Re: Proposal: GHC.Generics marked UNSAFE for SafeHaskell

DeriveGeneric and other derivations aren‘t unsafe because it’s up to the module author to use them. If you don't export the constructors, a downstream user *can not* derive classes even with StandaloneDeriving, so this is not a problem. It does however become a problem with the proposal in this thread, as noted, because it means you can't hand-write an instance that enforces invariants without getting inferred Unsafe. In any case, if this proposal passes, we need some Safe place to import Generic from because you can't derive it without importing the class. Here‘s a thought: doesn’t Generic already have an unused phantom type that's only there “just in case we need to add something in the future”? How about using that to track whether an instance was derived or not, and enforce *that* with SafeHaskell? Your SafeEq can then use a Generic Derivedconstraint or whatever. On Mon, Oct 7, 2013 at 8:53 AM, John Lato wrote:

Andres is right that it's not as evil as defining your own Typeable. The crux of the matter is that Generic essentially allows full access to the data type. Unfortunately it's easy to forget this...

On Mon, Oct 7, 2013 at 1:43 AM, Andres Löh wrote:

...

While I understand you all feel uncomfortable with this, I do not think the problem demonstrated by John has anything to do with Generic.

I've made a fork here

https://github.com/kosmikus/safe-bugtest

that shows an (IMHO) similar problem using Show and Read instead of Generic. (And something slightly different could certainly also produced using Enum).

If you're deriving Generic, then yes, you gain the functionality of that class, which is to inspect the structure of the type, and then yes, you can in principle construct any value of that type. So deriving Generic for types that should be abstract is always going to be risky. But this is no different than deriving any other class, only that Generic gives you particularly fine-grained access to the internals of a type.

Also, at least in my opinion, it is entirely valid to define your own Generic instances. It's more work, and while I haven't used it often so far, I can imagine that there are good use cases. I don't think it's anywhere near as evil as defining your own Typeable instances.

Cheers, Andres

-- Andres Löh, Haskell Consultant Well-Typed LLP, http://www.well-typed.com

_______________________________________________ Libraries mailing list Libraries@haskell.org http://www.haskell.org/mailman/listinfo/libraries