We should make it easy to do safe (~= no IO) Haskell.
Things to think about include:
- Expressions with type IO a
- unsafePerformIO etc
- unsafe array indexing functions etc
- FFI declarations
- Template Haskell
- bugs like custom Ix instances allowing incorrect array indexing
- importing other modules which can do unsafe things (this generalises some of the above)
- Allowing restricted IO functions, e.g. reading/writing functions within a certain directory only
We may want to add support for this to GHC and/or Cabal, e.g. only allow a module to be compiled with
-fsafe if (a) all of its imports are marked safe (a new ghc-pkg field) and (b) it only does safe things itself (no TH etc). It would also be possible to tell ghc-pkg that you consider a module safe.
There's a proposal at http://www.pphsg.org/safeghc/ for a similar thing, but at the value level rather than the module/package level. However, we don't think the increased implementation cost is worth the small extra benefit it provides.
One might also worry about resource exhaustion.
There have also been a number of discussions about his on the mailing lists and on IRC, e.g. the thread beginning http://www.haskell.org/pipermail/haskell-cafe/2007-May/025941.html
Working out exactly what it should do is half of the challenge here!