Changes between Version 2 and Version 3 of SafeHaskell


Ignore:
Timestamp:
Nov 8, 2010 8:23:57 AM (4 years ago)
Author:
David
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SafeHaskell

    v2 v3  
    3737 * The {{{OverlappingInstances}}} extension may allow unsafe actions, because untrusted code can potentially redefine a type instance (by containing a more specific instance definition) in a way that changes the behavior of code importing the untrusted module. 
    3838 
     39 * Likewise, {{{RULES}}} and {{{SPECIALIZE}}} pragmas can change the behavior of trusted code in unanticipated ways. 
     40 
    3941 * The {{{StandaloneDeriving}}} extension can be used to violate constructor access control by defining instances of {{{Read}}} and {{{Show}}} to examine and construct data values with inaccessible constructors. 
    4042 
     
    5153Either {{{-XSafe}}} should disallow {{{ {-# LANGUAGE MagicHash #-} }}} pragmas, or the {{{GHC.Prim}}} module might need to be split into two modules, {{{GHC.Prim.Unsafe}}} and {{{GHC.Prim}}}, where only the latter is safe. 
    5254 
    53 {{{-XSafe}}} should disallow {{{FFI}}}, {{{TemplateHaskell}}}, {{{OverlappingInstances}}}, {{{StandaloneDeriving}}}, and {{{GeneralizedNewtypeDeriving}}}. 
     55{{{-XSafe}}} should disallow the {{{FFI}}}, {{{TemplateHaskell}}}, {{{OverlappingInstances}}}, {{{StandaloneDeriving}}}, and {{{GeneralizedNewtypeDeriving}}} language extensions, as well as {{{RULES}}} and {{{SPECIALIZE}}} pragmas. 
    5456 
    5557Libraries will progressively need to be updated to export safe interfaces, which may require moving unsafe functions into separate modules, or adding new {{{ {-# LANGUAGE Safe #-} }}} modules that re-export a safe subset of symbols.  Ideally, most modules in widely-used libraries would eventually contain either {{{ {-# LANGUAGE Safe -#} }}} or {{{ {-# LANGUAGE Trusted -#} }}} pragmas, except for internal modules or a few modules exporting unsafe symbols.  Maybe haddock could add some indicator to make it obvious which modules are safe.