[GHC] #8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong

GHC ghc-devs at haskell.org
Wed Mar 19 08:51:26 UTC 2014 

#8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong
-------------------------------------+------------------------------------
        Reporter:  goldfire          |            Owner:
            Type:  bug               |           Status:  new
        Priority:  normal            |        Milestone:  7.8.1
       Component:  Compiler          |          Version:  7.8.1-rc2
      Resolution:                    |         Keywords:
Operating System:  Unknown/Multiple  |     Architecture:  Unknown/Multiple
 Type of failure:  None/Unknown      |       Difficulty:  Unknown
       Test Case:                    |       Blocked By:
        Blocking:                    |  Related Tickets:  8226, 8745
-------------------------------------+------------------------------------

Comment (by nomeata):

 Just as a data point:

 > Though controlling instance exports does not have a precedent, another
 > option might be to special-case the Coerce class and only export
 > instances of Coerce when all constructors of a type are also exported.
 > This would prevent anyone from using Coerce to do things they couldn't
 > already do manually.

 This is what we had originally; the check was removed in
 59722295bb8da8f01d37356fbed6aef7321a8195/ghc. It wouldn’t be hard to re-
 introduce it; but it will mean that a lot of uses of `coerce` or GND in
 Safe Haskell will fail, including `coerce :: Set Age -> Set Int`.

 Maybe requiring a `deriving (Coercible)`, or `-XDeriveCoerce`, or a
 standalone deriving declaration to get the coerce-under-type constructor
 behaviour isn’t such a bad idea after all, even outside the context of
 Safe Haskell? It would turn the current blacklisting (“add role annotatoin
 if it is not safe”) into whitelisting (“tell us that Coercing is safe, and
 how”).

 For additional convenience we could retain the previous behaviour of
 „instance available if all constructors are in scope“, so that the author
 of simple cases like `[]`, `Either`, `Maybe` do not have to do something;
 only those who hide their constructors have to act to allow their users to
 coerce under their type constructor.

 TL;DR: Coercing under a type constructor is allowed if (a) all involved
 constructors are in scope (“could write it by hand test”) ''or'' (b)
 someone who had access to the constructors (most likely the author)
 explicitly declared the instance, using some form of `deriving`. No
 special behaviour needed for Safe Haskell.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8827#comment:14>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list