Deprecating Safe Haskell, or heavily investing in it?
ietf-dane at dukhovni.org
Tue Dec 27 23:03:30 UTC 2022
On Tue, Dec 27, 2022 at 10:31:07PM +0100, Jaro Reinders wrote:
> The bytestring package does have run time bounds checks. So maybe Safe
> Haskell is safer than you think?
No. The safety depends on careful Safe/Unsafe marking of an
unmanageable and growing set of modules. How does GHC know
that "Data.ByteString.Unsafe" is actually "unsafe" in the
sense of "Safe" Haskell?
λ> BS.index x 10
*** Exception: Data.ByteString.index: index too large: 10, length = 6
CallStack (from HasCallStack):
error, called at libraries/bytestring/Data/ByteString.hs:2026:23 in bytestring-0.11.3.1:Data.ByteString
moduleError, called at libraries/bytestring/Data/ByteString.hs:1232:24 in bytestring-0.11.3.1:Data.ByteString
index, called at <interactive>:7:1 in interactive:Ghci3
λ> import Data.ByteString.Unsafe as UBS
λ> UBS.unsafeIndex x 30000
λ> UBS.unsafeIndex x 1000000
λ> UBS.unsafeIndex x 10000000
λ> UBS.unsafeIndex x 100000000
Segmentation fault (core dumped)
This is too brittle to be safe on an ongoing basis in practice.
More information about the ghc-devs