Safe Haskell?

• haskell-template

  2 - -

10:19 < gentauro> here we go again -> https://old.reddit.com/r/haskell/comments/msa3oq/safe_haskell/ 10:19 < gentauro> why the heck are people so eager to remove `Safe Haskell`? 10:20 < nut> I've used foldr the other day for traversing the list backwards: https://leetcode.com/problems/next-greater-element-i/discuss/1161837/6-lines-Haskell-Implementation 10:20 < gentauro> the single feature that makes Haskell unique and allow us to write `sound` code will be removed? 10:20 < gentauro> :( 10:20 < nut> But not sure about its performance 10:20 < gentauro> anybody of for designning a new programming language that takes Safe Haskell as the core? 10:22 < Rembane> nut: If you're doing O(1) in the function used in foldr, the whole thing should be O(n) 10:23 < nut> Rembane: and recursive function calls too, O(1) ? 10:24 < nut> I mean function calls should have a bit more overhead 10:24 < c_wraith> gentauro: because no one knows what it does, no one knows what it should do, and no one wants to maintain code that is clearly not used by enough people for there to be a shared understanding 10:24 < Rembane> nut: Almost none, and even if they have, they do not affect the O-part, it just adds a constant to each operation 10:26 < c_wraith> gentauro: most notably, no one agrees on what "safe" means, and Safe Haskell doesn't have an opinion. It just reports what modules say. 10:26 < gentauro> c_wraith: I would argue that people know what it does. It enforces "correctness". But, if you look enough into Haskell packages, you realize that (way) to many people tend to take the shortcuts and just `inject` here and there stuff 10:26 < gentauro> removing the possibility of a the users to rely on the packages 10:26 < nut> new question: my code contains plain text passwords for sending smtp emails. after compiling down to binary, is it safe to distrubute to others? can the password be recovered? 10:26 < gentauro> I personally find `Safe Haskell` as indispensable for Haskell 10:27 < gentauro> but sadly, I'm one of the very few 10:27 < c_wraith> Safe Haskell is useless because different modules mean different things by "safe" 10:27 < nut> the compiliation is done be ghc 10:27 < Cale_> Correctness with respect to what though? 10:27 < c_wraith> So it has no guarantees you can actually rely on 10:27 < gentauro> perhaps, I should join https://www.well-typed.com/ if they would allow me to work on the Safe Haskell full-time xD 10:28 * gentauro who would sponsor this? Simon Marlow (FB)? or SPJ (MS)? 10:28 < nut> or does ghc has some kind of mechanics to encrypt the code? 10:28 < gentauro> c_wraith: it does 10:29 < gentauro> when I turn on safe haskell, I can't use `Data.Text` because there is some `unsafePerformIO` 10:29 < gentauro> I like that GHC tells me that 10:29 < c_wraith> Only because the text package decided to tell you that 10:30 < c_wraith> If a package decided not to tell you, you wouldn't know 10:30 * gentauro «when I turn on safe haskell» should be «when I turn on safe haskell and add `-XSafe -fpackage-trust -trust = base`» 10:31 < gentauro> c_wraith: how come? How do you tell? 10:31 < gentauro> my understanding is that packages are infered to be safe or unsafe right? 10:31 < gentauro> by GHC 10:32 < gentauro> if a package is unsafe, you can't mark it as safe. You can mark it as trustworthy 10:32 < c_wraith> that only gets you unsafe things from base 10:32 < c_wraith> what about other unsafe things? 10:33 < gentauro> c_wraith: https://gitlab.com/uniprocess/haskell-template/-/blob/master/pkg/uniprocess/package.yaml#L37-47 10:34 < gentauro> this is how I trust packages that I want to use 10:34 < c_wraith> If you're trusting array, you've already got no safety 10:35 < gentauro> c_wraith: how come? 10:36 < gentauro> you understand that you are allowed to use FFI and code is still Safe right? http://blog.stermon.com/articles/2019/02/04/haskell-usage-of-malloc-free-is-safe.html 10:36 < gentauro> it's the way you expose your logic 10:37 < gentauro> in my snippet, I use a lot of FFI, but, since all my logic exposes IO in the signatures it's fine as the consumer will understand that something happens under the hood 10:38 < gentauro> what tends to happen with a lot of libraries is that `peeps` hide `IO`. Search (CTRL+F Main.hs) http://blog.stermon.com/articles/2019/02/09/haskell-bitonic-sorter-concurrent.html 10:39 < gentauro> you can see that I `remove` IO in `trust = unsafePerformIO . sort`. If I do this, I need to tell people using my logic that "I'm doing some `nasty` stuff under the hood, so be aware"

• codeworld

  14 1,237 0.0 Haskell

  Educational computer programming environment using Haskell

  

I'm not a user myself, but I understand Lambdabot and mueval depend on it. More generally, anything that executes Haskell code supplied by untrusted users would fit the bill. I don't know if CodeWorld for example allows user-supplied modules, but if it did they'd have to be Safe.

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

Suggest a related project