Haskell Platform proposal: Add the vector package
Simon Marlow
marlowsd at gmail.com
Mon Jul 16 16:48:26 CEST 2012
On 16/07/2012 15:25, Roman Leshchinskiy wrote:
> Simon Marlow wrote:
>> On 16/07/2012 13:55, Roman Leshchinskiy wrote:
>>> Simon Marlow wrote:
>>>>
>>>> Just to repeat what I said earlier, I don't see there being any
>>>> objection to putting unsafeRead with the other unsafe functions in
>>>> vector, even though technically it is safe.
>>>
>>> Actually, this particular bit probably isn't a problem. I actually
>>> simplified the example slightly. The real type of unsafeRead is:
>>>
>>> unsafeRead :: (PrimMonad m, MVector v a) => v (PrimState m) a -> Int ->
>>> m a
>>>
>>> Hier, m is either IO or ST. What I didn't realise was that runST is
>>> marked
>>> as Trustworthy. This means that for ST-based code to be Trustworthy, it
>>> must really be safe when executed. This is different from IO where Safe
>>> Haskell doesn't care what happens when it's executed. I'm not sure if
>>> this
>>> is documented anywhere, it certainly wasn't obvious to me. The end
>>> effect
>>> is that while the IO instantiation of unsafeRead is safe, the ST one
>>> isn't. Hence, it can't be marked as Trustworthy anyway. All functions on
>>> mutable vectors are overloaded in this way, so it seems that the
>>> presence
>>> of ST makes Safe Haskell's notion of safety much closer to the one
>>> vector
>>> uses.
>>
>> Ok, that's good then.
>>
>> The point about IO is made in the paper, but should probably be more
>> clear in the documentation.
>
> It's not IO I was confused about, it's ST which isn't mentioned anywhere
> in the paper AFAICS. There is a choice here. Either runST is declared
> Trustworthy and then the semantics of all ST code when executed affects
> safety. Or runST is *not* declared Trustworthy and then the semantics of
> ST code when executed doesn't matter because there is no Safe way to
> execute it, just like IO. I agree that the former is the right choice but
> it wasn't obvious to me that this is what has been implemented. In fact,
> the only way for me to find out was to look at the modules that export
> runST and friends and see if any of them is marked Trustworthy.
Ah ok, so your concern was that you couldn't easily find out whether
runST was safe or not? If you look at the library docs:
http://www.haskell.org/ghc/docs/latest/html/libraries/base-4.5.1.0/Control-Monad-ST.html
you'll see that Control.Monad.ST is Unsafe (because it exports three
unsafe functions). But there's a Trustworthy API:
http://www.haskell.org/ghc/docs/latest/html/libraries/base-4.5.1.0/Control-Monad-ST-Safe.html
I wasn't aware that we'd split things this way, it was probably for
backwards compatibility reasons.
Cheers,
Simon
More information about the Libraries
mailing list