[Haskell-cafe] Why purely in haskell?
Henning Thielemann
lemming at henning-thielemann.de
Thu Jan 10 14:56:26 EST 2008
On Thu, 10 Jan 2008, David Roundy wrote:
> On Jan 9, 2008 5:42 PM, Henning Thielemann
>
> > In Modula-3 modules using hacks must be explicitly marked as UNSAFE. See
> > http://www.cs.purdue.edu/homes/hosking/m3/reference/unsafe.html
> > Maybe this is also an option for Haskell?
>
> I don't think this is a good idea. It comes down to a question of
> whether you think it should be allowed for Haskell code to be used to
> write core Haskell libraries in a first-class manner. Perhaps you
> think libraries should always be in C in order to avoid the use of
> unsafePerformIO, but I prefer to allow them to be written in Haskell.
The Modula-3 designers acknowledged that there are things that should not
be done, but must be done, illustrated by the quotation:
"There are some cases that no law can be framed to cover."
That is, marking a module as UNSAFE does not discourage their usage, but
it swaps the burden of proof: For a safe module the compiler guarantees
that nasty things can't happen, for an unsafe module the programmer must
provide this warranty. If your program seg-faults you only have to scan
the UNSAFE modules.
For running untrusted Haskell code, this means, that if someone sends
Haskell code to you (maybe as solution of an exercise) that is labelled
'safe' and uses no IO or a restricted IO wrapper type, then some
especially nasty things can't happen - however the according Wiki page
lists even more problems.
More information about the Haskell-Cafe
mailing list