GHC issueshttps://gitlab.haskell.org/ghc/ghc/-/issues2019-07-07T19:13:48Zhttps://gitlab.haskell.org/ghc/ghc/-/issues/1380Safe Haskell2019-07-07T19:13:48ZIan Lynagh <igloo@earth.li>Safe HaskellWe should make it easy to do safe (\~= no IO) Haskell.
Things to think about include:
- Expressions with type IO a
- unsafePerformIO etc
- unsafe array indexing functions etc
- FFI declarations
- Template Haskell
- bugs like custom Ix ...We should make it easy to do safe (\~= no IO) Haskell.
Things to think about include:
- Expressions with type IO a
- unsafePerformIO etc
- unsafe array indexing functions etc
- FFI declarations
- Template Haskell
- bugs like custom Ix instances allowing incorrect array indexing
- importing other modules which can do unsafe things (this generalises some of the above)
- Allowing restricted IO functions, e.g. reading/writing functions within a certain directory only
We may want to add support for this to GHC and/or Cabal, e.g. only allow a module to be compiled with `-fsafe` if (a) all of its imports are marked safe (a new ghc-pkg field) and (b) it only does safe things itself (no TH etc). It would also be possible to tell ghc-pkg that you consider a module safe.
There's a proposal at http://www.pphsg.org/safeghc/ for a similar thing, but at the value level rather than the module/package level. However, we don't think the increased implementation cost is worth the small extra benefit it provides.
One might also worry about resource exhaustion.
There have also been a number of discussions about his on the mailing lists and on IRC, e.g. the thread beginning http://www.haskell.org/pipermail/haskell-cafe/2007-May/025941.html
Working out exactly what it should do is half of the challenge here!
<details><summary>Trac metadata</summary>
| Trac field | Value |
| ---------------------- | -------------- |
| Version | 6.6.1 |
| Type | FeatureRequest |
| TypeOfFailure | OtherFailure |
| Priority | normal |
| Resolution | Unresolved |
| Component | None |
| Test case | |
| Differential revisions | |
| BlockedBy | |
| Related | |
| Blocking | |
| CC | |
| Operating system | Unknown |
| Architecture | Unknown |
</details>
<!-- {"blocked_by":[],"summary":"Safe Haskell","status":"New","operating_system":"Unknown","component":"None","related":[],"milestone":"⊥","resolution":"Unresolved","owner":{"tag":"Unowned"},"version":"6.6.1","keywords":[],"differentials":[],"test_case":"","architecture":"Unknown","cc":[""],"type":"FeatureRequest","description":"We should make it easy to do safe (~= no IO) Haskell.\r\n\r\nThings to think about include:\r\n * Expressions with type IO a\r\n * unsafePerformIO etc\r\n * unsafe array indexing functions etc\r\n * FFI declarations\r\n * Template Haskell\r\n * bugs like custom Ix instances allowing incorrect array indexing\r\n * importing other modules which can do unsafe things (this generalises some of the above)\r\n * Allowing restricted IO functions, e.g. reading/writing functions within a certain directory only\r\n\r\nWe may want to add support for this to GHC and/or Cabal, e.g. only allow a module to be compiled with `-fsafe` if (a) all of its imports are marked safe (a new ghc-pkg field) and (b) it only does safe things itself (no TH etc). It would also be possible to tell ghc-pkg that you consider a module safe.\r\n\r\nThere's a proposal at http://www.pphsg.org/safeghc/ for a similar thing, but at the value level rather than the module/package level. However, we don't think the increased implementation cost is worth the small extra benefit it provides.\r\n\r\nOne might also worry about resource exhaustion.\r\n\r\nThere have also been a number of discussions about his on the mailing lists and on IRC, e.g. the thread beginning http://www.haskell.org/pipermail/haskell-cafe/2007-May/025941.html\r\n\r\nWorking out exactly what it should do is half of the challenge here!","type_of_failure":"OtherFailure","blocking":[]} -->⊥dtereidterei