On Tue, Dec 27, 2022 at 10:31:07PM +0100, Jaro Reinders wrote:
The bytestring package does have run time bounds checks. So maybe Safe Haskell is safer than you think?
No. The safety depends on careful Safe/Unsafe marking of an unmanageable and growing set of modules. How does GHC know that "Data.ByteString.Unsafe" is actually "unsafe" in the sense of "Safe" Haskell? λ> BS.index x 10 *** Exception: Data.ByteString.index: index too large: 10, length = 6 CallStack (from HasCallStack): error, called at libraries/bytestring/Data/ByteString.hs:2026:23 in bytestring-0.11.3.1:Data.ByteString moduleError, called at libraries/bytestring/Data/ByteString.hs:1232:24 in bytestring-0.11.3.1:Data.ByteString index, called at <interactive>:7:1 in interactive:Ghci3 λ> import Data.ByteString.Unsafe as UBS λ> UBS.unsafeIndex x 30000 27 λ> UBS.unsafeIndex x 1000000 162 λ> UBS.unsafeIndex x 10000000 185 λ> UBS.unsafeIndex x 100000000 Segmentation fault (core dumped) This is too brittle to be safe on an ongoing basis in practice. -- Viktor.