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">14&nbsp;</td><td><a href="units.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">15&nbsp;</td><td><a href="reflection.html" class="tocviewlink" data-pltdoc="x">Reflection and Dynamic Evaluation</a></td></tr><tr><td align="right">16&nbsp;</td><td><a href="macros.html" class="tocviewselflink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">17&nbsp;</td><td><a href="languages.html" class="tocviewlink" data-pltdoc="x">Creating Languages</a></td></tr><tr><td align="right">18&nbsp;</td><td><a href="concurrency.html" class="tocviewl
the same module and not exported with <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&amp;version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span>. Still, a use
of a macro defined in the module can expand into a reference of an
unexported identifier. In general, such an identifier must not be
extracted from the expanded expression and used in a different
context, because using the identifier in a different context may break
invariants of the macro&rsquo;s module.</p><p>For example, the following module exports a macro <span class="RktSym">go</span> that
expands to a use of <span class="RktSym">unchecked-go</span>:</p><blockquote class="SCodeFlow"><blockquote class="Rfilebox"><p class="Rfiletitle"><span class="Rfilename"><span class="stt">"m.rkt"</span></span></p><blockquote class="Rfilecontent"><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><a href="Module_Syntax.html#%28part._hash-lang%29" class="RktModLink" data-pltdoc="x"><span class="RktMod">#lang</span></a><span class="hspace">&nbsp;</span><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=index.html&amp;version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket</span></a></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&amp;version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span><span class="hspace">&nbsp;</span><span class="RktSym">go</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;</span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define%2529%2529&amp;version=8.6" class="RktStxLink Sq" data-pltdoc="x">define</a></span><span class="hspace">&nbsp;</span><span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="hspace">&nbsp;</span><span class="RktSym">n</span><span class="hspace">&nbsp;</span><span class="RktSym">x</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;</span><span class="RktCmt">;</span><span class="RktCmt">&nbsp;</span><span class="RktCmt">to avoid disaster, </span><span class="RktSym">n</span><span class="RktCmt"> must be a number</span></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;</span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=generic-numbers.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._%252B%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">+</a></span><span class="hspace">&nbsp;</span><span class="RktSym">n</span><span class="hspace">&nbsp;</span><span class="RktVal">17</span><span class="RktPn">)</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;</span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define-syntax%2529%2529&amp;version=8.6" class="RktStxLink Sq" data-pltdoc="x">define-syntax</a></span><span class="hspace">&nbsp;</span><span class="RktPn">(</span><span class="RktSym">go</span><span class="hspace">&nbsp;</span><span class="RktSym">stx</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;</span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-case%2529%2529&amp;version=8.6" class="RktStxLink Sq" data-pltdoc="x">syntax-case</a></span><span class="hspace">&nbsp;</span><span class="RktSym">stx</span><span class="hspace">&nbsp;</span><span class="RktPn">(</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">&nbsp;&nbsp;&nbsp;&nbsp;</span><span class="RktPn">[</span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529.__%2529%2529&amp;version=8.6" cla
expansion of <span class="RktPn">(</span><span class="RktSym">go</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, then it might be inserted into a new
expression, <span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="stt"> </span><span class="RktVal">#f</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, leading to disaster. The
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stxops.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._datum-%7E3esyntax%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">datum-&gt;syntax</a></span> procedure can be used similarly to construct
references to an unexported identifier, even when no macro expansion
includes a reference to the identifier.</p><p>Ultimately, protection of a module&rsquo;s private bindings depends on
changing the current <a href="code-inspectors_protect.html#%28tech._code._inspector%29" class="techoutside" data-pltdoc="x"><span class="techinside">code inspector</span></a> by setting the
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span> parameter. <span class="refelem"><span class="refcolumn"><span class="refcontent">See also
<a href="code-inspectors_protect.html" data-pltdoc="x">Code Inspectors for Trusted and Untrusted Code</a>.</span></span></span> That&rsquo;s because a code inspector
