On Fri, 2005-05-20 at 11:30 +0200, Peter Simons wrote:
Since pure FFI calls don't have any side-effects, they are always safe to be called unsafely. (Yes, the choice of the words "safe" and "unsafe" is a bit unfortunate in the standard here.)
To try and undo this confusion we need to recall what the safe/unsafe are referring to. This safe/unsafe tag is used to describe both a property of the form of the call (what degree of precaution we take in making the call) and also a property of the thing we are calling (whether it has side effects or can trigger callbacks into the Haskell world). The two uses are basically opposite: For a C procedure that can trigger callbacks, we have to take extra procautions when calling it, that is we have to make the call in a "safe" way. For a C procedure that cannot trigger callbacks, we don't have to worry at all when calling it, that is we can omit various cleanups, locks and checks thus doing the call in an "unsafe" way. So to sumarise the pairings: * you _must_ make a safe call to an unsafe foreign function * you _may_ make an unsafe call to a safe foreign function It's a contravariance :-) Duncan