safe vs. unsafe (Was: Haskell Platform proposal: Add the vector package)
Heinrich Apfelmus
apfelmus at quantentunnel.de
Tue Jul 17 14:12:03 BST 2012
Simon Marlow wrote:
> Perhaps I gave the wrong impression: of course you should carefully
> consider every use of unsafePerformIO, just as we already do. You
> should only mark an interface as Trustworthy if you really believe that
> it is.
>
> How firm should your belief be? Well, you could ask the same question
> about GHC's type system - do we really believe that if a program passes
> the type system then it can't crash? We haven't formally verified the
> type system or its implementation, after all. Similarly, does GHC's
> garbage collector work? In the absence of formal verification, it's all
> just code that we have to trust. Trustworthy Haskell code has exactly
> the same status, and the degree to which you trust any piece of code is
> up to you.
>
> What's new in Safe Haskell is that we can now have Haskell code that you
> do *not* have to trust, as long as you trust some other things:
> including the implementation of Safe Haskell, GHC's type system and RTS,
> and any Trustworthy Haskell libraries that are in the dependency chain.
Ah, ok, your explanation clears up a lot of confusion I had about
SafeHaskell and its purpose. Apparently, the source of the confusion is
that the word "safe" has many possible interpretations, while the one
used in this context is very specific. It might have been a good idea to
choose a different name for that reason, but then again, there is value
in setting a standard interpretation.
Best regards,
Heinrich Apfelmus
--
http://apfelmus.nfshost.com
More information about the Haskell-platform
mailing list