controls access to a module&rsquo;s internal state through functions like
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=Namespaces.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._module-%7E3enamespace%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">module-&gt;namespace</a></span>. The current code inspector also gates
access to the <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a> exports of unsafe modules like
<a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=unsafe.html&amp;version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket/unsafe/ops</span></a>.</p><p>Since the result of macro expansion can be abused to gain access to
protected bindings, macro functions like <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> are
also <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a>: references to <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> and similar
are allowed only within modules that are declared while the original
code inspector is the current code inspector. Functions like
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span>, which are not used to implement macros but are used
to inspect the result of macro expansion, are protected in a different
way: the expansion result is <a name="(tech._tainted)"></a><span style="font-style: italic">tainted</span> so that it cannot be
compiled or expanded again. More precisely, functions like
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span> accept an optional inspector argument that determines
whether the result is tainted, but the default value of the argument
is <span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span><span class="RktPn">)</span>.</p><blockquote class="refpara"><blockquote class="refcolumn"><blockquote class="refcontent"><p>In previous versions of Racket, a macro was responsible
for protecting expansion using <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span>. The use of
<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&amp;rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&amp;version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span> is no longer required or recommended.</p></blockquote></blockquote></blockquote><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, &quot;8.6&quot;, &quot;../&quot;);"/></form>&nbsp;&nbsp;<a href="https://download.racket-lang.org/releases/8.6/doc/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot(&quot;8.6&quot;);">top</a><span class="tocsettoggle">&nbsp;&nbsp;<a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright">&nbsp;&nbsp;<a href="phases.html" title="backward to &quot;16.2.6 General Phase Levels&quot;" data-pltdoc="x">&larr; prev</a>&nbsp;&nbsp;<a href="proc-macros.html" title="up to &quot;16.2 General Macro Transformers&quot;" data-pltdoc="x">up</a>&nbsp;&nbsp;<a href="macro-module.html" title="forward to &quot;16.3 Module Instantiations and Visits&quot;" data-pltdoc="x">next &rarr;</a></span>&nbsp;</div></div></div><div id="contextindicator">&nbsp;</div></body></html>
Update clones 2022-08-24 19:36:32 +02:00			`<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">`
			<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"/><meta name="viewport" content="width=device-width, initial-scale=0.8"/><title>16.2.7 Tainted Syntax</title><link rel="stylesheet" type="text/css" href="../scribble.css" title="default"/><link rel="stylesheet" type="text/css" href="../racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-style.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../manual-racket.css" title="default"/><link rel="stylesheet" type="text/css" href="../doc-site.css" title="default"/><script type="text/javascript" src="../scribble-common.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../manual-racket.js"></script><script type="text/javascript" src="../doc-site.js"></script><script type="text/javascript" src="../local-redirect/local-redirect.js"></script><script type="text/javascript" src="../local-redirect/local-user-redirect.js"></script><!--[if IE 6]><style type="text/css">.SIEHidden { overflow: hidden; }</style><![endif]--></head><body id="doc-racket-lang-org"><div class="tocset"><div class="tocview"><div class="tocviewlist tocviewlisttopspace"><div class="tocviewtitle"><table cellspacing="0" cellpadding="0"><tr><td style="width: 1em;"><a href="javascript:void(0);" title="Expand/Collapse" class="tocviewtoggle" onclick="TocviewToggle(this,"tocview_0");">►</a></td><td></td><td><a href="index.html" class="tocviewlink" data-pltdoc="x">The Racket Guide</a></td></tr></table></div><div class="tocviewsublisttop" style="display: none;" id="tocview_0"><table cellspacing="0" cellpadding="0"><tr><td align="right">1 </td><td><a href="intro.html" class="tocviewlink" data-pltdoc="x">Welcome to Racket</a></td></tr><tr><td align="right">2 </td><td><a href="to-scheme.html" class="tocviewlink" data-pltdoc="x">Racket Essentials</a></td></tr><tr><td align="right">3 </td><td><a href="datatypes.html" class="tocviewlink" data-pltdoc="x">Built-<wbr></wbr>In Datatypes</a></td></tr><tr><td align="right">4 </td><td><a href="scheme-forms.html" class="tocviewlink" data-pltdoc="x">Expressions and Definitions</a></td></tr><tr><td