Changes between Version 21 and Version 22 of SafeHaskell


Ignore:
Timestamp:
Jan 14, 2011 11:53:09 AM (3 years ago)
Author:
simonpj
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SafeHaskell

    v21 v22  
    3939== Ultra-safety == 
    4040 
     41'''SLPJ note'''. This entire subsection is new. See if you agree with it.  If you do, there'd be some knock-on effects.  Notably an ultra-safe module should have only ultrasafe imports.  And some of the later stuff about RIO would need adjusting.  '''End of SLPJ note'''. 
     42 
    4143The safe dialect does not prevent use of the symbol `IO`. Nor does it prevent use of `foreign import`.  So this module is OK: 
    4244{{{ 
     
    5456  rm = RM deleteAllFiles 
    5557}}} 
    56 The flag (and LANGUAGE pragma) `UltraSafe` is just like `Safe` except that it also disables `foreign import`.  This strengtens the safety guarantee, by esuring that a `UltraSafe` module can construct IO actions only by composing together IO actions that it imports from trusted modules. 
     58The flag (and LANGUAGE pragma) `UltraSafe` is just like `Safe` except that it also disables `foreign import`.  This strengtens the safety guarantee, by esuring that a `UltraSafe` module can construct IO actions only by composing together IO actions that it imports from trusted modules.  Note that `UltraSafe` does not disable the use of IO itself. For example this is fine: 
     59{{{ 
     60{-# LANGUAGE UltraSafe #-} 
     61module OK( print2 ) where 
     62  import IO( print ) 
     63  print2 :: Int -> IO () 
     64  print2 x = do { print x; print x } 
     65}}} 
     66 
    5767 
    5868== Module trust == 
     
    98108 * `-distrust-all-packages` - considers all packages untrusted unless they are explicitly trusted by subsequent command-line options.  (This option does not change the exposed/hidden status of packages, so is not equivalent to applying `-distrust` to all packages on the system.) 
    99109 
    100  * A convenience option `-ultrasafe` is equivalent to {{{-distrust-all-packages -XNoForeignFunctionInterface -XNoImplicitPrelude -XSafe}}}. 
     110 * A convenience option `-ultrasafe` is equivalent to {{{-distrust-all-packages -XNoForeignFunctionInterface -XNoImplicitPrelude -XSafe}}}.  '''SLPJ note''' I don't agree.  An ultrasafe module should be able to import trusted packages, otherwise how could it do any IO?  It's just that an ultrasafe module should not do foreign-import.  '''End of SLPJ note'''. 
    101111 
    102112None of these options can be specified or overwritten by `OPTIONS_GHC` pragmas in the Safe dialect.