[Haskell-cafe] Safe Haskell?

Carter Schonwald carter.schonwald at gmail.com
Tue May 4 18:47:02 UTC 2021 

Hrmm “

   -

   RULES — Rewrite rules defined in a module M compiled with Safe
   <https://downloads.haskell.org/ghc/latest/docs/html/users_guide/exts/safe_haskell.html#extension-Safe>
are
   dropped. Rules defined in Trustworthy modules that M imports are still
   valid and will fire as usual.

”
Huh I suppose I’m wrong! I thought it was difference or more subtle than
that

On Tue, May 4, 2021 at 2:38 PM Carter Schonwald <carter.schonwald at gmail.com>
wrote:

> Are you sure?
>
> It also says  "The use of Safe to compile Danger restricts the features
> of Haskell that can be used to a safe subset. This includes disallowing
> unsafePerformIO, Template Haskell, pure FFI functions, RULES and
> restricting the operation of Overlapping Instances."
>
>
> On Tue, May 4, 2021 at 8:32 AM Oleg Grenrus <oleg.grenrus at iki.fi> wrote:
>
>> The GHC manual says [1]
>>
>> RULES — Rewrite rules defined in a module M compiled with Safe are
>> dropped. Rules defined in Trustworthy modules that M imports are still
>> valid and will fire as usual.
>>
>> So rules are still in use, and e.g. list fusion works. Library authors
>> cannot define their own RULES in Safe modules, but they are (always, no
>> need to -Wall) warned about the fact that these rules are ignored. I
>> don't see a possibility for silent performance regressions.
>>
>> - Oleg
>>
>> [1]:
>>
>> https://downloads.haskell.org/ghc/9.0.1/docs/html/users_guide/exts/safe_haskell.html#building-secure-systems-restricted-io-monads
>>
>> On 4.5.2021 15.10, Carter Schonwald wrote:
>>
>> > Default safety isn’t quite what you want in normal packages, because
>> > that disables all user land rewrite rules! It may have other
>> > implications too, but short of augmenting ghc with a proof system for
>> > correctness of rewrite rules, default safehaskell is at odds with
>> > optimized builds.
>> >
>> > On Mon, May 3, 2021 at 10:28 AM Richard Eisenberg <rae at richarde.dev
>> > <mailto:rae at richarde.dev>> wrote:
>> >
>> >
>> >
>> >>     On May 3, 2021, at 7:40 AM, Tom Smeding <x at tomsmeding.com
>> >>     <mailto:x at tomsmeding.com>> wrote:
>> >>
>> >>     But perhaps I'm being ignorant of other existing cases where this
>> >>     already matters, and I've been living in an idealised world until
>> >>     now.
>> >
>> >     Sad to say it, but order does matter here.
>> >
>> >     In the very simple case, if you have {-# LANGUAGE
>> >     FlexibleContexts, NoFlexibleContexts #-}, that's different from
>> >     {-# LANGUAGE NoFlexibleContexts, FlexibleContexts #-} -- later
>> >     extensions override earlier ones. This problem becomes more
>> >     confounding when we recognize that some extensions imply others.
>> >     For example {-# LANGUAGE TypeFamilies, NoMonoLocalBinds #-} means
>> >     something different from {-# LANGUAGE NoMonoLocalBinds,
>> >     TypeFamilies #-} because TypeFamilies implies MonoLocalBinds.
>> >     Perhaps even worse, {-# LANGUAGE CUSKs, StandaloneKindSignatures
>> >     #-} differs from {-# LANGUAGE StandaloneKindSignatures, CUSKs #-}
>> >     because StandaloneKindSignatures implies NoCUSKs.
>> >
>> >     Returning to Safe Haskell:
>> >
>> >     It's true that Safe cannot be overridden locally. This is
>> >     implemented by the fact that NoSafe does not exist. To me, this
>> >     design makes sense, because it means that compiling with `ghc
>> >     -XSafe` is guaranteed to use Safe Haskell. So we would need
>> >     something like a default-safety field in Cabal, that could be
>> >     overridden locally.
>> >
>> >     But, still, this may be easier than the status quo.
>> >
>> >     Do we think this would work? Specifically:
>> >
>> >     * Introduce a new flag -fdefault-safety={safe,trustworthy,unsafe}
>> >     that changes the module-level default. This default names the
>> >     safety level in effect for any module that declares none of Safe,
>> >     Trustworthy, or Unsafe.
>> >     * If -fdefault-safety is not specified at the command line, it is
>> >     as if the user wrote -fdefault-safety=unsafe.
>> >
>> >     And that's it.
>> >
>> >     Consequence: Safe-inference would never take place, because every
>> >     module would have a declared level of Safety. The Safe-inference
>> >     code could thus be removed.
>> >
>> >     Further work: Introduce default-safety in Cabal, but that's not
>> >     really necessary to make the changes above.
>> >
>> >     What do we think?
>> >
>> >     Richard
>> >     _______________________________________________
>> >     Haskell-Cafe mailing list
>> >     To (un)subscribe, modify options or view archives go to:
>> >     http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> >     Only members subscribed via the mailman list are allowed to post.
>> >
>> >
>> > _______________________________________________
>> > Haskell-Cafe mailing list
>> > To (un)subscribe, modify options or view archives go to:
>> > http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> > Only members subscribed via the mailman list are allowed to post.
>> _______________________________________________
>> Haskell-Cafe mailing list
>> To (un)subscribe, modify options or view archives go to:
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell-cafe
>> Only members subscribed via the mailman list are allowed to post.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/haskell-cafe/attachments/20210504/dd78ed23/attachment.html>

More information about the Haskell-Cafe mailing list