Changes between Version 1 and Version 2 of SafeRoles/RolesOverview


Ignore:
Timestamp:
Apr 30, 2015 1:04:59 AM (5 years ago)
Author:
dterei
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SafeRoles/RolesOverview

    v1 v2  
    138138can only declare a type parameter to be a higher or equal role to the one
    139139inferred.
    140 
    141 == Roles & Safe Haskell ==
    142 
    143 Roles are an unfortunate mechanism for control right now. Since
    144 representational is the default role for most type constructors, to enforce
    145 invariants on abstract data types, library authors need to set their type
    146 constructors to have nominal roles.
    147 
    148 This requires that library authors understand roles to enforce what they expect
    149 to happen according to Haskell2010 semantics. It also prevents them using
    150 `coerce` internally and gaining the optimization, which is insulting as they
    151 can write the code that coerce is semantically equivalent to.
    152 
    153 It seems a different approach is needed, of either:
    154 
    155 1) Require that all constructors are in scope when calling `coerce`. There is
    156 some precedence for this as 7.10 requires that a newtype's constructor is in
    157 scope to use `coerce`.
    158 
    159 **NO**: This was requirement wasn't place of data types since some types (like
    160 `IORef`) don't even have constructors that can be in scope.
    161 
    162 2) Allow specifying internal + external role annotations.
    163 
    164 3) Change the default to be nominal when all the constructors aren't exported,
    165 and allow weakening of this to referential with role annotations.