DeriveGeneric and other derivations aren‘t unsafe because it’s up to the module author to use them. If you don't export the constructors, a downstream user can not derive classes even with StandaloneDeriving, so this is not a problem.

It does however become a problem with the proposal in this thread, as noted, because it means you can't hand-write an instance that enforces invariants without getting inferred Unsafe.

In any case, if this proposal passes, we need some Safe place to import Generic from because you can't derive it without importing the class.

Here‘s a thought: doesn’t Generic already have an unused phantom type that's only there “just in case we need to add something in the future”? How about using that to track whether an instance was derived or not, and enforce that with SafeHaskell? Your SafeEq can then use a Generic Derived constraint or whatever.



On Mon, Oct 7, 2013 at 8:53 AM, John Lato <jwlato@gmail.com> wrote:
Andres is right that it's not as evil as defining your own Typeable.  The crux of the matter is that Generic essentially allows full access to the data type.  Unfortunately it's easy to forget this...


On Mon, Oct 7, 2013 at 1:43 AM, Andres Löh <andres@well-typed.com> wrote:
While I understand you all feel uncomfortable with this, I do not
think the problem demonstrated by John has anything to do with
Generic.

I've made a fork here

https://github.com/kosmikus/safe-bugtest

that shows an (IMHO) similar problem using Show and Read instead of
Generic. (And something slightly different could certainly also
produced using Enum).

If you're deriving Generic, then yes, you gain the functionality of
that class, which is to inspect the structure of the type, and then
yes, you can in principle construct any value of that type. So
deriving Generic for types that should be abstract is always going to
be risky. But this is no different than deriving any other class, only
that Generic gives you particularly fine-grained access to the
internals of a type.

Also, at least in my opinion, it is entirely valid to define your own
Generic instances. It's more work, and while I haven't used it often
so far, I can imagine that there are good use cases. I don't think
it's anywhere near as evil as defining your own Typeable instances.

Cheers,
  Andres

--
Andres Löh, Haskell Consultant
Well-Typed LLP, http://www.well-typed.com


_______________________________________________
Libraries mailing list
Libraries@haskell.org
http://www.haskell.org/mailman/listinfo/libraries