align="right">5 </td><td><a href="define-struct.html" class="tocviewlink" data-pltdoc="x">Programmer-<wbr></wbr>Defined Datatypes</a></td></tr><tr><td align="right">6 </td><td><a href="modules.html" class="tocviewlink" data-pltdoc="x">Modules</a></td></tr><tr><td align="right">7 </td><td><a href="contracts.html" class="tocviewlink" data-pltdoc="x">Contracts</a></td></tr><tr><td align="right">8 </td><td><a href="i_o.html" class="tocviewlink" data-pltdoc="x">Input and Output</a></td></tr><tr><td align="right">9 </td><td><a href="regexp.html" class="tocviewlink" data-pltdoc="x">Regular Expressions</a></td></tr><tr><td align="right">10 </td><td><a href="control.html" class="tocviewlink" data-pltdoc="x">Exceptions and Control</a></td></tr><tr><td align="right">11 </td><td><a href="for.html" class="tocviewlink" data-pltdoc="x">Iterations and Comprehensions</a></td></tr><tr><td align="right">12 </td><td><a href="match.html" class="tocviewlink" data-pltdoc="x">Pattern Matching</a></td></tr><tr><td align="right">13 </td><td><a href="classes.html" class="tocviewlink" data-pltdoc="x">Classes and Objects</a></td></tr><tr><td align="right">14 </td><td><a href="units.html" class="tocviewlink" data-pltdoc="x">Units</a></td></tr><tr><td align="right">15 </td><td><a href="reflection.html" class="tocviewlink" data-pltdoc="x">Reflection and Dynamic Evaluation</a></td></tr><tr><td align="right">16 </td><td><a href="macros.html" class="tocviewselflink" data-pltdoc="x">Macros</a></td></tr><tr><td align="right">17 </td><td><a href="languages.html" class="tocviewlink" data-pltdoc="x">Creating Languages</a></td></tr><tr><td align="right">18 </td><td><a href="concurrency.html" class="tocviewl
			`the same module and not exported with <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span>. Still, a use`
			`of a macro defined in the module can expand into a reference of an`
			`unexported identifier. In general, such an identifier must not be`
			`extracted from the expanded expression and used in a different`
			`context, because using the identifier in a different context may break`
			`invariants of the macro’s module.</p><p>For example, the following module exports a macro <span class="RktSym">go</span> that`
			expands to a use of <span class="RktSym">unchecked-go</span>:</p><blockquote class="SCodeFlow"><blockquote class="Rfilebox"><p class="Rfiletitle"><span class="Rfilename"><span class="stt">"m.rkt"</span></span></p><blockquote class="Rfilecontent"><table cellspacing="0" cellpadding="0" class="RktBlk"><tr><td><a href="Module_Syntax.html#%28part._hash-lang%29" class="RktModLink" data-pltdoc="x"><span class="RktMod">#lang</span></a><span class="hspace"> </span><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=index.html&version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket</span></a></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=require.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._provide%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">provide</a></span><span class="hspace"> </span><span class="RktSym">go</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">define</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="hspace"> </span><span class="RktSym">n</span><span class="hspace"> </span><span class="RktSym">x</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">  </span><span class="RktCmt">;</span><span class="RktCmt"> </span><span class="RktCmt">to avoid disaster, </span><span class="RktSym">n</span><span class="RktCmt"> must be a number</span></td></tr><tr><td><span class="hspace">  </span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=generic-numbers.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._%252B%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">+</a></span><span class="hspace"> </span><span class="RktSym">n</span><span class="hspace"> </span><span class="RktVal">17</span><span class="RktPn">)</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace"> </span></td></tr><tr><td><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=define.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fbase..rkt%2529._define-syntax%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">define-syntax</a></span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktSym">go</span><span class="hspace"> </span><span class="RktSym">stx</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">  </span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-case%2529%2529&version=8.6" class="RktStxLink Sq" data-pltdoc="x">syntax-case</a></span><span class="hspace"> </span><span class="RktSym">stx</span><span class="hspace"> </span><span class="RktPn">(</span><span class="RktPn">)</span></td></tr><tr><td><span class="hspace">    </span><span class="RktPn">[</span><span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stx-patterns.html%23%2528form._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529.__%2529%2529&version=8.6" cla
			`expansion of <span class="RktPn">(</span><span class="RktSym">go</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, then it might be inserted into a new`
