## Coercions from plugins cannot be stopped from floating out

Suppose we have

`type family (a :: Nat) <? (b :: Nat) :: Bool`

that computes whether `a`

is less than `b`

, where a type checker plugin does the proof work. For some `a`

, `b`

, and `c`

, if we assume `(a <? b) ~ True`

and `(b <? c) ~ True`

, the plugin can prove `(a <? c) ~ True`

. However, GHC currently provides no way for the plugin to indicate that the proof of `(a <? c) ~ True`

depends on the assumptions. This means that the plugin-produced proof evidence could potentially float out of its desired context, inviting disaster.

In term of `Coercion`

s, I propose that the `PluginProv`

constructor of `UnivCoProvenance`

be allowed to include a `TyCoVarSet`

of "free variables" (that is, assumptions) in the proof. Computing the free variables of the enclosing `UnivCo`

would returns these variables, too. It is, of course, up to the plugin to provide the right information here, but plugins generally have enough information to do this correctly (or, at least, to conservatively list all free variables of assumptions as free variables of the conclusion).

## Trac metadata

Trac field | Value |
---|---|

Version | 8.4.3 |

Type | Bug |

TypeOfFailure | OtherFailure |

Priority | normal |

Resolution | Unresolved |

Component | Compiler |

Test case | |

Differential revisions | |

BlockedBy | |

Related | |

Blocking | |

CC | dotwani@haverford.edu |

Operating system | |

Architecture |