Delaying 7.10?

Edward Kmett ekmett at gmail.com
Thu Jan 29 22:07:10 UTC 2015 

I personally would rather see this issue given the time to be resolved
correctly than rush to release 7.10 now because of a self-imposed deadline.

An unsafeCoerce bug, especially one which affects SafeHaskell, pretty much
trumps all in my eyes.

-Edward

On Thu, Jan 29, 2015 at 2:54 PM, Austin Seipp <austin at well-typed.com> wrote:

> After thinking about it a little, I'm fine with pushing the release out to
> March. I think #9858 is the more serious of our concerns vs a raging
> debate, too.
>
> My only concern really is dealing with the merging of such a patch. For
> example, if the patch to fix this is actually as wide ranging as we believe
> to the type hacker, I can definitely foresee a merge conflict, with, say,
> the recent -fwarn-redundant-constraints, which I've managed to leave out of
> 7.10 so far.
>
> In any case, with some more time, we can work those details out.
>
> On Thursday, January 29, 2015, Simon Peyton Jones <simonpj at microsoft.com>
> wrote:
>
>>  Friends
>>
>> In a call with a bunch of type hackers, we were discussing
>>
>>                https://ghc.haskell.org/trac/ghc/ticket/9858
>>
>> This is a pretty serious bug.  It allows a malicious person to construct
>> his own unsafeCoerce, and so completely subverts Safe Haskell.
>>
>> Actually there are two bugs (see comment:19).  The first is easily
>> fixed.  But the second is not.
>>
>> We explored various quick fixes, but the real solution is not far out of
>> reach.  It amounts to this:
>>
>> ·        Every data type is automatically in Typeable.  No need to say
>> “deriving(Typeable)” or “AutoDeriveTypeable” (which would become deprecated)
>>
>> ·        In implementation terms, the constraint solver treats Typeable
>> specially, much as it already treats Coercible specially.
>>
>> It’s not a huge job.  It’d probably take a couple of days of
>> implementation work, and some time for shaking out bugs and consequential
>> changes.  The biggest thing might be simply working out implementation
>> design choices.  (For example, there is a modest code-size cost to making
>> everything Typeable, esp because that includes the data constructors of the
>> type (which can be used in types, with DataKinds).  Does that matter?
>> Should we provide a way to suppress it?  If so, we’d also need a way to
>> express whether or not the Typable instance exists in the interface file.)
>>
>> But it is a substantial change that will touch a lot of lines of code.
>> Moreover, someone has to do it, and Iavor (who heroically volunteered)
>> happens to be travelling next week.
>>
>> So it’s really not the kind of thing we would usually do after RC2.
>>
>> But (a) it’s serious and, as it happens, (b) there is also the BBP
>> Prelude debate going on.
>>
>> Hence the question: should we simply delay 7.10  by, say, a month?  After
>> all, the timetable is up to us.  Doing so might give a bit more breathing
>> space to the BBP debate, which might allow time for reflection and/or
>> implementation of modest features to help the transition.  (I know that
>> several are under discussion.)  Plus, anyone waiting for 7.10 can simply
>> use RC2, which is pretty good.
>>
>> Would that be a relief to the BBP debate?  Or any other opinions.
>>
>> Simon
>>
>> PS: I know, I know: there is endless pressure to delay releases to get
>> stuff in.  If we give in to that pressure, we never make a release.  But we
>> should know when to break our own rules.  Perhaps this is such an occasion.
>>
>
>
> --
> Regards,
>
> Austin Seipp, Haskell Consultant
> Well-Typed LLP, http://www.well-typed.com/
>
> _______________________________________________
> ghc-devs mailing list
> ghc-devs at haskell.org
> http://www.haskell.org/mailman/listinfo/ghc-devs
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/ghc-devs/attachments/20150129/a2b03b70/attachment.html>

More information about the ghc-devs mailing list