| 208 | |
| 209 | = Proposal: roles for type families = |
| 210 | |
| 211 | Currently, the type constructors for all type families and data families all conservatively assign role `nominal` to all their parameters. This is a safe choice, but a restrictive one, as it rules out some useful, coercion-safe programs. In this section, I propose a way to allow type families to have parameters with phantom and representational roles. |
| 212 | |
| 213 | == Examples we cannot write today == |
| 214 | |
| 215 | This example ([https://ghc.haskell.org/trac/ghc/ticket/8177#comment:32 courtesy of glguy]) will not typecheck: |
| 216 | |
| 217 | {{{#!hs |
| 218 | -- | Family of N-ary operator types. |
| 219 | type family Op n a b where |
| 220 | Op 'Z a b = b |
| 221 | Op ('S n) a b = a -> Op n a b |
| 222 | |
| 223 | coerceOp :: Coercible a b => Op n a c -> Op n b c |
| 224 | coerceOp = coerce |
| 225 | }}} |
| 226 | |
| 227 | Since the role signature for `Op` is `type role Op nominal nominal nominal`. But in an ideal world, the role signature for `Op` would be inferred as `type role Op nominal representational representational`. After all, neither `a` nor `b` is "scrutinized" in any sense, so it feels perfectly safe to coerce them freely. |
| 228 | |
| 229 | Another example ([https://ghc.haskell.org/trac/ghc/ticket/8177#comment:33 courtesy of int-index]) is: |
| 230 | |
| 231 | {{{#!hs |
| 232 | -- represents effect methods for some monad `m` |
| 233 | data family EffDict (eff :: k) (m :: Type -> Type) |
| 234 | |
| 235 | -- Note this matches on `eff`, not `m` |
| 236 | data StateEff s |
| 237 | data instance EffDict (StateEff s) m = |
| 238 | StateDict |
| 239 | { _state :: forall a . (s -> (a,s)) -> m a, |
| 240 | _get :: m s, |
| 241 | _put :: s -> m () } |
| 242 | |
| 243 | -- composition of monad transformers |
| 244 | newtype TComp t1 t2 m a = TComp (t1 (t2 m) a) |
| 245 | |
| 246 | coerceDict :: EffDict eff (t1 (t2 m)) -> EffDict eff (TComp t1 t2 m) |
| 247 | coerceDict = coerce |
| 248 | }}} |
| 249 | |
| 250 | Again, `coerceDict` will not typecheck due to the role of `m` in `EffDict` being `nominal`. But there's no good reason why this //must// be the case—we ought to be able to tell GHC to allow `m` to have `representational role`. (Of course, this would prevent any `EffDict` instance from using `m` at a `nominal` role, but them's the breaks.) |
| 251 | |
| 252 | Additionally, we might like to have roles for //associated// type families. For instance, consider this example ([https://ghc.haskell.org/trac/ghc/ticket/8177#comment:20 courtesy of dmcclean]): |
| 253 | |
| 254 | {{{#!hs |
| 255 | data Variant = DQuantity | DUnit Prefixability |
| 256 | data Dimension |
| 257 | |
| 258 | class KnownVariant (var :: Variant) where |
| 259 | data Dimensional var :: Dimension -> * -> * |
| 260 | |
| 261 | instance KnownVariant DQuantity where |
| 262 | newtype Dimensional DQuantity d v = Quantity' v |
| 263 | |
| 264 | instance KnownVariant (DUnit p) where |
| 265 | data Dimensional (DUnit p) d v = Unit' UnitName v |
| 266 | |
| 267 | type Quantity = Dimensional DQuantity |
| 268 | coerceQuantity :: Coercible v w => Quantity d v -> Quantity d w |
| 269 | coerceQuantity = coerce |
| 270 | }}} |
| 271 | |
| 272 | Once again, `coerceQuantity` is ill typed, simply because of the conservative `nominal` role that the last type parameter of `Dimensional` has. Associated type families are an interesting case, since they can have extra type parameters (and thus extra roles) that the parent class does not have. |
| 273 | |
| 274 | == Syntax == |
| 275 | |
| 276 | Implementing roles for type families would not require too many changes to the syntax of the language, as most of the required pieces are already there. The biggest current restriction is the fact that one cannot declare role annotations for type families, e.g., |
| 277 | |
| 278 | {{{#!hs |
| 279 | type role F nominal |
| 280 | type family F a |
| 281 | }}} |
| 282 | |
| 283 | But this is a restriction that is easily overcome. In addition, the parser does not currently recognize role annotations for associated type families: |
| 284 | |
| 285 | {{#!hs |
| 286 | class C a where |
| 287 | type role Assoc nominal nominal |
| 288 | type Assoc a b |
| 289 | }}} |
| 290 | |
| 291 | But this could be added without much difficulty. |
| 292 | |
| 293 | == Role inference for type families == |
| 294 | |
| 295 | Regardless of whether we're dealing with a closed, open, or associated type family, GHC will need to infer the most permissive roles possible for every type family, and possibly check these roles against a user-provided role signature. This section describes how role inference will operate. |
| 296 | |
| 297 | === Example === |
| 298 | |
| 299 | Consider this type family: |
| 300 | |
| 301 | {{{#!hs |
| 302 | type family F (e :: *) (f :: *) (g :: *) (h :: *) :: k where |
| 303 | F Int b c d = c |
| 304 | F (Maybe a) b a d = Maybe b |
| 305 | F a b c d = a |
| 306 | }}} |
| 307 | |
