I think delaying is OK, but we should probably say something like "we're delaying for X and Y, but that doesn't mean that you can not sneak in Z*". * Unless Z is the StrictData language pragma and your name is Johan. ;) On Thu, Jan 29, 2015 at 9:58 AM, Simon Peyton Jones wrote:

Friends

In a call with a bunch of type hackers, we were discussing

https://ghc.haskell.org/trac/ghc/ticket/9858

This is a pretty serious bug. It allows a malicious person to construct his own unsafeCoerce, and so completely subverts Safe Haskell.

Actually there are two bugs (see comment:19). The first is easily fixed. But the second is not.

We explored various quick fixes, but the real solution is not far out of reach. It amounts to this:

· Every data type is automatically in Typeable. No need to say “deriving(Typeable)” or “AutoDeriveTypeable” (which would become deprecated)

· In implementation terms, the constraint solver treats Typeable specially, much as it already treats Coercible specially.

It’s not a huge job. It’d probably take a couple of days of implementation work, and some time for shaking out bugs and consequential changes. The biggest thing might be simply working out implementation design choices. (For example, there is a modest code-size cost to making everything Typeable, esp because that includes the data constructors of the type (which can be used in types, with DataKinds). Does that matter? Should we provide a way to suppress it? If so, we’d also need a way to express whether or not the Typable instance exists in the interface file.)

But it is a substantial change that will touch a lot of lines of code. Moreover, someone has to do it, and Iavor (who heroically volunteered) happens to be travelling next week.

So it’s really not the kind of thing we would usually do after RC2.

But (a) it’s serious and, as it happens, (b) there is also the BBP Prelude debate going on.

Hence the question: should we simply delay 7.10 by, say, a month? After all, the timetable is up to us. Doing so might give a bit more breathing space to the BBP debate, which might allow time for reflection and/or implementation of modest features to help the transition. (I know that several are under discussion.) Plus, anyone waiting for 7.10 can simply use RC2, which is pretty good.

Would that be a relief to the BBP debate? Or any other opinions.

Simon

PS: I know, I know: there is endless pressure to delay releases to get stuff in. If we give in to that pressure, we never make a release. But we should know when to break our own rules. Perhaps this is such an occasion.

_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs

After thinking about it a little, I'm fine with pushing the release out to March. I think #9858 is the more serious of our concerns vs a raging debate, too. My only concern really is dealing with the merging of such a patch. For example, if the patch to fix this is actually as wide ranging as we believe to the type hacker, I can definitely foresee a merge conflict, with, say, the recent -fwarn-redundant-constraints, which I've managed to leave out of 7.10 so far. In any case, with some more time, we can work those details out. On Thursday, January 29, 2015, Simon Peyton Jones wrote:

Friends

In a call with a bunch of type hackers, we were discussing

https://ghc.haskell.org/trac/ghc/ticket/9858

This is a pretty serious bug. It allows a malicious person to construct his own unsafeCoerce, and so completely subverts Safe Haskell.

Actually there are two bugs (see comment:19). The first is easily fixed. But the second is not.

We explored various quick fixes, but the real solution is not far out of reach. It amounts to this:

· Every data type is automatically in Typeable. No need to say “deriving(Typeable)” or “AutoDeriveTypeable” (which would become deprecated)

· In implementation terms, the constraint solver treats Typeable specially, much as it already treats Coercible specially.

It’s not a huge job. It’d probably take a couple of days of implementation work, and some time for shaking out bugs and consequential changes. The biggest thing might be simply working out implementation design choices. (For example, there is a modest code-size cost to making everything Typeable, esp because that includes the data constructors of the type (which can be used in types, with DataKinds). Does that matter? Should we provide a way to suppress it? If so, we’d also need a way to express whether or not the Typable instance exists in the interface file.)

But it is a substantial change that will touch a lot of lines of code. Moreover, someone has to do it, and Iavor (who heroically volunteered) happens to be travelling next week.

So it’s really not the kind of thing we would usually do after RC2.

But (a) it’s serious and, as it happens, (b) there is also the BBP Prelude debate going on.

Hence the question: should we simply delay 7.10 by, say, a month? After all, the timetable is up to us. Doing so might give a bit more breathing space to the BBP debate, which might allow time for reflection and/or implementation of modest features to help the transition. (I know that several are under discussion.) Plus, anyone waiting for 7.10 can simply use RC2, which is pretty good.

Would that be a relief to the BBP debate? Or any other opinions.

Simon

PS: I know, I know: there is endless pressure to delay releases to get stuff in. If we give in to that pressure, we never make a release. But we should know when to break our own rules. Perhaps this is such an occasion.

-- Regards, Austin Seipp, Haskell Consultant Well-Typed LLP, http://www.well-typed.com/

I'm worried about the code-size regression. We should definitely measure how bad it is before making a decision on whether to enable Typeable by default. +1 to delaying the release. Cheers, Simon On 29/01/2015 17:58, Simon Peyton Jones wrote:

Friends

In a call with a bunch of type hackers, we were discussing

https://ghc.haskell.org/trac/ghc/ticket/9858

This is a pretty serious bug. It allows a malicious person to construct his own unsafeCoerce, and so completely subverts Safe Haskell.

Actually there are two bugs (see comment:19). The first is easily fixed. But the second is not.

We explored various quick fixes, but the real solution is not far out of reach. It amounts to this:

·Every data type is automatically in Typeable. No need to say “deriving(Typeable)” or “AutoDeriveTypeable” (which would become deprecated)

·In implementation terms, the constraint solver treats Typeable specially, much as it already treats Coercible specially.

It’s not a huge job. It’d probably take a couple of days of implementation work, and some time for shaking out bugs and consequential changes. The biggest thing might be simply working out implementation design choices. (For example, there is a modest code-size cost to making everything Typeable, esp because that includes the data constructors of the type (which can be used in types, with DataKinds). Does that matter? Should we provide a way to suppress it? If so, we’d also need a way to express whether or not the Typable instance exists in the interface file.)

But it is a substantial change that will touch a lot of lines of code. Moreover, someone has to do it, and Iavor (who heroically volunteered) happens to be travelling next week.

So it’s really not the kind of thing we would usually do after RC2.

But (a) it’s serious and, as it happens, (b) there is also the BBP Prelude debate going on.

Hence the question: should we simply delay 7.10 by, say, a month? After all, the timetable is up to us. Doing so might give a bit more breathing space to the BBP debate, which might allow time for reflection and/or implementation of modest features to help the transition. (I know that several are under discussion.) Plus, anyone waiting for 7.10 can simply use RC2, which is pretty good.

Would that be a relief to the BBP debate? Or any other opinions.

Simon

PS: I know, I know: there is endless pressure to delay releases to get stuff in. If we give in to that pressure, we never make a release. But we should know when to break our own rules. Perhaps this is such an occasion.

_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs