Difference between revisions of "Unsafe functions"
(Some long-overdue clarification...) |
(...a more suitable word does exist! :-D) |
||
| Line 1: | Line 1: | ||
{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}} |
{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}} |
||
| − | <font size="+3" face="Times New Roman">Unsafe |
+ | <font size="+3" face="Times New Roman">Unsafe perforatives</font> |
<blockquote> |
<blockquote> |
||
| Line 12: | Line 12: | ||
</blockquote> |
</blockquote> |
||
| − | == |
+ | == Definitely '''not''' functions! == |
| − | Regarding |
+ | Regarding the perforative entity <code>val execute: α Beh ⟶ α</code> for PFL+: |
<blockquote> |
<blockquote> |
||
| Line 38: | Line 38: | ||
== A rogues' gallery == |
== A rogues' gallery == |
||
| − | These are just some of the various unsafe |
+ | These are just some of the various unsafe perforatives lurking in libraries: |
* <hask>unsafeLocalState :: IO a -> a</hask> |
* <hask>unsafeLocalState :: IO a -> a</hask> |
||
| Line 50: | Line 50: | ||
* <hask>unsafeCoerce# :: a -> b</hask> |
* <hask>unsafeCoerce# :: a -> b</hask> |
||
| − | Unsafe |
+ | Unsafe perforatives can: |
* break type safety (<code>unsafeCoerce#</code>, <code>unsafeLocalState</code>, <code>unsafePerformIO</code>), |
* break type safety (<code>unsafeCoerce#</code>, <code>unsafeLocalState</code>, <code>unsafePerformIO</code>), |
||
| Line 56: | Line 56: | ||
* or break [https://okmij.org/ftp/Haskell/index.html#lazyIO-not-True equational reasoning] (<code>unsafeInterleaveIO</code>). |
* or break [https://okmij.org/ftp/Haskell/index.html#lazyIO-not-True equational reasoning] (<code>unsafeInterleaveIO</code>). |
||
| − | Their use would require some kind of assurance on the part of the programmer that what they're doing is safe. |
+ | Their use would require some kind of assurance on the part of the programmer that what they're doing is safe, particularly in multithreaded programs - if they are misused in vain attempts to hide externally-visible effects the resulting code simply will not be [[Pure|pure]], whatever type it is given. |
Latest revision as of 08:31, 10 October 2024
Unsafe perforatives
[Using the FFI] you can import any C function with a pure type, which also allows you to wreak arbitrary havoc. We enable the user to disguise arbitrary machine code as a Haskell function of essentially arbitrary type. In comparison,
unsafePerformIOseems angelic.
Definitely not functions!
Regarding the perforative entity val execute: α Beh ⟶ α for PFL+:
Unfortunately
executeis not a safe extension to a functional language because it is not unfoldable—witness the expression(x ⟼ x-x)(execute(i?x. Ret x))which unfolds to
execute(i?x. Ret x) - execute(i?x. Ret x)The first executes by reading one value from channel
i, then returning0; while the second reads two values fromi, and returns their difference. The first makes one suspension, the second two.Nor is
executea function; the subexpressionexecute(i?x. Ret x)can take on two different values in the expression above.
- PFL+: A Kernel Scheme for Functional I/O (pages 15-16 of 28).
A rogues' gallery
These are just some of the various unsafe perforatives lurking in libraries:
unsafeLocalState :: IO a -> aunsafePerformIO :: IO a -> ainlinePerformIO :: IO a -> aunsafeInterleaveIO :: IO a -> IO aunsafeInterleaveST :: ST s a -> ST s aunsafeIOToST :: IO a -> ST s aunsafeIOToSTM :: IO a -> STM aunsafeFreeze,unsafeThawunsafeCoerce# :: a -> b
Unsafe perforatives can:
- break type safety (
unsafeCoerce#,unsafeLocalState,unsafePerformIO),
- or break equational reasoning (
unsafeInterleaveIO).
Their use would require some kind of assurance on the part of the programmer that what they're doing is safe, particularly in multithreaded programs - if they are misused in vain attempts to hide externally-visible effects the resulting code simply will not be pure, whatever type it is given.
unsafe is also a keyword which can be used in a foreign import declaration.
This article is a stub. You can help by expanding it.