| > To me, the wording "An implementation is entitled to assume..." implies that | > there are no obligations on the implementation should the assumption not hold - | > no obligation to yield _|_ or any other behaviour. | > | > > If "laws not satisfied => any behaviour OK" were the correct | > > interpretation, then it would be OK for the Array implementation to | > > wipe all your files at the first encounter of a broken Ix law... ;) | > | > Yup. That's not quite as bad as in C, where it's ok for an implementation to | > wipe all your files if you overflow the int type... | > | > Cheers, | > Simon | | Still, this is pretty bad, and raises questions about the safety of | Haskell programs in general. It seems unsatisfactory that if a | programmer makes a mistake in the definition of an 'Ix' instance, then | there are no guarantees about the behavior of their program at all... I rather agree with Iavor here. If a program makes no use of unsafeX functions, and has no foreign calls, and passes the typechecker, then it should not crash. However, I don't see how to achieve this for array indexing, without adding another test to every array access. Simon