ANN: H98 FFI Addendum 1.0, Release Candidate 10

[Alastair Reid]

> That is, document
> unsafePerformIO enough to serve the FFI, but stipulate limits to preserve
> equational reasoning. 

I think this is very hard to do.

When we use unsafePerformIO in the ffi, we are using the IO monad to
sequence [un]marshalling side-effects.  For example, peeking and poking
foreign memory locations, allocating and freeing memory, etc.  We might even 
be making remote procedure calls over a network (for example, COM could 
transparently do this) or creating a temporary file which is deleted after 
use.

These side effects might only affect this process (fiddling with memory) or 
they might affect the operating system (using sbrk to allocate more memory) 
or they might affect the network (remote procedure calls).  They are 
certainly visible outside the confines of the Haskell code.

We have to construct a semantics which says 'if you only allow observations of 
the form <insert your set of allowed observations here> then unsafePerformIO 
is safe'.  The problem is that people might reasonably disagree about what a 
reasonable set of observations are.  Most people would want to exclude any 
modification of the filesystem or network but, for some applications, those 
are entirely reasonable things to access.

--
Alastair Reid