Difference between revisions of "Safe Haskell"
Beerdude26 (talk | contribs) m (Added link to blog post, cleaned up layout, fixed typo) |
|||
| Line 1: | Line 1: | ||
| + | = Introduction = |
||
| − | Safe Haskell is a Haskell language extension. It is described in detail in the ghc user manual (http://www.haskell.org/ghc/docs/latest/html/users_guide/safe-haskell.html) and in the Safe Haskell paper (http://community.haskell.org/~simonmar/papers/safe-haskell.pdf). Further technical discussion of Safe Haskell is on the GHC Wiki: http://hackage.haskell.org/trac/ghc/wiki/SafeHaskell. |
||
| + | Safe Haskell is a Haskell language extension. It is described in detail: |
||
| + | |||
| + | ; ''In the GHC user manual:'' : http://www.haskell.org/ghc/docs/latest/html/users_guide/safe-haskell.html |
||
| + | ; ''In the Safe Haskell paper:'' : http://community.haskell.org/~simonmar/papers/safe-haskell.pdf |
||
| + | ; ''Further technical discussion of Safe Haskell is on the GHC Wiki:'' : http://hackage.haskell.org/trac/ghc/wiki/SafeHaskell |
||
| + | |||
| + | For a high-level overview, see this blog post: http://begriffs.com/posts/2015-05-24-safe-haskell.html. |
||
| + | |||
| + | = In detail = |
||
| + | |||
As the Safe Haskell paper describes, it "hardens" the Haskell language by providing five properties: type safety, referential transparency, strict module encapsulation, modular reasoning and semantic consistency. |
As the Safe Haskell paper describes, it "hardens" the Haskell language by providing five properties: type safety, referential transparency, strict module encapsulation, modular reasoning and semantic consistency. |
||
| − | Safe Haskell is |
+ | Safe Haskell is ''not'' magic, and not about catching bugs. It does not ensure that library authors who mark modules as "Trustworthy" are not lying, or incorrect. It does not ensure code inferred safe but in IO cannot perform arbitrary IO. It ''does'' ensure that untrusted code inferred to be safe will, assuming its "Trustworthy" imports are ''indeed'' "Trustworthy" obey the above five properties. As such, again assuming "Trustworthy" imports are indeed so, Safe Haskell infers that untrusted code inferred safe and ''not'' in IO can be run without fear (aside from fear of resource over-utilization/exhaustion). |
| + | |||
| + | Most code that most people want to write is going to be Safe Haskell by default. As Simon Marlow has pointed out, |
||
| + | <blockquote> |
||
| − | + | "Normally when you use an unsafe feature, the purpose is to use it to implement a safe API - if that's the case, all you have to do is add Trustworthy to your language pragma, and the API is available to use from Safe code. 99% of Hackage should be either Safe or Trustworthy. We know that 27% is already inferred Safe (see the paper), and a lot of the rest is just waiting for other libraries to add Trustworthy where necessary." |
|
| + | </blockquote> |
||
| + | Again, as Simon Marlow argues, |
||
| + | <blockquote> |
||
| − | + | "For typical Haskell programmers, using <code>{-# LANGUAGE Safe #-}</code> will be like <code>-Wall</code>: something that is considered good practice from a hygiene point of view. If you don't ''need'' access to unsafe features, then it's better to write in the safe subset, where you have stronger guarantees. Just like -Wall, you get to choose whether to use <code>{-# LANGUAGE Safe #-}</code> or not." |
|
| + | </blockquote> |
||
Revision as of 11:48, 26 May 2015
Introduction
Safe Haskell is a Haskell language extension. It is described in detail:
- In the GHC user manual:
- http://www.haskell.org/ghc/docs/latest/html/users_guide/safe-haskell.html
- In the Safe Haskell paper:
- http://community.haskell.org/~simonmar/papers/safe-haskell.pdf
- Further technical discussion of Safe Haskell is on the GHC Wiki:
- http://hackage.haskell.org/trac/ghc/wiki/SafeHaskell
For a high-level overview, see this blog post: http://begriffs.com/posts/2015-05-24-safe-haskell.html.
In detail
As the Safe Haskell paper describes, it "hardens" the Haskell language by providing five properties: type safety, referential transparency, strict module encapsulation, modular reasoning and semantic consistency.
Safe Haskell is not magic, and not about catching bugs. It does not ensure that library authors who mark modules as "Trustworthy" are not lying, or incorrect. It does not ensure code inferred safe but in IO cannot perform arbitrary IO. It does ensure that untrusted code inferred to be safe will, assuming its "Trustworthy" imports are indeed "Trustworthy" obey the above five properties. As such, again assuming "Trustworthy" imports are indeed so, Safe Haskell infers that untrusted code inferred safe and not in IO can be run without fear (aside from fear of resource over-utilization/exhaustion).
Most code that most people want to write is going to be Safe Haskell by default. As Simon Marlow has pointed out,
"Normally when you use an unsafe feature, the purpose is to use it to implement a safe API - if that's the case, all you have to do is add Trustworthy to your language pragma, and the API is available to use from Safe code. 99% of Hackage should be either Safe or Trustworthy. We know that 27% is already inferred Safe (see the paper), and a lot of the rest is just waiting for other libraries to add Trustworthy where necessary."
Again, as Simon Marlow argues,
"For typical Haskell programmers, using
{-# LANGUAGE Safe #-}will be like-Wall: something that is considered good practice from a hygiene point of view. If you don't need access to unsafe features, then it's better to write in the safe subset, where you have stronger guarantees. Just like -Wall, you get to choose whether to use{-# LANGUAGE Safe #-}or not."