default roles

Edward Kmett ekmett
Fri Oct 11 17:58:33 UTC 2013 

On Fri, Oct 11, 2013 at 1:00 PM, Simon Peyton-Jones
<simonpj at microsoft.com>wrote:

> First, in this case Set?s argument has nominal role, so the GND you give
> would be rejected anyway.  So Set?s sanctity stays unscathed.
>
Fair enough. I'm very happy to hear that avenue of attack doesn't work. =)

> But beyond that, when you say ****
>
> newtype Bar = Bar Int deriving (Eq,Foo)****
>
> the ?deriving Foo? bit says
>
> ?please implement all the Foo operations on Bar values in precisely the
> same way that you implement Foo operations on Int.?
>
> Now that might be a stupid thing to say.  There are many ways in which it
> could be semantically wrong.  One of them is that Ints are ordered one way
> and Bars are ordered another.  But there may be other ways too.  Perhaps
> Bars have properties that Ints don?t which mean that inserting should work
> differently.  A type system cannot hope to catch all of these.
>

My main concern is just making sure that we don't wind up with situations
where you can get two instances of, say, Eq Bar that disagree under Safe
Haskell depending on where you obtained it.

So far Richard's proposed fix has handled every attack I've come up with.
I'll go back to looking for other attack vectors.

-Edward


> *From:* Edward Kmett [mailto:ekmett at gmail.com]
> *Sent:* 11 October 2013 03:09
> *To:* Richard Eisenberg
> *Cc:* David Menendez; glasgow-haskell-users at haskell.org Mailing List;
> Simon Peyton-Jones
> *Subject:* Re: default roles****
>
> ** **
>
> Wait, that sounds like it induces bad semantics. ****
>
> ** **
>
> Can't we use that as yet another way to attack the sanctity of Set?****
>
> ** **
>
> class Ord a => Foo a where****
>
>   badInsert :: a -> Set a -> Set a****
>
> ** **
>
> instance Foo Int where****
>
>   badInsert = insert****
>
> ** **
>
> newtype Bar = Bar Int deriving (Eq,Foo)****
>
> ** **
>
> instance Ord Bar where****
>
>   compare (Bar x) (Bar y) = compare y x****
>
> ** **
>
> Now you can badInsert into a Set.****
>
> ** **
>
> If that is still in play then even with all the roles machinery then GND
> doesn't pass the restrictions of "SafeHaskell". =(****
>
> ** **
>
> -Edward****
>
> ** **
>
> On Thu, Oct 10, 2013 at 9:52 PM, Richard Eisenberg <eir at cis.upenn.edu>
> wrote:****
>
>
> On Oct 10, 2013, at 1:14 PM, David Menendez wrote:
> > Sure, but if op uses show internally, we get Int's show, not Age's,
> right? That seems correct, in that it's doing what GND is supposed to do,
> but I'll bet it will surprise people.****
>
> Yes, you're right. If a method in a subclass uses a superclass method, it
> uses the base type's instance's method, not the newtype's. Very weird, but
> I guess it makes sense in its own way. This does show how GND can create
> instance incoherence even without storing dictionaries in datatypes.****
>
>
> Richard
>
> _______________________________________________
> Glasgow-haskell-users mailing list
> Glasgow-haskell-users at haskell.org
> http://www.haskell.org/mailman/listinfo/glasgow-haskell-users****
>
>  ** **
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/glasgow-haskell-users/attachments/20131011/1e0ec583/attachment.html>

More information about the Glasgow-haskell-users mailing list