Thank you for your comment

Beau­tiful Racket / tuto­rials

Level up: jsonic revis­ited

Intro­ducing contracts

To ensure safer run-time behavior of our func­tions, we’ll add contracts. A contract wraps around a func­tion and ensures its input argu­ments and return value meet require­ments that we specify. If the func­tion tries to accept argu­ments or return a value that doesn’t meet these require­ments, the contract raises an error.

Of course, we can write these kind of input & output checks by hand. But contracts have three bene­fits:

  1. They give us a compact, consis­tent nota­tion for writing these checks.

  2. They take care of the under­lying house­keeping of creating and raising a detailed error.

  3. They make func­tions more read­able, because they make the input & output expec­ta­tions explicit.

For instance, consider our-div, a divi­sion func­tion that allows 0 as a denom argu­ment. Bad input produces a generic error:

(module our-submod br
  (define (our-div num denom)
    (/ num denom))
  (provide our-div))

(require (submod "." our-submod))
(our-div 42 0)
1
2
3
4
5
6
7
(module our-submod br
  (define (our-div num denom)
    (/ num denom))
  (provide our-div))

(require (submod "." our-submod))
(our-div 42 0)
copy to clipboard
/: division by zero
1
/: division by zero
copy to clipboard

We can add a check to denom that raises a more specific error:

(module our-submod br
  (define (our-div num denom)
    (when (zero? denom)
      (error "our-div: denom argument needs to be nonzero"))
    (/ num denom))
  (provide our-div))

(require (submod "." our-submod))
(our-div 42 0)
1
2
3
4
5
6
7
8
9
(module our-submod br
  (define (our-div num denom)
    (when (zero? denom)
      (error "our-div: denom argument needs to be nonzero"))
    (/ num denom))
  (provide our-div))

(require (submod "." our-submod))
(our-div 42 0)
copy to clipboard
our-div: denom argument needs to be nonzero
1
our-div: denom argument needs to be nonzero
copy to clipboard

But we can do even better with a contract. To add a contract to our func­tion, first we import racket/contract. The define is the same as usual. But we’ll change our provide to use contract-out, which lets us attach a contract to the exported func­tion:

(require racket/contract)
(define (our-div num denom)
  (/ num denom))
(provide (contract-out
          [our-div ···])) ;; contract will go here
1
2
3
4
5
(require racket/contract)
(define (our-div num denom)
  (/ num denom))
(provide (contract-out
          [our-div ···])) ;; contract will go here
copy to clipboard

To make the contract itself, we use -> (also known as a contract combi­nator). Each argu­ment to -> is a func­tion that performs a test (also known as a pred­i­cate). The last argu­ment to -> tests the return value, and the other argu­ments test the input argu­ments.

For our-div, we want a contract that tests that num is a number?, denom is not zero?, and the result is also a number?. We write this contract like so (where not/c is a contract combi­nator that inverts the zero? pred­i­cate):

(-> number? (not/c zero?) number?)
1
copy to clipboard

To make the sepa­ra­tion between input and output pred­i­cates more read­able, Rack­e­teers typi­cally use infix nota­tion in a contract. Func­tion calls are idiomat­i­cally written with prefix nota­tion. But we can option­ally surround the func­tion name with . dots . and move it anywhere within the S-expres­sion, and the func­tion call will work the same way. Infix nota­tion lets us relo­cate the -> to a more logical place:  + The dots aren’t iden­ti­fiers. They’re just extra nota­tion that the Racket reader knows how to parse.

(number? (not/c zero?) . -> . number?)
1
copy to clipboard

Now we can add our contract to our provide:

(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    (/ num denom))
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
(our-div 42 0)
1
2
3
4
5
6
7
8
9
(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    (/ num denom))
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
(our-div 42 0)
copy to clipboard

This time, the input-argu­ment error is raised by the contract:

our-div: contract violation
  expected: (not/c zero?)
  given: 0
  in: the 2nd argument of
      (-> number? (not/c zero?) number?)
  contract from: (anonymous-module our-submod)
  blaming: anonymous-module
   (assuming the contract is correct)
  at: unsaved-editor:7.13
1
2
3
4
5
6
7
8
9
our-div: contract violation
  expected: (not/c zero?)
  given: 0
  in: the 2nd argument of
      (-> number? (not/c zero?) number?)
  contract from: (anonymous-module our-submod)
  blaming: anonymous-module
   (assuming the contract is correct)
  at: unsaved-editor:7.13
copy to clipboard

To show how the return-value contract works, let’s change our func­tion so it returns a string, and call our-div with two valid numer­ical argu­ments:

(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    "a string")
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
(our-div 42 6)
1
2
3
4
5
6
7
8
9
(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    "a string")
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
(our-div 42 6)
copy to clipboard

This time, the error message changes:

our-div: broke its own contract
  promised: number?
  produced: "a string"
  in: the range of
      (-> number? (not/c zero?) number?)
  contract from: (anonymous-module our-submod)
  blaming: (anonymous-module our-submod)
   (assuming the contract is correct)
  at: unsaved-editor:7.13
1
2
3
4
5
6
7
8
9
our-div: broke its own contract
  promised: number?
  produced: "a string"
  in: the range of
      (-> number? (not/c zero?) number?)
  contract from: (anonymous-module our-submod)
  blaming: (anonymous-module our-submod)
   (assuming the contract is correct)
  at: unsaved-editor:7.13
copy to clipboard

Instead of refer­ring to “expected” argu­ments, the error refers to the “promised” return value, and the blame is like­wise shifted to our-div itself (“broke its own contract”).

Curious char­ac­ters might be wondering why our sample code is inside a submodule, rather than at the top level of our source file. The answer is that contracts are always asso­ci­ated with some boundary within the code. A contract is invoked only when the func­tion is used across that boundary. In this case, because the contract is attached within our provide, it only applies across the module boundary of our-submod. Thus, if we move (our-div 42 0) inside our-submod:

(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    (/ num denom))
  (our-div 42 0)
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
1
2
3
4
5
6
7
8
9
(module our-submod br
  (require racket/contract)
  (define (our-div num denom)
    (/ num denom))
  (our-div 42 0)
  (provide (contract-out
            [our-div (number? (not/c zero?) . -> . number?)])))

(require (submod "." our-submod))
copy to clipboard

The contract won’t be trig­gered, and we’ll get our generic error again:

/: division by zero
1
/: division by zero
copy to clipboard

Adding contracts to our language

Let’s open "reader.rkt" so we can add a contract to read-syntax:

jsonic/reader.rkt
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt")

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide read-syntax)
1
2
3
4
5
6
7
8
9
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt")

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide read-syntax)
copy to clipboard

Recall that read-syntax takes two argu­ments: a path to a file and an input port pointing at that file. The path argu­ment can be any data type, so we’ll use the universal contract any/c. We need the port to be of the type port?. At the end, read-syntax returns a syntax object (which we can test with syntax?). So the whole contract looks like this:

(any/c port? . -> . syntax?)
1
copy to clipboard

As before, we import racket/contract, and change our provide to use contract-out with our new contract:

jsonic/reader.rkt
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt" racket/contract)

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide (contract-out
          [read-syntax (any/c port? . -> . syntax?)]))
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt" racket/contract)

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide (contract-out
          [read-syntax (any/c port? . -> . syntax?)]))
copy to clipboard

Now, if we run our test file:

#lang jsonic
// a line comment
[
  @$ 'null $@,
  @$ (* 6 7) $@,
  @$ (= 2 (+ 1 1)) $@,
  @$ (list "array" "of" "strings") $@,
  @$ (hash 'key-1 'null
           'key-2 (even? 3)
           'key-3 (hash 'subkey 21)) $@
]
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
#lang jsonic
// a line comment
[
  @$ 'null $@,
  @$ (* 6 7) $@,
  @$ (= 2 (+ 1 1)) $@,
  @$ (list "array" "of" "strings") $@,
  @$ (hash 'key-1 'null
           'key-2 (even? 3)
           'key-3 (hash 'subkey 21)) $@
]
copy to clipboard

It still works normally:

[
  null,
  42,
  true,
  ["array","of","strings"],
  {"key-1":null,"key-3":{"subkey":21},"key-2":false}
]
1
2
3
4
5
6
7
[
  null,
  42,
  true,
  ["array","of","strings"],
  {"key-1":null,"key-3":{"subkey":21},"key-2":false}
]
copy to clipboard

Which is what we expected. But this is a special situ­a­tion. We already knew that the func­tion was correct.

Most of the time—espe­cially while we’re devel­oping our language—we don’t. So aside from ensuring run-time safety, a contract can be a useful devel­op­ment tool. It lets us plant a flag when we start to write a func­tion. As soon as we get off track, it lets us know. (The other half of this equa­tion is unit testing, which we’ll cover in the next section.)

To that end, it’s wise to write the narrowest possible contracts. That way, there’s less chance of “false posi­tives”—values that meet the contract tests, but that aren’t actu­ally accept­able.

