We need to add role annotations for 7.8

Richard Eisenberg eir at cis.upenn.edu
Fri Mar 14 16:25:16 UTC 2014


On Mar 14, 2014, at 11:41 AM, Mikhail Glushenkov <the.dead.shall.rise at gmail.com> wrote:

> Hi Richard,
> 
> On 14 March 2014 15:22, Richard Eisenberg <eir at cis.upenn.edu> wrote:
>> There has been some thought about making `coerce`'s behavior different with
>> -XSafe than without. See, for example, tickets #8745
>> (https://ghc.haskell.org/trac/ghc/ticket/8745) and #8827
>> (https://ghc.haskell.org/trac/ghc/ticket/8827). In the end, we decided to
>> remove this, instead believing authors' role annotations (or lack thereof).
> 
> Interesting, it looks like the paper hasn't yet been updated to reflect this.

That's correct. This is a late-breaking design decision.

> 
>> Note that 7.8 does not actually give users a new way to break abstractions
>> -- GeneralizedNewtypeDeriving has been around for a while. What 7.8 provides
>> is a way to break abstractions more easily (`coerce`) and a way to prevent
>> this from happening (role annotations).
> 
> Isn't this false in the case of -XSafe? In 7.8 one will be able to
> coerce 'Map Int a' to 'Map Age a' (provided that there is no role
> annotation for Map), which didn't work previously because SafeHaskell
> prohibited GND.

This is an even thornier corner of a thorny design decision. As one can discover from various public sources, I have advocated for adding extra checks under -XSafe, essentially closing this hole, as described in the paper and in those tickets. However, due to trouble *inferring* safe mode with the extra checks, and the fact that there was no clear design goal to attend to, we decided to drop the checks, with Simon PJ consistently advocating against the checks. There's nothing insurmountable here, just more engineering overhead. Is it worth it?

The real trouble with making this decision is that we have no real guidance. We've tried contacting David Terei (the originator of Safe Haskell) several times to no avail. If you are an actual consumer of Safe Haskell and would like to share your opinion on this front, I do encourage you to make a ticket, essentially requesting a resurrection of the extra Safe checks.

Richard


More information about the Libraries mailing list