Haskell Platform proposal: Add the vector package

Roman Leshchinskiy rl at cse.unsw.edu.au
Mon Jul 16 16:25:27 CEST 2012


Simon Marlow wrote:
> On 16/07/2012 13:55, Roman Leshchinskiy wrote:
>> Simon Marlow wrote:
>>>
>>> Just to repeat what I said earlier, I don't see there being any
>>> objection to putting unsafeRead with the other unsafe functions in
>>> vector, even though technically it is safe.
>>
>> Actually, this particular bit probably isn't a problem. I actually
>> simplified the example slightly. The real type of unsafeRead is:
>>
>> unsafeRead :: (PrimMonad m, MVector v a) => v (PrimState m) a -> Int ->
>> m a
>>
>> Hier, m is either IO or ST. What I didn't realise was that runST is
>> marked
>> as Trustworthy. This means that for ST-based code to be Trustworthy, it
>> must really be safe when executed. This is different from IO where Safe
>> Haskell doesn't care what happens when it's executed. I'm not sure if
>> this
>> is documented anywhere, it certainly wasn't obvious to me. The end
>> effect
>> is that while the IO instantiation of unsafeRead is safe, the ST one
>> isn't. Hence, it can't be marked as Trustworthy anyway. All functions on
>> mutable vectors are overloaded in this way, so it seems that the
>> presence
>> of ST makes Safe Haskell's notion of safety much closer to the one
>> vector
>> uses.
>
> Ok, that's good then.
>
> The point about IO is made in the paper, but should probably be more
> clear in the documentation.

It's not IO I was confused about, it's ST which isn't mentioned anywhere
in the paper AFAICS. There is a choice here. Either runST is declared
Trustworthy and then the semantics of all ST code when executed affects
safety. Or runST is *not* declared Trustworthy and then the semantics of
ST code when executed doesn't matter because there is no Safe way to
execute it, just like IO. I agree that the former is the right choice but
it wasn't obvious to me that this is what has been implemented. In fact,
the only way for me to find out was to look at the modules that export
runST and friends and see if any of them is marked Trustworthy.

Roman






More information about the Libraries mailing list