[GHC] #8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong

GHC ghc-devs at haskell.org
Fri Aug 14 02:23:49 UTC 2015 

#8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong
-------------------------------------+-------------------------------------
        Reporter:  goldfire          |                   Owner:
            Type:  bug               |                  Status:  new
        Priority:  normal            |               Milestone:  7.12.1
       Component:  Compiler          |                 Version:  7.9
      Resolution:                    |                Keywords:
Operating System:  Unknown/Multiple  |            Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |               Test Case:
      Blocked By:                    |                Blocking:
 Related Tickets:  #8226, #8745      |  Differential Revisions:
-------------------------------------+-------------------------------------

Comment (by goldfire):

 Replying to [comment:39 oerjan]:
 > Given this, I ''hope'' the following is compatible with all the goals
 above:
 >
 > * Default inferred role remains `representational`.
 > * Any use of `coerce` (including via GND) must respect roles etc. as
 currently without Safe Haskell.
 > * If allowed in general, a "lifting" use of `coerce` is compatible with
 `Safe` if ''either'':
 >   * The type has an explicit role annotation, ''or''
 >   * All of the type's data constructors are in scope.

 For this to work out, the last check above must be recursive, looking at
 all datatypes mentioned in those in-scope data constructors, out to the
 leaves. Otherwise, a programmer could write a trivial wrapper around a
 type; all the data constructors would be in scope for the wrapper, and
 then the programmer could `coerce` away. It's the recursiveness of this
 check that's annoying.

 Another (small) problem with this is that it means redundant role
 annotations are no longer a no-op. For example:

 {{{
 data Maybe1 a = Just1 a | Nothing1

 data Maybe2 a = Just2 a | Nothing2
 type role Maybe2 representational
 }}}

 `Maybe1` and `Maybe2` will have subtly different behavior with respect to
 Safe Haskell under this proposal. And just because the author of `Maybe2`
 wanted to add some documentation about roles, much like most programmers
 add easy-to-infer type signatures.
 I don't think the point I'm making should kill this proposal, but it is a
 downside.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8827#comment:40>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list