On 16 September 2010 16:04, Mitar
Hi!
I just got an idea for hackage feature. All functions/modules listed there could have some mark if they or any function/module they use uses an unsafe* function. Of course this will make probably almost everything marked as unsafe, but this is the idea - to raise awareness about that so that you can prefer some function/implementation over another.
Of course marking/tagging everything as unsafe is not really useful. Because of this I propose that then community votes/vouches on correctness/stability of implementations and this would then influence the how unsafe given function really is (or is according to community, if we are more precise). Of course it would be even better that every function using unsafe would have also a formal proof but as we cannot believe that we will prove everything in a feasible feature we could maybe opt for such "crowd intelligence" approach. We cannot have a Turing machine, but maybe we can have crowd. ;-)
(Of course low number of found bugs and good unit test code coverage can then positively influence crowd, so authors would be motivated to assure that.)
Comments? Opinions?
Because I really hate that I try to keep my code pure and separate IO from everything else and then somewhere deep in there some unsafe* lurks. (Ah, yes, a side effect of this tagging/marks would be also that you would be able to see where all those unsafe* calls are for a given function, so you would be able to fast jump (with link) to a given line in code and evaluate circumstances in which that unsafe* call is made. And then vote/vouch once you discover that it is probably pretty safe.)
The problem with this is: unsafe* functions would be better called "yesIGuaranteeThatUsingThisFunctionDoesResultInAReferentiallyTransparentEntityAndItsOKForMeToUseIt*". They are "unsafe" in that you shouldn't use them blindly. Seeing as how lazy IO relies on various unsafe* functions, as do bytestrings, this means that any program that uses them is subsequently "tainted". A much better idea would be to have some kind of compilation warning unless you can prove that you're using the unsafe* function in a safe fashion, but such a proof is unlikely to be easily proven in a rigorous fashion nor mechanically checkable (and would delay compilation times). -- Ivan Lazar Miljenovic Ivan.Miljenovic@gmail.com IvanMiljenovic.wordpress.com