[GHC] #8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong

[GHC]

#8827: Inferring Safe mode with GeneralizedNewtypeDeriving is wrong
-------------------------------------+------------------------------------
        Reporter:  goldfire          |            Owner:
            Type:  bug               |           Status:  new
        Priority:  normal            |        Milestone:  7.8.1
       Component:  Compiler          |          Version:  7.8.1-rc2
      Resolution:                    |         Keywords:
Operating System:  Unknown/Multiple  |     Architecture:  Unknown/Multiple
 Type of failure:  None/Unknown      |       Difficulty:  Unknown
       Test Case:                    |       Blocked By:
        Blocking:                    |  Related Tickets:  8226, 8745
-------------------------------------+------------------------------------

Comment (by goldfire):

 I tend to agree with Edward's comments above, except on one perhaps-
 critical point: since RC 2, there is now a new module `Data.Coerce` in
 base that ''does'' export `coerce` Safe-ly. So, Edward's point (2) is
 incorrect. See #8745.

 Separately, there has been a fair amount of debate between choices (A) and
 (C). I have advocated for (A), based on decreasing the pain for library
 authors. Perhaps in a clean-slate implementation of a language with
 `coerce`, I would favor (C), but that is not the case we have in front of
 us. (Yes, under (C), we would require more annotations, but we already
 require a host of instance declarations for many types, and this would
 just be yet another thing that Haskellers would know to do.)

 The recursive-constructor-check that is described in the beginning of this
 ticket has lost its luster for me. If Safe inference worked, it would
 solve most of the problems brought up with the interaction between Safe
 and `coerce`. But, it also makes the `coerce` feature / GND very
 bowdlerized under Safe Haskell, and many desired uses of GND would no
 longer be possible. And, it's ugly from a user standpoint, requiring lots
 of importing of names unmentioned in code.

 I see a two feasible ways forward, given the lateness of hour:

 1) Keep the status quo.

 2) Remove GND and `coerce` from the Safe subset for 7.8. We could look
 into ways of bringing them into Safe Haskell for 7.10.

 In particular, I don't think that Simon's option (C) is viable, unless we
 want a Release Candidate 3, which I don't. Separately from the choice
 between (1) and (2), I definitely favor issuing warnings around missing
 role annotations, but it's unclear to me where the warnings should go.
 Edward's idea for warning when abstractly exporting a type with
 representational roles and no role annotation is a good start, and is
 perhaps the answer.

 David's suggestion above (controlling roles in export lists) seems to
 present strange action-at-a-distance, in that if I don't export
 constructors from their defining module, the behavior is different from
 when I don't export the constructors from a different module. I worry
 that, while perhaps catching common cases, it would be very unexpected
 behavior in the details.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8827#comment:24>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler