#10140: Suggestions for improvement of the Safe Haskell chapter in the user's guide -------------------------------------+------------------------------------- Reporter: thomie | Owner: Type: bug | Status: new Priority: normal | Milestone: Component: Documentation | Version: 7.8.4 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: None/Unknown | Unknown/Multiple Blocked By: | Test Case: Related Tickets: | Blocking: | Differential Revisions: -------------------------------------+------------------------------------- Comment (by dterei): Thomas, thanks for this, it's great feedback! I'll take a pass over the docs again and incorporate your notes. Some answers:
But isn't the latter implied by the former, or the module wouldn't compile? If that is correct, please mention it.
Yes, it is. The description of the check here doesn't distinguish between the fact that some of the check already occurred at compile time and so the recursive element is already done. I'll try to better capture that without removing the description of the check being recursive / transitive. [[BR]]
Should explicitly be implicitly? I don't understand this sentence regardless. What does nicely unifies mean?
Yes, I think it should be implicitly. That sentence should probably just be removed. Basically what it is saying is that we ran into a problem when designing Safe Haskell of how to have it co-exists with the existing language in a way that people who care can opt into with all the properties and power we wanted, while users who don't care can ignore the whole thing. In the first version, we got this wrong and Safe Haskell caused compilation failures for people who weren't explicitly using it. The `-fpackage-trust` flag changed to fix this. So really, this line is an off-hand comment on some history that adds no value to the reader. [[BR]]
I think the following statement should be true, but I'm not sure: "If a module M in a package P is inferred to be Safe by GHC, then it is trusted by client C".
No, not unconditionally. It depends on `-fpackage-trust`. "M" may be inferred safe, but when GHC does this it assumes that the client "C" is prepared to trust all packages containing `Trustworthy` modules that "M" depends on. It's then up to "C" on her respective system to make that dynamic decision. [[BR]]
I have more of a general question about this: if this is true, then why are there over 200 mentions of {-# Language Safe #-} in a checkout of ghc?
Two reasons: 1) Historical -- we added safe inference later. 2) Stability -- one issue with safe inference is that since the module author hasn't stated her intentions, then what Safe Haskell type the module should have isn't set and could change without warning from the compiler. For some library authors this may be fine as Safe Haskell isn't of primary importance to them. But for very base libraries like the ones GHC distributes, we want them to have a very set and stable Safe Haskell type that the community can depend on. The other issue is that using Safe Haskell explicitly adds another dependency that could cause your module to fail to compile. For base modules in GHC this isn't an issue as they have few dependencies and one team largely controls them all. For a higher level package though, use `Safe` explicitly means you are dependent on how the safety of your dependencies change over time. Maybe this is what you want, but for a lot of people where Safe Haskell is a secondary concern, probably not. So it's a trade-off on what concerns and dependencies you have in regards to the larger Haskell community. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/10140#comment:2 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler