<div dir="ltr">We're trying to spend some cycles pushing on Safe Haskell within the stackage packages. (It's looking like a slog.)<div><br></div><div>But we're running up against some basic questions regarding the core packages and Safe Haskell guarantees. <a href="https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/safe_haskell.html#safe-language">The manual currently says:</a></div><div><br></div><i>Functions in the IO monad are still allowed and behave as usual. <br></i><br>As usual? So it is ok to segfault GHC? Elsewhere it says "in the safe language you can trust the types", and I'd always assumed that meant Safe Haskell is a type safe language, even in the IO fragment.<div><br></div><div>Was there an explicit decision to allow segfaults and memory corruption? This can happen not just with FFI calls but with uses of Ptrs within Haskell, for example the following:<br><div><br></div><div><br></div><div>```</div><div>
<p class=""><span class="">{-# LANGUAGE Safe #-}</span></p>
<p class="">module Main where<br><span class=""></span></p>
<p class=""><span class="">import Foreign.Marshal.Alloc</span></p>
<p class=""><span class="">import Foreign.Storable</span></p>
<p class=""><span class="">import Foreign.Ptr</span></p>
<p class=""><span class="">import System.Random</span></p>
<p class=""><span class=""></span><br></p>
<p class=""><span class="">fn :: Ptr Int -> IO ()</span></p>
<p class=""><span class="">fn p = do</span></p>
<p class=""><span class=""> -- This is kosher:</span></p>
<p class=""><span class=""> poke p 3</span></p>
<p class=""><span class=""> print =<< peek p</span></p>
<p class=""><span class=""> -- This should crash the system:</span></p>
<p class=""><span class=""> ix <- randomIO</span></p>
<p class=""><span class=""> pokeElemOff p ix 0xcc</span></p><p class=""> </p>
<p class=""><span class="">main = alloca fn</span></p><p class=""><span class="">```</span></p><p class=""><span class=""><br></span></p><p class=""><span class=""> -Ryan</span></p></div></div></div>