			`expression, <span class="RktPn">(</span><span class="RktSym">unchecked-go</span><span class="stt"> </span><span class="RktVal">#f</span><span class="stt"> </span><span class="RktVal">'</span><span class="RktVal">a</span><span class="RktPn">)</span>, leading to disaster. The`
			`<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxops.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._datum-%7E3esyntax%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">datum->syntax</a></span> procedure can be used similarly to construct`
			`references to an unexported identifier, even when no macro expansion`
			`includes a reference to the identifier.</p><p>Ultimately, protection of a module’s private bindings depends on`
			`changing the current <a href="code-inspectors_protect.html#%28tech._code._inspector%29" class="techoutside" data-pltdoc="x"><span class="techinside">code inspector</span></a> by setting the`
			`<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span> parameter. <span class="refelem"><span class="refcolumn"><span class="refcontent">See also`
			`<a href="code-inspectors_protect.html" data-pltdoc="x">Code Inspectors for Trusted and Untrusted Code</a>.</span></span></span> That’s because a code inspector`
			`controls access to a module’s internal state through functions like`
			`<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Namespaces.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._module-%7E3enamespace%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">module->namespace</a></span>. The current code inspector also gates`
			`access to the <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a> exports of unsafe modules like`
			`<a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=unsafe.html&version=8.6" class="RktModLink Sq" data-pltdoc="x"><span class="RktSym">racket/unsafe/ops</span></a>.</p><p>Since the result of macro expansion can be abused to gain access to`
			`protected bindings, macro functions like <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> are`
			`also <a href="protect-out.html#%28tech._protected%29" class="techoutside" data-pltdoc="x"><span class="techinside">protected</span></a>: references to <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxtrans.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._local-expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">local-expand</a></span> and similar`
			`are allowed only within modules that are declared while the original`
			`code inspector is the current code inspector. Functions like`
			`<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span>, which are not used to implement macros but are used`
			`to inspect the result of macro expansion, are protected in a different`
			`way: the expansion result is <a name="(tech._tainted)"></a><span style="font-style: italic">tainted</span> so that it cannot be`
			`compiled or expanded again. More precisely, functions like`
			`<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=Expanding_Top-Level_Forms.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._expand%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">expand</a></span> accept an optional inspector argument that determines`
			`whether the result is tainted, but the default value of the argument`
			is <span class="RktPn">(</span><span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=modprotect.html%23%2528def._%2528%2528quote._%7E23%7E25kernel%2529._current-code-inspector%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">current-code-inspector</a></span><span class="RktPn">)</span>.</p><blockquote class="refpara"><blockquote class="refcolumn"><blockquote class="refcontent"><p>In previous versions of Racket, a macro was responsible
			`for protecting expansion using <span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span>. The use of`
			<span class="RktSym"><a href="https://download.racket-lang.org/releases/8.6/doc/local-redirect/index.html?doc=reference&rel=stxcerts.html%23%2528def._%2528%2528lib._racket%252Fprivate%252Fstxcase-scheme..rkt%2529._syntax-protect%2529%2529&version=8.6" class="RktValLink Sq" data-pltdoc="x">syntax-protect</a></span> is no longer required or recommended.</p></blockquote></blockquote></blockquote><div class="navsetbottom"><span class="navleft"><form class="searchform"><input class="searchbox" id="searchbox" type="text" tabindex="1" placeholder="...search manuals..." title="Enter a search string to search the manuals" onkeypress="return DoSearchKey(event, this, "8.6", "../");"/></form>  <a href="https://download.racket-lang.org/releases/8.6/doc/index.html" title="up to the documentation top" data-pltdoc="x" onclick="return GotoPLTRoot("8.6");">top</a><span class="tocsettoggle">  <a href="javascript:void(0);" title="show/hide table of contents" onclick="TocsetToggle();">contents</a></span></span><span class="navright">  <a href="phases.html" title="backward to "16.2.6 General Phase Levels"" data-pltdoc="x">← prev</a>  <a href="proc-macros.html" title="up to "16.2 General Macro Transformers"" data-pltdoc="x">up</a>  <a href="macro-module.html" title="forward to "16.3 Module Instantiations and Visits"" data-pltdoc="x">next →</a></span> </div></div></div><div id="contextindicator"> </div></body></html>