Proposal: GHC.Generics marked UNSAFE for SafeHaskell

Dag Odenhall dag.odenhall
Mon Oct 7 09:32:32 UTC 2013 

DeriveGeneric and other derivations aren?t unsafe because it?s up to the
module author to use them. If you don't export the constructors, a
downstream user *can not* derive classes even with StandaloneDeriving, so
this is not a problem.

It does however become a problem with the proposal in this thread, as
noted, because it means you can't hand-write an instance that enforces
invariants without getting inferred Unsafe.

In any case, if this proposal passes, we need some Safe place to import
Generic from because you can't derive it without importing the class.

Here?s a thought: doesn?t Generic already have an unused phantom type
that's only there ?just in case we need to add something in the future??
How about using that to track whether an instance was derived or not, and
enforce *that* with SafeHaskell? Your SafeEq can then use a Generic
Derivedconstraint or whatever.


On Mon, Oct 7, 2013 at 8:53 AM, John Lato <jwlato at gmail.com> wrote:

> Andres is right that it's not as evil as defining your own Typeable.  The
> crux of the matter is that Generic essentially allows full access to the
> data type.  Unfortunately it's easy to forget this...
>
>
> On Mon, Oct 7, 2013 at 1:43 AM, Andres L?h <andres at well-typed.com> wrote:
>
>> While I understand you all feel uncomfortable with this, I do not
>> think the problem demonstrated by John has anything to do with
>> Generic.
>>
>> I've made a fork here
>>
>> https://github.com/kosmikus/safe-bugtest
>>
>> that shows an (IMHO) similar problem using Show and Read instead of
>> Generic. (And something slightly different could certainly also
>> produced using Enum).
>>
>> If you're deriving Generic, then yes, you gain the functionality of
>> that class, which is to inspect the structure of the type, and then
>> yes, you can in principle construct any value of that type. So
>> deriving Generic for types that should be abstract is always going to
>> be risky. But this is no different than deriving any other class, only
>> that Generic gives you particularly fine-grained access to the
>> internals of a type.
>>
>> Also, at least in my opinion, it is entirely valid to define your own
>> Generic instances. It's more work, and while I haven't used it often
>> so far, I can imagine that there are good use cases. I don't think
>> it's anywhere near as evil as defining your own Typeable instances.
>>
>> Cheers,
>>   Andres
>>
>> --
>> Andres L?h, Haskell Consultant
>> Well-Typed LLP, http://www.well-typed.com
>>
>
>
> _______________________________________________
> Libraries mailing list
> Libraries at haskell.org
> http://www.haskell.org/mailman/listinfo/libraries
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/libraries/attachments/20131007/556df4e4/attachment.html>

More information about the Libraries mailing list