> That is, document > unsafePerformIO enough to serve the FFI, but stipulate limits to preserve > equational reasoning.
I think this is very hard to do. When we use unsafePerformIO in the ffi, we are using the IO monad to sequence [un]marshalling side-effects. For example, peeking and poking foreign memory locations, allocating and freeing memory, etc. We might even be making remote procedure calls over a network (for example, COM could transparently do this) or creating a temporary file which is deleted after use. These side effects might only affect this process (fiddling with memory) or they might affect the operating system (using sbrk to allocate more memory) or they might affect the network (remote procedure calls). They are certainly visible outside the confines of the Haskell code. We have to construct a semantics which says 'if you only allow observations of the form <insert your set of allowed observations here> then unsafePerformIO is safe'. The problem is that people might reasonably disagree about what a reasonable set of observations are. Most people would want to exclude any modification of the filesystem or network but, for some applications, those are entirely reasonable things to access. -- Alastair Reid _______________________________________________ Haskell mailing list [EMAIL PROTECTED] http://www.haskell.org/mailman/listinfo/haskell
