We need to add role annotations for 7.8

Henning Thielemann schlepptop at henning-thielemann.de
Fri Mar 28 16:55:25 UTC 2014 

Am 28.03.2014 17:17, schrieb Mark Lentczner:
> /Apologies/
> On Tue, Mar 25, 2014 at 8:47 AM, Simon Peyton Jones
> <simonpj at microsoft.com <mailto:simonpj at microsoft.com>> wrote:
>
>     The situation today is that
>     ·         A client of a library can use GND to do bad things to the
>     library (e.g. change the “key” type of (Map key value)).
>     ·         Role annotations allow the library author to prevent that
>     happening.
>     Would you say that means that we are “compelled to suggest to
>     library writers that they annotate”?
>
>
> Well... I don't think we should.
>
> The reason is that this situation is very sad for it puts the burden
> upon the library writer, for potential abuse of an extension to Haskell
> she might not even be aware of! She writes a perfectly safe, reasonable
> abstracted type, and bam, now has to worry about a very hard to
> understand situation involving the interaction to two separate Haskell
> extensions. And furthermore, adding that protection requires yet a third
> (CPP), and makes the "protection" often as long as the abstract type itself.

Well put!


Before GHC-7.8 release candidates appeared I already thought about 
removing all GeneralizedNewtypeDerivings from my packages in order to 
earn the Safe-Haskell seal. Now GHC-7.8 refuses to derive some of the 
instances that former GHC versions automatically derived. As far as I 
understand I can use role annotation to let the generation of even more 
Newtype instances fail, but I cannot persuade GHC to generate more 
instance using role annoations, right? That is, I have to write these 
instances manually in any case.

That is, up to now, GeneralizedNewtypeDeriving was Unsafe and it seems 
it becomes Safe with the new role inference. Is this right? However, it 
is still possible to generate instances that I could not generate 
manually, as demonstrated in the Data.Map example.

Would it solve the problem to respect type roles only if Safe Haskell is 
enabled and ignore them otherwise? Then all existing code could be 
compiled unchanged but you can make use of the increased safety of roles 
by enabling Safe Haskell.

More information about the Libraries mailing list