Simon Marlow wrote:
Hi Thomas,
All these questions are answered by the Haskell Symposium paper, which
we'll post very shortly. FYI, the FFI is mostly safe, as long as you
declare foreign imports to have an IO result type (otherwise it's
unsafePerformIO, and hence unsafe). Unsafety is not viral: as soon as
you have a safe API, you can declare its implementation to be
Trustworthy, and then it is usable from safe code.
How strict are the requirements for Trustworthy code? For instance, my
reactive-banana library uses observable sharing, which is inherently
Unsafe. Of course, I think that my library is still Safe, but I have no
formal proof of this "fact". I have two options:
1. Mark my library as Trustworthy even though I don't have sufficient
proof. This severely weakens the guarantees of Safe Haskell.
2. Mark my library as Unsafe. But then people can't use it to write Safe
code and will complain.
The trouble is that I have a strong incentive to solve the problem
arising from 2 by doing 1. Oops.
Best regards,
Heinrich Apfelmus
--
http://apfelmus.nfshost.com
_______________________________________________
Haskell-platform mailing list
Haskell-platform@projects.haskell.org
http://projects.haskell.org/cgi-bin/mailman/listinfo/haskell-platform
