proposal: add 'unsafeCoerce'
Robert Dockins
robdockins at fastmail.fm
Fri Nov 10 20:06:20 EST 2006
On Friday 10 November 2006 17:43, Samuel Bronson wrote:
> On 11/10/06, Ashley Yakeley <ashley at semantic.org> wrote:
> > kahl at cas.mcmaster.ca wrote:
> > > I'd much prefer Data.Unsafe.
> >
> > I'd like to see all unsafe function in an Unsafe.* hierarchy (possibly
> > consisting only of the single module Unsafe). Thus one could avoid
> > unsafety altogether by avoiding the Unsafe and Foreign hierarchies.
>
> Couldn't you just avoid using functions having "unsafe" as a name
> prefix? Its not like they have names like "inocuousPerformIO" or
> anything!
It would be nice to be able to disallow all unsafe code by managing module
imports.
Suppose I want to run untrusted code. If I can verify that it doesn't use
FFI, that it uses no unsafe primitives, and that it typechecks, then I know
it is _unconditionally_ typesafe. If I can disallow unsafe primitives by
just limiting the Unsafe.* and Foreign.* modules, that's a big win. If I
instead have to keep a list of unsafe functions, that's not so good.
So, I guess count this as another vote for Unsafe.*
--
Rob Dockins
Talk softly and drive a Sherman tank.
Laugh hard, it's a long way to the bank.
-- TMBG
More information about the Libraries
mailing list