Difference between revisions of "Safe Haskell"
(create page) |
m (Extra formatting) |
||
| (10 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| + | {| class="wikitable" style="background-color:white" align=right |
||
| − | Safe Haskell is a Haskell language extension. It is described in detail in the ghc user manual (http://www.haskell.org/ghc/docs/latest/html/users_guide/safe-haskell.html) and in the Safe Haskell paper (http://community.haskell.org/~simonmar/papers/safe-haskell.pdf). Further technical discussion of Safe Haskell is on the GHC Wiki. |
||
| + | |<tt>{-# LANGUAGE Safe #-}</tt> |
||
| + | |} |
||
| + | == Introduction == |
||
| + | Safe Haskell is a Haskell language extension. It is described in detail: |
||
| ⚫ | |||
| + | * ''The [https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/ GHC user guide] has a section about Safe Haskell [https://downloads.haskell.org/~ghc/latest/docs/html/users_guide/exts/safe_haskell.html# here].'' |
||
| ⚫ | |||
| + | * ''In the Safe Haskell paper:'' : http://community.haskell.org/~simonmar/papers/safe-haskell.pdf |
||
| + | * ''Further technical discussion of Safe Haskell is on the GHC Wiki:'' : https://gitlab.haskell.org/ghc/ghc/wikis/safe-haskell |
||
| + | For a high-level overview, see this blog post: http://begriffs.com/posts/2015-05-24-safe-haskell.html. |
||
| ⚫ | |||
| + | == In detail == |
||
| + | |||
| ⚫ | |||
| + | * type safety |
||
| + | * referential transparency, |
||
| + | * strict module encapsulation |
||
| + | * modular reasoning |
||
| + | * semantic consistency. |
||
| + | === What Safe Haskell doesn't do === |
||
| ⚫ | |||
| + | |||
| + | It isn't: |
||
| + | * <s>magic</s> <s>omnimiscent</s> [http://www.softpanorama.org/SE/quotes.shtml idiot-proof]. |
||
| + | * about catching bugs. |
||
| + | * about ensuring that library authors who mark modules as <code>Trustworthy</code> are not lying, or incorrect. |
||
| + | * about ensuring that <code>IO</code>-based code which is inferred safe cannot perform arbitrary I/O. |
||
| + | |||
| ⚫ | It ''does'' ensure that untrusted code inferred to be safe will (assuming its <code>Trustworthy</code> imports are ''indeed'' trustworthy!) obey the above five properties. As such, (again assuming <code>Trustworthy</code> imports are indeed so) Safe Haskell infers that untrusted code inferred safe and ''not'' in <code>IO</code> can be run without fear (aside from fear of resource over-utilization/exhaustion). |
||
| + | |||
| + | === Usage === |
||
| + | Most code that most people want to write is going to be Safe Haskell by default. As Simon Marlow has pointed out: |
||
| + | <div style="border-left:1px solid lightgray; padding: 1em" alt="blockquote"> |
||
| ⚫ | Normally when you use an unsafe feature, the purpose is to use it to implement a safe API - if that's the case, all you have to do is add <code>Trustworthy</code> to your language pragma, and the API is available to use from <code>Safe</code> code. 99% of Hackage should be either <code>Safe</code> or <code>Trustworthy</code>. We know that 27% is already inferred <code>Safe</code> (see the paper), and a lot of the rest is just waiting for other libraries to add <code>Trustworthy</code> where necessary. |
||
| + | </div> |
||
| + | |||
| + | along with: |
||
| + | |||
| + | <div style="border-left:1px solid lightgray; padding: 1em" alt="blockquote"> |
||
| ⚫ | For typical Haskell programmers, using <code>{-# LANGUAGE Safe #-}</code> will be like <code>-Wall</code>: something that is considered good practice from a hygiene point of view. If you don't ''need'' access to unsafe features, then it's better to write in the safe subset, where you have stronger guarantees. Just like <code>-Wall</code>, you get to choose whether to use <br><code>{-# LANGUAGE Safe #-}</code> or not. |
||
| + | </div> |
||
Latest revision as of 03:00, 5 August 2021
| {-# LANGUAGE Safe #-} |
Introduction
Safe Haskell is a Haskell language extension. It is described in detail:
- The GHC user guide has a section about Safe Haskell here.
- In the Safe Haskell paper: : http://community.haskell.org/~simonmar/papers/safe-haskell.pdf
- Further technical discussion of Safe Haskell is on the GHC Wiki: : https://gitlab.haskell.org/ghc/ghc/wikis/safe-haskell
For a high-level overview, see this blog post: http://begriffs.com/posts/2015-05-24-safe-haskell.html.
In detail
As the Safe Haskell paper describes, it "hardens" the Haskell language by providing five properties:
- type safety
- referential transparency,
- strict module encapsulation
- modular reasoning
- semantic consistency.
What Safe Haskell doesn't do
It isn't:
magicomnimiscentidiot-proof.- about catching bugs.
- about ensuring that library authors who mark modules as
Trustworthyare not lying, or incorrect. - about ensuring that
IO-based code which is inferred safe cannot perform arbitrary I/O.
It does ensure that untrusted code inferred to be safe will (assuming its Trustworthy imports are indeed trustworthy!) obey the above five properties. As such, (again assuming Trustworthy imports are indeed so) Safe Haskell infers that untrusted code inferred safe and not in IO can be run without fear (aside from fear of resource over-utilization/exhaustion).
Usage
Most code that most people want to write is going to be Safe Haskell by default. As Simon Marlow has pointed out:
Normally when you use an unsafe feature, the purpose is to use it to implement a safe API - if that's the case, all you have to do is add Trustworthy to your language pragma, and the API is available to use from Safe code. 99% of Hackage should be either Safe or Trustworthy. We know that 27% is already inferred Safe (see the paper), and a lot of the rest is just waiting for other libraries to add Trustworthy where necessary.
along with:
For typical Haskell programmers, using {-# LANGUAGE Safe #-} will be like -Wall: something that is considered good practice from a hygiene point of view. If you don't need access to unsafe features, then it's better to write in the safe subset, where you have stronger guarantees. Just like -Wall, you get to choose whether to use {-# LANGUAGE Safe #-} or not.