The Data.Array.* hierarchy is unsafe (or, Segfaulting for fun
and profit)
Simon Peyton-Jones
simonpj at microsoft.com
Wed Dec 6 02:50:30 EST 2006
| > To me, the wording "An implementation is entitled to assume..." implies that
| > there are no obligations on the implementation should the assumption not hold -
| > no obligation to yield _|_ or any other behaviour.
| >
| > > If "laws not satisfied => any behaviour OK" were the correct
| > > interpretation, then it would be OK for the Array implementation to
| > > wipe all your files at the first encounter of a broken Ix law... ;)
| >
| > Yup. That's not quite as bad as in C, where it's ok for an implementation to
| > wipe all your files if you overflow the int type...
| >
| > Cheers,
| > Simon
|
| Still, this is pretty bad, and raises questions about the safety of
| Haskell programs in general. It seems unsatisfactory that if a
| programmer makes a mistake in the definition of an 'Ix' instance, then
| there are no guarantees about the behavior of their program at all...
I rather agree with Iavor here. If a program makes no use of unsafeX functions, and has no foreign calls, and passes the typechecker, then it should not crash.
However, I don't see how to achieve this for array indexing, without adding another test to every array access.
Simon
More information about the Libraries
mailing list