The Data.Array.* hierarchy is unsafe (or, Segfaulting for fun and profit)

Simon Peyton-Jones simonpj at
Wed Dec 6 02:50:30 EST 2006

| > To me, the wording "An implementation is entitled to assume..." implies that
| > there are no obligations on the implementation should the assumption not hold -
| > no obligation to yield _|_ or any other behaviour.
| >
| > > If "laws not satisfied => any behaviour OK" were the correct
| > > interpretation, then it would be OK for the Array implementation to
| > > wipe all your files at the first encounter of a broken Ix law... ;)
| >
| > Yup.  That's not quite as bad as in C, where it's ok for an implementation to
| > wipe all your files if you overflow the int type...
| >
| > Cheers,
| >         Simon
| Still, this is pretty bad, and raises questions about the safety of
| Haskell programs in general.  It seems unsatisfactory that if a
| programmer makes a mistake in the definition of an 'Ix' instance, then
| there are no guarantees about the behavior of their program at all...

I rather agree with Iavor here.  If a program makes no use of unsafeX functions, and has no foreign calls, and passes the typechecker, then it should not crash.

However, I don't see how to achieve this for array indexing, without adding another test to every array access.


More information about the Libraries mailing list