[Haskell-cafe] Safe lens?

Michael Sloan mgsloan at gmail.com
Mon Oct 29 19:23:30 CET 2012 

I've never understood this restriction.  Template Haskell cannot
convert your code to something entirely different, only generate code
at splice points.  It seems to me like Safe Haskell should already
have the necessary mechanisms for Safe Template Haskell to be
implemented.

The Safe Haskell docs say "TemplateHaskell — Is particularly
dangerous, as it can cause side effects even at compilation time and
can be used to access constructors of abstract data types."

Also:
"Module boundary control — Haskell code compiled using the safe
language is guaranteed to only access symbols that are publicly
available to it through other modules export lists. An important part
of this is that safe compiled code is not able to examine or create
data values using data constructors that it cannot import. If a module
M establishes some invariants through careful use of its export list
then code compiled using the safe language that imports M is
guaranteed to respect those invariants. Because of this, Template
Haskell and GeneralizedNewtypeDeriving are disabled in the safe
language as they can be used to violate this property. "

This seems like something that could be readily fixed - just make
"reify" throw an error when attempting to inspect non-exported things
when compiling with "-XSafe".  We'd also need to check that the
generated code does not reference things from unsafe modules (as it
can reference things that aren't imported).

I'm not sure why "it can cause side effects even at compile time".  If
the module with the Template Haskell code is -XSafe or -XTrustworthy,
then presumably it does not cause side effects.  One side effect that
could be troublesome is divergence / bottom.  This seems OK to me, as
the user already has to deal with this in runtime code and the errors
aren't very cryptic.

-Michael

On Mon, Oct 29, 2012 at 10:14 AM, Petr P <petr.mvd at gmail.com> wrote:
>   Hi
>
> I believe the reason is that it uses TemplateHaskell for automatic
> derivation of labels. And TemplateHaskell is of course unsafe, since
> it could convert your code into something entirely different.
>
>   Best regards,
>   Petr Pudlak
>
> 2012/10/29 Greg Fitzgerald <garious at gmail.com>:
>> Why are getters from the 'lens' package unsafe?  Is there a subset
>> like Data.Label.Pure from 'fclabels' that can be imported safely?
>>
>>
>> $ cat a.hs
>> {-# LANGUAGE Safe #-}
>>
>> import Control.Lens.Getter
>>
>> main = print 123
>>
>> $ runghc a.hs
>>
>> a.hs:3:1:
>>     Control.Lens.Getter: Can't be safely imported!
>>     The module itself isn't safe.
>>
>>
>> Thanks,
>> Greg
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe

More information about the Haskell-Cafe mailing list