Safe Haskell
{-# LANGUAGE Safe #-} |
Introduction
Safe Haskell is a Haskell language extension. It is described in detail:
- The GHC user guide has a section about Safe Haskell here.
- In the Safe Haskell paper: : http://community.haskell.org/~simonmar/papers/safe-haskell.pdf
- Further technical discussion of Safe Haskell is on the GHC Wiki: : https://gitlab.haskell.org/ghc/ghc/wikis/safe-haskell
For a high-level overview, see this blog post: http://begriffs.com/posts/2015-05-24-safe-haskell.html.
In detail
As the Safe Haskell paper describes, it "hardens" the Haskell language by providing five properties:
- type safety
- referential transparency,
- strict module encapsulation
- modular reasoning
- semantic consistency.
What Safe Haskell doesn't do
It isn't:
magicomnimiscentidiot-proof.- about catching bugs.
- about ensuring that library authors who mark modules as
Trustworthy
are not lying, or incorrect. - about ensuring that
IO
-based code which is inferred safe cannot perform arbitrary I/O.
It does ensure that untrusted code inferred to be safe will (assuming its Trustworthy
imports are indeed trustworthy!) obey the above five properties. As such, (again assuming Trustworthy
imports are indeed so) Safe Haskell infers that untrusted code inferred safe and not in IO
can be run without fear (aside from fear of resource over-utilization/exhaustion).
Usage
Most code that most people want to write is going to be Safe Haskell by default. As Simon Marlow has pointed out:
Normally when you use an unsafe feature, the purpose is to use it to implement a safe API - if that's the case, all you have to do is add Trustworthy
to your language pragma, and the API is available to use from Safe
code. 99% of Hackage should be either Safe
or Trustworthy
. We know that 27% is already inferred Safe
(see the paper), and a lot of the rest is just waiting for other libraries to add Trustworthy
where necessary.
along with:
For typical Haskell programmers, using {-# LANGUAGE Safe #-}
will be like -Wall
: something that is considered good practice from a hygiene point of view. If you don't need access to unsafe features, then it's better to write in the safe subset, where you have stronger guarantees. Just like -Wall
, you get to choose whether to use {-# LANGUAGE Safe #-}
or not.