SafeHaskell implying other options
There have been several type checker bugs -- including #7453 (closed) and #7354 (closed) -- that have led to type-checker unsafeCoerce/panic/etc., which is a problem under SafeHaskell. In many cases the issue is caught by -dcore-lint
. I'm not sure how much overhead core-linting has, but it seems like it could be a good idea to turn it on by default at least when SafeHaskell is on.
Right now it's listed as a "compiler debugging option", but it seems that common wisdom is that you should use it if you care about security. Should you also use stg-lint
/cmm-lint
? Any other options? This should be clearly documented.
Relatedly: Earlier today someone was running a Haskell-evaluating IRC bot. It was running with SafeHaskell, but also happened to have GeneralizedNewtypeDeriving turned on, which made it possible to derive unsafeCoerce
. Should more care be taken that unsafe options are never turned on at the same time as SafeHaskell?
(Continued from #7354 (closed).)
Trac metadata
Trac field | Value |
---|---|
Version | 7.6.1 |
Type | FeatureRequest |
TypeOfFailure | OtherFailure |
Priority | normal |
Resolution | Unresolved |
Component | Compiler |
Test case | |
Differential revisions | |
BlockedBy | |
Related | |
Blocking | |
CC | |
Operating system | |
Architecture |