Deprecating fromIntegral

Elliot Cameron eacameron at gmail.com
Sat Aug 8 14:09:08 UTC 2020


I agree the situation now is actually quite dire. It would be much, much
better to be partial than to corrupt data. Sadly even something as
ubiquitous as + and - suffer from a similar problem. The issue is in many
ways polymorphism. These functions are far less polymorphic than their
signatures.

What if we introduced partial versions of these functions and deprecated
the rest. Then if someone wants to guarantee there are no exceptions they
need to resort to more advanced tactics but at the very least we don't
corrupt.

On Sat, Aug 8, 2020, 9:45 AM Vanessa McHale <vamchale at gmail.com> wrote:

> -1 from me, massive work to overhaul the ecosystem.
>
> Maybe a haddock comment first?
>
> > On Aug 7, 2020, at 10:08 PM, Niklas Hambüchen via Libraries <
> libraries at haskell.org> wrote:
> >
> > Today I found another big bug caused by `fromIntegral`:
> >
> >    https://github.com/haskell-crypto/cryptonite/issues/330
> >
> > Incorrect hashes for all hash algorithms beyond 4 GiB of input. SHA hash
> collisions in my productions system.
> >
> > Restating what I said there:
> >
> > * Until we deprecate fromIntegral, Haskell code will always be subtly
> wrong and never be secure.
> > * If we don't fix this, people will shy away from using Haskell for
> serious work (or learn it the hard way). Rust and C both do this better.
> > * If the authors of key crypto libraries fall for these traps (no blame
> on them), who can get it right? We should remove the traps.
> >
> > The wrong code,
> >
> >    hashInternalUpdate ctx d (fromIntegral $ B.length b)
> >
> > exists because it simply does not look like wrong code. In contrast,
> >
> >    hashInternalUpdate ctx d (fromIntegralWrapping $ B.length b)
> >
> > does look like wrong code and would make anyone scrolling by suspicious.
> >
> > We can look away while continuing to claim that Haskell is a
> high-correctness language, or fix stuff like this and make it one.
> > _______________________________________________
> > Libraries mailing list
> > Libraries at haskell.org
> > http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>
> _______________________________________________
> Libraries mailing list
> Libraries at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/libraries/attachments/20200808/43f076f0/attachment.html>


More information about the Libraries mailing list