On 16/07/2012 13:55, Roman Leshchinskiy wrote:
Simon Marlow wrote:
Just to repeat what I said earlier, I don't see there being any objection to putting unsafeRead with the other unsafe functions in vector, even though technically it is safe.
Actually, this particular bit probably isn't a problem. I actually simplified the example slightly. The real type of unsafeRead is:
unsafeRead :: (PrimMonad m, MVector v a) => v (PrimState m) a -> Int -> m a
Hier, m is either IO or ST. What I didn't realise was that runST is marked as Trustworthy. This means that for ST-based code to be Trustworthy, it must really be safe when executed. This is different from IO where Safe Haskell doesn't care what happens when it's executed. I'm not sure if this is documented anywhere, it certainly wasn't obvious to me. The end effect is that while the IO instantiation of unsafeRead is safe, the ST one isn't. Hence, it can't be marked as Trustworthy anyway. All functions on mutable vectors are overloaded in this way, so it seems that the presence of ST makes Safe Haskell's notion of safety much closer to the one vector uses.
Ok, that's good then. The point about IO is made in the paper, but should probably be more clear in the documentation. Cheers, Simon