safe vs. unsafe (Was: Haskell Platform proposal: Add the vector package)
Heinrich Apfelmus
apfelmus at quantentunnel.de
Fri Jul 13 21:18:35 BST 2012
Simon Marlow wrote:
> Hi Thomas,
>
> All these questions are answered by the Haskell Symposium paper, which
> we'll post very shortly. FYI, the FFI is mostly safe, as long as you
> declare foreign imports to have an IO result type (otherwise it's
> unsafePerformIO, and hence unsafe). Unsafety is not viral: as soon as
> you have a safe API, you can declare its implementation to be
> Trustworthy, and then it is usable from safe code.
How strict are the requirements for Trustworthy code? For instance, my
reactive-banana library uses observable sharing, which is inherently
Unsafe. Of course, I think that my library is still Safe, but I have no
formal proof of this "fact". I have two options:
1. Mark my library as Trustworthy even though I don't have sufficient
proof. This severely weakens the guarantees of Safe Haskell.
2. Mark my library as Unsafe. But then people can't use it to write Safe
code and will complain.
The trouble is that I have a strong incentive to solve the problem
arising from 2 by doing 1. Oops.
Best regards,
Heinrich Apfelmus
--
http://apfelmus.nfshost.com
More information about the Haskell-platform
mailing list