Gregory Collins wrote: > From the paper: > > "A module that is declared to be Trustworthy is claimed by the > author to expose a safe interface, even though its implementation > might make use of unsafe features." > > Putting a Trustworthy on the top of a module means that "I, the module > author, assert that any uses of unsafePerformIO and friends in this module > are safe and using the functions herein will not violate safety." You can't > just slap a Trustworthy on everything and go home, every module in the > platform needs to be audited.
So I guess we disagree about how to interpret Simon's use of the word "claim". >From the tone of the rest of the paper, I understood that no "audit" or formal proof of any sort is needed. Just that the author believes that any use of a potentially unsafe feature is OK. So by my reading, it is enough just to look over the API to make sure nothing apparently unsafe is exported, plus include in our email to the package maintainer a request to contact the list before adding the pragma if there is a suspicion that something unsafe might be going on. Anyway, in real life, most of us are pretty familiar with most of the packages in the platform. We've identified a few that need some thought. If there are any other problems, I hope someone here will let us know. Thanks, Yitz _______________________________________________ Haskell-platform mailing list Haskell-platform@projects.haskell.org http://projects.haskell.org/cgi-bin/mailman/listinfo/haskell-platform
