Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
  • Sign in / Register
GHC
GHC
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 4,248
    • Issues 4,248
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 391
    • Merge Requests 391
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Incidents
    • Environments
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • Glasgow Haskell Compiler
  • GHCGHC
  • Issues
  • #8310

Closed
Open
Opened Sep 16, 2013 by Edward Kmett@ekmett

Can we change the semantics of `Trustworthy`?

I would like to propose that if I put {-# LANGUAGE Trustworthy #-} on a module and it infers as Safe, then the module should get marked Safe instead of Trustworthy. Putting Trustworthy in right now has the semantics "it is at most Trustworthy".

It would be far more useful to have the semantics "it is at least Trustworthy".

The current situation is actually a maintenance nightmare.

Currently, if I incur a dependency on a package has some Safe versions and some non-Safe versions, but I know I'm not using any unsafe componentry of it, I have to either

a.) Mark my package Trustworthy unnecessarily enlarging the trusted code base a lot.

b.) Track ALL of the dependencies of my dependencies to know when it will be Safe rather than Trustworthy, then insert brittle CPP pragmas that often fail.

Consider that hashable 1.2.1.0 recently became flagged Trustworthy, but was previously not.

Now, if I want to properly infer as Safe, I have to track the exact version of hashable I depend on and whether or not my Typeable instance is being rolled manually and make an enormous composite #ifdef at the top of the module.

Worse, we got the patch in about a month ago, so to future proof my code I'd have had to be psychic.

Now consider that I have 50 other packages to maintain in this same manner. I wind up shotgunning Trustworthy, do deal with the fact that I deigned to provide instances for vector. If vector ever refactored to support Safe Haskell, I'd have to go fix up 50 very arcane CPP pragmas to match the internal details of an external package.

Then I wind up checking them by round tripping through cabal installs and checking my haddocks.

This is further complicated by the fact that some things are just becoming Safe "for free" as they go, due to the fact that they no longer need or can supply hand-rolled Typeable instances.

Trac metadata
Trac field Value
Version 7.6.3
Type FeatureRequest
TypeOfFailure OtherFailure
Priority normal
Resolution Unresolved
Component Compiler
Test case
Differential revisions
BlockedBy
Related
Blocking
CC ekmett@gmail.com
Operating system
Architecture
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: ghc/ghc#8310