[Haskell-cafe] Safe Haskell?

Oleg Grenrus oleg.grenrus at iki.fi
Mon May 3 10:53:24 UTC 2021


Removing inference: yes, IMO it would be better then current state of
affairs. Please write a proposal.

However, `default-extensions: Safe` wouldn't just work. Often some
modules are just Trustworthy, or even plain out Unsafe (e.g. in bytestring)

    {-# LANGUAGE Safe #-}
    {-# LANGUAGE Trustworthy #-}

file errors with

     ghc: SH.hs:2:14-24: Incompatible Safe Haskell flags! (Safe,
Trustworthy)

(same if you ghc -XSafe TrustworthyModule.hs)

We can argue back and forth whether we should be able to override
Safe-Haskell status.
- Overriding would make sense, as -XHaskell2010 -XGHC2021 -XHaskell2010
works.
- OTOH, safety is peculiar, so there probably was a discussion
justifying current behavior, which is to prohibit overriding. (Probably
one argument is that if the extensions are in module, then sorting them
shouldn't change the result! with Safe Haskell it's harder to spot - you
have to write tests - than with mixing up Haskell98/2010/GHC2021).

Yet, I'll be happy with any option.

- Oleg

On 28.4.2021 21.07, Richard Eisenberg wrote:
>
>
>> On Apr 28, 2021, at 11:51 AM, Oleg Grenrus <oleg.grenrus at iki.fi
>> <mailto:oleg.grenrus at iki.fi>> wrote:
>>
>> TL;DR Safe Haskell requires buy-in from every maintainer, but there are
>> barely
>> any users. For how much longer we need to run this "academic experiment"?
>
> This is a good way to put it. The reason I've swung around in favor of
> keeping what we have is that I think *some* structure like Safe
> Haskell is needed for proper security. The idea is that an author
> should have to trust only a few packages (like `bytestring`), and
> these packages can advertise their wide level of trust in a central
> location, like Hackage. This trust system exists now, but it's not
> widely advertised. If we were to remove Safe Haskell, this trust
> system would disappear, only (likely) to be replaced by a very similar
> trust system required by the successor to Safe Haskell.
>
> So, given the real costs associated with discussing how best to remove
> the feature, then removing it, then having libraries remove it, seem
> not quite worth it.
>
> On the other hand, perhaps you've implicitly suggested something: just
> disable Safe-inference. That is, every module starts off Unsafe. This
> could easily be overridden at the package level with
> default-extensions: Safe in a cabal file. If we had no safe-inference,
> would that solve the library-level problems? It would certainly remove
> a good deal of the complexity within GHC!
>
> Richard


More information about the Haskell-Cafe mailing list