[GHC] #8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong

GHC ghc-devs at haskell.org
Fri Mar 21 17:55:28 UTC 2014 

#8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong
-------------------------------------+------------------------------------
        Reporter:  goldfire          |            Owner:
            Type:  bug               |           Status:  new
        Priority:  normal            |        Milestone:  7.8.1
       Component:  Compiler          |          Version:  7.8.1-rc2
      Resolution:                    |         Keywords:
Operating System:  Unknown/Multiple  |     Architecture:  Unknown/Multiple
 Type of failure:  None/Unknown      |       Difficulty:  Unknown
       Test Case:                    |       Blocked By:
        Blocking:                    |  Related Tickets:  8226, 8745
-------------------------------------+------------------------------------

Comment (by dterei):

 So I need to educate myself better still but based on my current
 understanding (from the wiki page on roles) and the example Simon, what
 David and I don't like about this is that you can no longer look at just
 an export list for your module to verify what a consumer of your module is
 capable of doing.

 I.e., the Safe Haskell specific issue with GND that we cared about when we
 disabled GND was #5498. My understanding is that the new roles and
 coercion infrastructure that forms the base of 7.8's GND deals with all
 the type safety issues where you could easily segfault a program or
 inspect a bool as an int. However, by default it doesn't deal with the
 module boundary issue. In fact, it makes it worse as now phantom roles
 allow coercion between them.

 For example, Ptr requires explicit use of roles to ensure safety. This
 isn't very satisfactory to DM and I. Now a developer needs to understand
 GHC specific Haskell and a some subtle details to correctly implement
 abstractions. We'd prefer if export lists were self-contained and
 authoritative, not export lists + roles.

 Speaking just for myself, I think (C) would be ideal. It coincides most
 closely with my (and what I believe most programmers) intuitive
 expectations of data types and abstraction is and gives the strongest
 safety by default. (B) has the downside of making a lot of code by default
 not safe and we were very much hoping solving GND would expand the default
 world that is safe, not reduce it. (A) as explained above isn't great in
 our opinion.

 P.S., I'm traveling right now so may be some delays in replying but I'll
 try to be prompt.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8827#comment:18>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list