Are safe coercions safe in the sense of Safe Haskell?

Hi, I would expect the function coerce :: Coercible a b => a -> b to be safe in the sense of Safe Haskell. However, the Data.Coerce module is marked “Unsafe”. The coerce function is also available via GHC.Exts and GHC.Prim. The former module is marked “Unsafe”, but the latter is (surprisingly) marked “Safe-Inferred”. What are the reasons behind this? All the best, Wolfgang

See https://ghc.haskell.org/trac/ghc/ticket/8745 and https://ghc.haskell.org/trac/ghc/ticket/8827 which discuss this problem at length.
The short answer: It's conceivable that a role-unaware library author would have abstraction expectations that are defeated through the use of `coerce`.
I would strongly welcome a proposal for how to make `coerce`, and hence GeneralizedNewtypeDeriving, to be considered Safe for 7.10.
Richard
On Aug 15, 2014, at 4:04 PM, Wolfgang Jeltsch
Hi,
I would expect the function
coerce :: Coercible a b => a -> b
to be safe in the sense of Safe Haskell. However, the Data.Coerce module is marked “Unsafe”. The coerce function is also available via GHC.Exts and GHC.Prim. The former module is marked “Unsafe”, but the latter is (surprisingly) marked “Safe-Inferred”.
What are the reasons behind this?
All the best, Wolfgang
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users

Hi, thank you for these links. Still, it is interesting that also in GHC 7.8 you can have a coerce that is considered “Safe”, although the discussions on Trac concluded that this should not be the case. You can just import coerce via GHC.Prim, which is “Safe-Inferred”. All the best, Wolfgang Am Freitag, den 15.08.2014, 19:40 -0400 schrieb Richard Eisenberg:
See https://ghc.haskell.org/trac/ghc/ticket/8745 and https://ghc.haskell.org/trac/ghc/ticket/8827 which discuss this problem at length.
The short answer: It's conceivable that a role-unaware library author would have abstraction expectations that are defeated through the use of `coerce`.
I would strongly welcome a proposal for how to make `coerce`, and hence GeneralizedNewtypeDeriving, to be considered Safe for 7.10.
Richard
On Aug 15, 2014, at 4:04 PM, Wolfgang Jeltsch
wrote: Hi,
I would expect the function
coerce :: Coercible a b => a -> b
to be safe in the sense of Safe Haskell. However, the Data.Coerce module is marked “Unsafe”. The coerce function is also available via GHC.Exts and GHC.Prim. The former module is marked “Unsafe”, but the latter is (surprisingly) marked “Safe-Inferred”.
What are the reasons behind this?
All the best, Wolfgang
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users

Have you tried doing this? If so, `coerce` is the least of our problems: `unsafeCoerce#` is much worse! When I just tried, GHC told me that I couldn't import GHC.Prim into a module with -XSafe enabled.
So, this seems to be a documentation bug (the Haddock description of GHC.Prim indeed says "Safe Inferred"), but not a "real" bug.
Let me know if you see otherwise!
Thanks,
Richard
On Aug 16, 2014, at 6:06 PM, Wolfgang Jeltsch
Hi,
thank you for these links.
Still, it is interesting that also in GHC 7.8 you can have a coerce that is considered “Safe”, although the discussions on Trac concluded that this should not be the case. You can just import coerce via GHC.Prim, which is “Safe-Inferred”.
All the best, Wolfgang
Am Freitag, den 15.08.2014, 19:40 -0400 schrieb Richard Eisenberg:
See https://ghc.haskell.org/trac/ghc/ticket/8745 and https://ghc.haskell.org/trac/ghc/ticket/8827 which discuss this problem at length.
The short answer: It's conceivable that a role-unaware library author would have abstraction expectations that are defeated through the use of `coerce`.
I would strongly welcome a proposal for how to make `coerce`, and hence GeneralizedNewtypeDeriving, to be considered Safe for 7.10.
Richard
On Aug 15, 2014, at 4:04 PM, Wolfgang Jeltsch
wrote: Hi,
I would expect the function
coerce :: Coercible a b => a -> b
to be safe in the sense of Safe Haskell. However, the Data.Coerce module is marked “Unsafe”. The coerce function is also available via GHC.Exts and GHC.Prim. The former module is marked “Unsafe”, but the latter is (surprisingly) marked “Safe-Inferred”.
What are the reasons behind this?
All the best, Wolfgang
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users

Hi, the GHC 7.8.2 installation on my machine refuses to import GHC.Prim if Safe is enabled. The locally generated documentation still claims that GHC.Prim is Safe-Inferred, though. So this seems to be indeed a documentation bug. All the best, Wolfgang Am Sonntag, den 17.08.2014, 11:26 -0400 schrieb Richard Eisenberg:
Have you tried doing this? If so, `coerce` is the least of our problems: `unsafeCoerce#` is much worse! When I just tried, GHC told me that I couldn't import GHC.Prim into a module with -XSafe enabled.
So, this seems to be a documentation bug (the Haddock description of GHC.Prim indeed says "Safe Inferred"), but not a "real" bug.
Let me know if you see otherwise!
Thanks, Richard
On Aug 16, 2014, at 6:06 PM, Wolfgang Jeltsch
wrote: Hi,
thank you for these links.
Still, it is interesting that also in GHC 7.8 you can have a coerce that is considered “Safe”, although the discussions on Trac concluded that this should not be the case. You can just import coerce via GHC.Prim, which is “Safe-Inferred”.
All the best, Wolfgang
Am Freitag, den 15.08.2014, 19:40 -0400 schrieb Richard Eisenberg:
See https://ghc.haskell.org/trac/ghc/ticket/8745 and https://ghc.haskell.org/trac/ghc/ticket/8827 which discuss this problem at length.
The short answer: It's conceivable that a role-unaware library author would have abstraction expectations that are defeated through the use of `coerce`.
I would strongly welcome a proposal for how to make `coerce`, and hence GeneralizedNewtypeDeriving, to be considered Safe for 7.10.
Richard
On Aug 15, 2014, at 4:04 PM, Wolfgang Jeltsch
wrote: Hi,
I would expect the function
coerce :: Coercible a b => a -> b
to be safe in the sense of Safe Haskell. However, the Data.Coerce module is marked “Unsafe”. The coerce function is also available via GHC.Exts and GHC.Prim. The former module is marked “Unsafe”, but the latter is (surprisingly) marked “Safe-Inferred”.
What are the reasons behind this?
All the best, Wolfgang
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
_______________________________________________ Glasgow-haskell-users mailing list Glasgow-haskell-users@haskell.org http://www.haskell.org/mailman/listinfo/glasgow-haskell-users
participants (2)
-
Richard Eisenberg
-
Wolfgang Jeltsch