[GHC] #8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong

GHC ghc-devs at haskell.org
Mon Aug 17 13:03:43 UTC 2015 

#8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong
-------------------------------------+-------------------------------------
        Reporter:  goldfire          |                   Owner:
            Type:  bug               |                  Status:  new
        Priority:  normal            |               Milestone:  7.12.1
       Component:  Compiler          |                 Version:  7.9
      Resolution:                    |                Keywords:
Operating System:  Unknown/Multiple  |            Architecture:
                                     |  Unknown/Multiple
 Type of failure:  None/Unknown      |               Test Case:
      Blocked By:                    |                Blocking:
 Related Tickets:  #8226, #8745      |  Differential Revisions:
-------------------------------------+-------------------------------------

Comment (by goldfire):

 A few reactions:

 * I think this proposal holds water, from a technical standpoint.

 * I'm worried about the efficiency of `Safe`-inference. This proposal
 requires doing a recursive check, potentially loading new interface files,
 just for inferring `Safe`ty. This makes me sad. I have no suggestion for
 improvement, however.

 * Along similar lines, just expanding a module's import list can change it
 from un`Safe`-inferred to `Safe`-inferred. Are the extra imported data
 constructors considered used in the module? That is, do they get
 "redundant import" warnings? Either answer to that last question seems
 wrong.

 * The reason that the default role is representational (phantom, actually)
 is solely for backward compatibility. In a newly-minted language, I think
 choosing nominal here would be rather uncontroversial. Is it worth
 recasting this debate as a move toward a nominal-default? With this
 change, the `Safe`ty issue goes away. This would be socially harder, but
 perhaps better in the long run.

 -------------

 Here's a stab at that last point:

 Plan to introduce, in GHC 7.14, a new extension `PhantomDefaultRoles`.
 With this extension, roles would work as they do today. Roles would also
 be `Safe`, because the author declares their knowledge of roles by using
 this extension. Without the extension enabled, a nominal role is default.

 We would introduce a warning in GHC 7.12 about this impending change. I
 don't have a good proposal for how to implement the warning, though -- it
 would amount to an inefficient recursive check. Maybe someone has a better
 idea.

 By making this change via an extension, it's easy for library-writers to
 upgrade: include a straightforward conditional block in a .cabal file. All
 packages could be upgrade by something like (I didn't look up concrete
 syntax) `if impl(ghc >= 7.12) default-extensions: PhantomDefaultRoles`.
 Easy!

 -------

 In sum, I think that the proposal in comment:42 is feasible, but I'm
 worried about efficiency. But I think that tackling the larger problem of
 default roles is better in the long run.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8827#comment:43>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list