| 308 | There are five type parameters for `F`: `k`, `e`, `f`, `g`, and `h`. What should be the roles for each one? We will start off by assuming each parameter has role `phantom`, and then walk the structure of the type family, progressively marking parameters with more restrictive roles. |
| 309 | |
| 310 | === The type family kind === |
| 311 | |
| 312 | First, we gather all of the free variables in the type family's kind and mark each as `nominal`. This is under the observation that only type variables can be at role `phantom` or `nominal`, never kind variables. Therefore, `k` would be marked as nominal. |
| 313 | |
| 314 | === The type family equations === |
| 315 | |
| 316 | Next, we descend into each defining equation of the type family and inspect the left-hand and right-hand sides. The right-hand sides are analyzed just like the fields of a data constructor; see the [https://ghc.haskell.org/trac/ghc/wiki/Roles#Roleinference Role inference] section above for more details. From the right-hand sides, we learn that the roles of `e`, `f`, and `g` should be (at least) `representational`. |
| 317 | |
| 318 | The more interesting analysis comes when inspecting the left-hand sides. We want to mark any type variable that is //scrutinized// as `nominal`. By "scrutinized", we mean a variable that is being used in a non-parametric fashion. For instance, we want to rule out scenarios like this one: |
| 319 | |
| 320 | {{{#!hs |
| 321 | type family Inspect x where |
| 322 | Inspect Bool = Int |
| 323 | Inspect Int = Bool |
| 324 | |
| 325 | coerceInspect :: Coercible a b => Inspect a -> Inspect b |
| 326 | coerceInspect = coerce |
| 327 | |
| 328 | unsafeBoolToInt :: Bool -> Int |
| 329 | unsafeBoolToInt = (coerceInspect :: Inspect Int -> Inspect Age) |
| 330 | }}} |
| 331 | |
| 332 | To accomplish this, we check for any occurences of the either of the following sorts of scrutinization: |
| 333 | |
| 334 | 1. A type pattern that is not a single type variable. For instance, all of these equations provde examples of type patterns which do scrutinize a particular type variable: |
| 335 | |
| 336 | {{{#!hs |
| 337 | type family Inspect x where |
| 338 | Inspect Int = Bool |
| 339 | Inspect (Either a b) = a |
| 340 | Inspect (f a) = a |
| 341 | }}} |
| 342 | |
| 343 | Any type variable that is scrutinized in this fashion (`x` in the above example) is marked as `nominal`. |
| 344 | |
| 345 | 2. Type patterns that are syntactically equal are all marked as nominal. For instance: |
| 346 | |
| 347 | {{{#!hs |
| 348 | type family Eq w x y z where |
| 349 | Eq a b (Either b a) c = a |
| 350 | }}} |
| 351 | |
| 352 | Here, we have two variable names that are used in multiple places: `a` and `b`. As a result, the type variables which they inhabit (`w`, `x`, and `y`) are all marked as `nominal`. |
| 353 | |
| 354 | Returning to the earlier `F` example, we would learn that `e` and `g` should be marked nominal, as they are both scrutinized. Therefore, the final inferred roles for `k`, `e`, `f`, `g`, and `h` are `nominal`, `nominal`, `representational`, `nominal`, and `phantom`. |
| 355 | |
| 356 | == Role checking for type families == |
| 357 | |
| 358 | Users can also specify role annotations for type families that should be checked against the inferred roles. For instance: |
| 359 | |
| 360 | {{{#!hs |
| 361 | type role G nominal nominal |
| 362 | type family G a b where |
| 363 | G a b = Either a b |
| 364 | }}} |
| 365 | |
| 366 | If the user hadn't written the role annotation for `G`, its role signature would have been inferred to be `type role G representational representational`. However, role checking overrides the inferred roles and assigns the more conservative roles of `type role G nominal nominal`. |
| 367 | |
| 368 | Note that while writing role annotations for //closed// type families is purely optional, it is somewhat more important for open type families. For instance, what should be the roles for this type family? |
| 369 | |
| 370 | {{{#!hs |
| 371 | type family Open a b |
| 372 | }}} |
| 373 | |
| 374 | Here, we have a choice to make. We could decide to make the roles for open type families default to, say, `representational`. While this would give us the freedom to `coerce` values of type `Open a b` more freely, it simultaneously restricts the instances we can give for `Open`, since every type instance must be checked to ensure that neither `a` nor `b` is used at a `nominal` role. |
| 375 | |
| 376 | For the sake of backwards compatibility and the principle of least surprise, roles for open type families default to `nominal`. This allows more instances to be written, but makes it harder to `coerce` them. If a user wishes to `coerce` open type families, the onus is on her to write a role annotation, e.g., |
| 377 | |
| 378 | {{{#!hs |
| 379 | type role Open representational representational |
| 380 | type family Open a b |
| 381 | }}} |
| 382 | |
| 383 | == Type family roles and hs-boot files == |
| 384 | |
| 385 | Just like we default roles for open type families to `nominal`, we do the same for type families declared in `hs-boot` files. |