On 16 September 2010 16:04, Mitar <[email protected]> wrote: > Hi! > > I just got an idea for hackage feature. All functions/modules listed > there could have some mark if they or any function/module they use > uses an unsafe* function. Of course this will make probably almost > everything marked as unsafe, but this is the idea - to raise awareness > about that so that you can prefer some function/implementation over > another. > > Of course marking/tagging everything as unsafe is not really useful. > Because of this I propose that then community votes/vouches on > correctness/stability of implementations and this would then influence > the how unsafe given function really is (or is according to community, > if we are more precise). Of course it would be even better that every > function using unsafe would have also a formal proof but as we cannot > believe that we will prove everything in a feasible feature we could > maybe opt for such "crowd intelligence" approach. We cannot have a > Turing machine, but maybe we can have crowd. ;-) > > (Of course low number of found bugs and good unit test code coverage > can then positively influence crowd, so authors would be motivated to > assure that.) > > Comments? Opinions? > > Because I really hate that I try to keep my code pure and separate IO > from everything else and then somewhere deep in there some unsafe* > lurks. (Ah, yes, a side effect of this tagging/marks would be also > that you would be able to see where all those unsafe* calls are for a > given function, so you would be able to fast jump (with link) to a > given line in code and evaluate circumstances in which that unsafe* > call is made. And then vote/vouch once you discover that it is > probably pretty safe.)
The problem with this is: unsafe* functions would be better called "yesIGuaranteeThatUsingThisFunctionDoesResultInAReferentiallyTransparentEntityAndItsOKForMeToUseIt*". They are "unsafe" in that you shouldn't use them blindly. Seeing as how lazy IO relies on various unsafe* functions, as do bytestrings, this means that any program that uses them is subsequently "tainted". A much better idea would be to have some kind of compilation warning unless you can prove that you're using the unsafe* function in a safe fashion, but such a proof is unlikely to be easily proven in a rigorous fashion nor mechanically checkable (and would delay compilation times). -- Ivan Lazar Miljenovic [email protected] IvanMiljenovic.wordpress.com _______________________________________________ Haskell-Cafe mailing list [email protected] http://www.haskell.org/mailman/listinfo/haskell-cafe
