SafeHaskell implying other options
|Reported by:||shachaf||Owned by:|
|Type of failure:||GHC accepts invalid program||Test Case:|
|Related Tickets:||Differential Revisions:|
There have been several type checker bugs -- including #7453 and #7354 -- that have led to type-checker unsafeCoerce/panic/etc., which is a problem under SafeHaskell. In many cases the issue is caught by -dcore-lint. I'm not sure how much overhead core-linting has, but it seems like it could be a good idea to turn it on by default at least when SafeHaskell is on.
Right now it's listed as a "compiler debugging option", but it seems that common wisdom is that you should use it if you care about security. Should you also use stg-lint/cmm-lint? Any other options? This should be clearly documented.
Relatedly: Earlier today someone was running a Haskell-evaluating IRC bot. It was running with SafeHaskell, but also happened to have GeneralizedNewtypeDeriving turned on, which made it possible to derive unsafeCoerce. Should more care be taken that unsafe options are never turned on at the same time as SafeHaskell?
(Continued from #7354.)