For instance, the port? pred­i­cate returns #t for both input ports and output ports. But the port argu­ment to read-syntax can only be an input port. There­fore, we should use the narrower input-port? pred­i­cate in our contract:

jsonic/reader.rkt
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt" racket/contract)

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide (contract-out
          [read-syntax (any/c input-port? . -> . syntax?)])) 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
#lang br/quicklang
(require "tokenizer.rkt" "parser.rkt" racket/contract)

(define (read-syntax path port)
  (define parse-tree (parse path (make-tokenizer port)))
  (define module-datum `(module jsonic-module jsonic/expander
                          ,parse-tree))
  (datum->syntax #f module-datum))
(provide (contract-out
          [read-syntax (any/c input-port? . -> . syntax?)]))
copy to clipboard

Let’s now open "tokenizer.rkt", so we can add a contract to make-tokenizer:

jsonic/tokenizer.rkt
#lang br/quicklang
(require brag/support)

(define (make-tokenizer port)
  (define (next-token)
    (define jsonic-lexer
      (lexer
       [(from/to "//" "\n") (next-token)]
       [(from/to "@$" "$@")
        (token 'SEXP-TOK (trim-ends "@$" lexeme "$@"))]
       [any-char (token 'CHAR-TOK lexeme)]))
    (jsonic-lexer port))
  next-token)
(provide make-tokenizer)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
#lang br/quicklang
(require brag/support)

(define (make-tokenizer port)
  (define (next-token)
    (define jsonic-lexer
      (lexer
       [(from/to "//" "\n") (next-token)]
       [(from/to "@$" "$@")
        (token 'SEXP-TOK (trim-ends "@$" lexeme "$@"))]
       [any-char (token 'CHAR-TOK lexeme)]))
    (jsonic-lexer port))  
  next-token)
(provide make-tokenizer)
copy to clipboard

Like read-syntax, make-tokenizer takes one input port as an argu­ment. As we learned, we can test this with input-port?.

But how about next-token, the return value? next-token is a func­tion. We could use the generic procedure? pred­i­cate, which returns #t for all func­tions.

(input-port? . -> . procedure?)
1
copy to clipboard

That’s not wrong. But we can do better.

If we need a contract to test a func­tion, we can make a second contract with -> and nest it inside the main contract. In this case, next-token takes no argu­ments, and returns either eof (which we can test with eof-object?) or a token struc­ture (token-struct?). For simplicity, we encap­su­late these tests in a new jsonic-token? pred­i­cate:

(define (jsonic-token? x)
  (or (eof-object? x) (token-struct? x)))
1
2
(define (jsonic-token? x)
  (or (eof-object? x) (token-struct? x)))
copy to clipboard

Thus, our contract for next-token looks like this (since we don’t have any input argu­ments, we don’t need infix nota­tion):

(-> jsonic-token?)
1
(-> jsonic-token?)
copy to clipboard

And our whole contract for make-tokenizer looks like this:

(input-port? . -> . (-> jsonic-token?))
1
(input-port? . -> . (-> jsonic-token?))
copy to clipboard

Putting it all together, we again start by importing racket/contract. We add our defi­n­i­tion for jsonic-token?. And we insert the new contract inside the provide for make-tokenizer using contract-out:

jsonic/tokenizer.rkt
#lang br/quicklang
(require brag/support racket/contract)

(define (jsonic-token? x)
  (or (eof-object? x) (token-struct? x)))

(define (make-tokenizer port)
  (define (next-token)
    (define jsonic-lexer
      (lexer
       [(from/to "//" "\n") (next-token)]
       [(from/to "@$" "$@")
        (token 'SEXP-TOK (trim-ends "@$" lexeme "$@"))]
       [any-char (token 'CHAR-TOK lexeme)]))
    (jsonic-lexer port))
  next-token)
(provide
 (contract-out
  [make-tokenizer (input-port? . -> . (-> jsonic-token?))]))
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
#lang br/quicklang
(require brag/support racket/contract)

(define (jsonic-token? x)
  (or (eof-object? x) (token-struct? x)))

(define (make-tokenizer port)
  (define (next-token)
    (define jsonic-lexer
      (lexer
       [(from/to "//" "\n") (next-token)]
       [(from/to "@$" "$@")
        (token 'SEXP-TOK (trim-ends "@$" lexeme "$@"))]
       [any-char (token 'CHAR-TOK lexeme)]))
    (jsonic-lexer port))
  next-token)
(provide
 (contract-out
  [make-tokenizer (input-port? . -> . (-> jsonic-token?))]))
copy to clipboard

Contract caveats

A con­tract oper­ates at run time. So it nec­es­sar­ily imposes a per­for­mance cost on a program, however small. When we use a contract, we should make sure that the incre­mental safety is worth the incre­mental cost.

For instance, a contract on read-syntax is prob­ably unnec­es­sary. The argu­ments are being passed in by Racket itself. We can trust that they’re correct.

On the other hand, a contract on read-syntax is only called once for every program (because read-syntax itself is only called once). So it’s unlikely to gum up the works, either.

Beyond run-time safety, the best reason to use contracts is that they’re a great debug­ging tool. Those who value their time will likely find that their invest­ment in contracts is quickly repaid by rapidly pinpointing bugs related to incor­rect data types.

We’ll include contracts in the new func­tions we add during this tuto­rial.

← prev next →