proposal: add 'unsafeCoerce'

Donald Bruce Stewart dons at
Fri Nov 10 21:47:36 EST 2006

> On Friday 10 November 2006 17:43, Samuel Bronson wrote:
> > On 11/10/06, Ashley Yakeley <ashley at> wrote:
> > > kahl at wrote:
> > > > I'd much prefer Data.Unsafe.
> > >
> > > I'd like to see all unsafe function in an Unsafe.* hierarchy (possibly
> > > consisting only of the single module Unsafe). Thus one could avoid
> > > unsafety altogether by avoiding the Unsafe and Foreign hierarchies.
> >
> > Couldn't you just avoid using functions having "unsafe" as a name
> > prefix? Its not like they have names like "inocuousPerformIO" or
> > anything!
> It would be nice to be able to disallow all unsafe code by managing module 
> imports.

yes! this was *critical* in lambdabot, for allowing random users to run
pure h98 expressions. A lot of time went in to working out the trusted
module import base (so not stToIo, , unsafe* and so on).

Currently unsafe things are scattered around System.*, Data.Array.*

This isn't ideal.

> Suppose I want to run untrusted code.  If I can verify that it doesn't use 
> FFI, that it uses no unsafe primitives, and that it typechecks, then I know 
> it is _unconditionally_ typesafe.  If I can disallow unsafe primitives by 
> just limiting the Unsafe.* and Foreign.* modules, that's a big win.  If I 
> instead have to keep a list of unsafe functions, that's not so good.
> So, I guess count this as another vote for Unsafe.*

-- Don

More information about the Libraries mailing list