Is Safe Haskell intended to allow segfaults?

Ryan Newton rrnewton at gmail.com
Tue Aug 9 14:41:44 UTC 2016


On Mon, Aug 8, 2016 at 8:46 PM, Mikhail Glushenkov <mikhail.
glushenkov at gmail.com> wrote:
>
> Yes, this can be done with JNI, see e.g. [1]. Additionally, by using
> sun.misc.Unsafe [2], one can cause segfaults even from pure Java.
> [1] https://www.cs.princeton.edu/~appel/papers/safejni.pdf
> [2] http://www.inf.usi.ch/faculty/lanza/Downloads/Mast2015a.pdf


Ah, I see. I thought that, ruling out FFI, that you couldn't segfault with
pure Java code.  Good to know about the unsafe interface.

On Mon, Aug 8, 2016 at 7:32 PM, David Terei <davidterei at gmail.com> wrote:
>
> If you have the energy, it'd be great to put some of this thinking
> into a wiki page (https://ghc.haskell.org/trac/ghc/wiki/SafeHaskell)
> and flesh out a first approximation of what IO API's cause issues. Is
> it just Ptr not carrying bounds around with it? Maybe, but then we
> need to secure how Ptr's can be created, which excludes FFI returning
> Ptr's.
>

Yes, we can add a Wiki page.

Btw I was thinking more of kicking FFI/peek/poke outside of the Safe
bubble, not changing their operational behavior.  First of all, it's nigh
impossible to lock down FFI calls.

When someone, e.g. Bob Harper
<https://existentialtype.wordpress.com/2012/08/14/haskell-is-exceptionally-unsafe/>,
points out a problem in Haskell, we sometimes respond "hey, *Safe Haskell*
is the real objet d'art!  It's a safe language."  Yet it isn't really a
full *language* if people cannot write and run programs in it!  (Because
every program must be ultimately be `main::IO()`.)  Kicking out segfaulty
features would still leave a safe language that people can write complete
programs in.

Best,
  -Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20160809/923c1cc4/attachment.html>


More information about the ghc-devs mailing list