darcs patch: Remove unsafeCoerce-importing kludgery in favor of Uns...

John Meacham john at repetae.net
Tue Jun 12 20:46:55 EDT 2007

On Tue, Jun 05, 2007 at 10:49:00AM +0100, Simon Marlow wrote:
> Ashley Yakeley wrote:
> >Can we move the other unsafe stuff into the Unsafe.* hierarchy?
> It's not clear to me that Unsafe.System.IO would be better than 
> System.IO.Unsafe.  What is the primary purpose of unsafePerformIO - to do 
> IO, or to be unsafe?
> I see the point - to clearly separate all the unsafe stuff - but there are 
> other categories of things that we might also want to separate (e.g. 
> Haskell 98 vs. non-Haskell 98, portable vs. non-portable, deprecated vs. 
> current...).  We made the decision a long time ago that the hierarchy 
> should categorise by functionality rather than any other property of 
> modules.  There are exceptions (System.Posix), but it's still a good rule 
> of thumb.

indeed. I agree with this. also, I really dislike the 'unsafe'
categorization as a catch all for all sorts of "bad" things. I mean, we
don't have 'UnsafeIx' or, unsafePoke, but we have things like
'unsafeChr' when perhaps 'uncheckedChr' would have been more

Not that I am opposed to making it clear what side conditions the user
needs to worry about when using a routine, but that is what liberal
haddock documentation is for. 

I think unsafePerformIO and unsafeCoerce are good, because they both
allow you to directly break the _static_ sematics of the language. as in, they
directly subvert the type system. However, I think many of the other
uses should be elided (with liberal documentation) or changed to
something more appropriate.

This is why I think an 'Unsafe.*' would be a bad idea. it would be a
dumping ground for lots of routines with nothing in common other than it
made someone uncomfortable at some point. I mean, think if all the
ByteString functions dealing with pointers had to move there because you
might pass in a bad pointer. 

We really need to stop using the terms 'safe' and 'unsafe' so much
actually. like the recent suggestion of a '-fsafe' flag for ghc. does
that mean it makes your code safer? from which use of safe? does it only
allows safe code? or assumes your code is safe so turns off type
checking? something like '-funtrusted' would be more descriptive and


John Meacham - ⑆repetae.net⑆john⑈

More information about the Libraries mailing list