[darcs-devel] witnesses changes

Ganesh Sittampalam ganesh at earth.li
Wed Jun 27 06:06:43 UTC 2012 

What error do you get without the unsafeCoerce on repository?

On 27/06/2012 06:58, Aditya wrote:
> Hi Heffalump,
>  Thanks for the review! I will encapsulate the functions that use
> unsafeCoerce.
>  I need you help with unsafeCoerce in a different place, however.
> Please look at
> Darcs.UI.Commands.Annotate. http://darcsden.com/bsrkaditya/darcs-patch-index-rebase-2012-06-17/browse/src/Darcs/UI/Commands/Annotate.hs
> I have ported patch-index annotate into the module.
> (patch: http://darcsden.com/bsrkaditya/darcs-patch-index-rebase-2012-06-17/patch/20120627050014-ae621)
> I am using unsafeCoerce on repository, and I want to avoid using it.
> (This was not necessary before combining the two annotates)
> 
> Thanks,
> Aditya.
> 
> On Tue, Jun 26, 2012 at 11:47 PM, Ganesh Sittampalam <ganesh at earth.li
> <mailto:ganesh at earth.li>> wrote:
> 
>     Hi Aditya,
> 
>     I had a look at the witnesses changes you mentioned on IRC after our
>     meeting (in your branch at
>     darcsden.com/bsrkaditya/darcs-patch-index-rebase-2012-06-17/
>     <http://darcsden.com/bsrkaditya/darcs-patch-index-rebase-2012-06-17/>).
> 
>     It's good to see at least some of the Sealed2 stuff gone - I lost track
>     of whether it's all gone yet, but the end goal should definitely be to
>     avoid any new uses of [Sealed2 ...], although I think that the changes
>     code might already have a bit of that before the patch index was added
>     so obviously it's fine for that to remain for now.
> 
>     I forgot to emphasise that use of unsafeCoerce on witnesses in darcs is
>     supposed to be tightly constrained, to reduce the risk of using it in a
>     way that's actually dangerous. Having getElems and dropFLFL use it
>     directly is therefore not a good idea, because those functions are quite
>     general could be used in a different context to patch index filtering.
> 
>     In the meeting I suggested using filterFLFL to achieve this, with an
>     unsafe function being passed in that works only on the basis of whether
>     something is excluded from the patch index or not - but looking at the
>     patch index code a bit more I see that may be difficult as it relies on
>     a positional analysis which would be tricky to do as a filter.
> 
>     Given that, it's probably best to encapsulate the unsafeCoerce within
>     one or two functions that read the repository and the patch index
>     together (two might be needed given what you said about needing an FL in
>     one case and a PatchSet in another). Overall the goal should be that the
>     unsafety can't be easily used by outside callers to do something
>     completely different.
> 
>     In the long run I would like to have as simple an abstraction as
>     possible for doing this (hence my suggestion of viewing this as a
>     filter), but overall safety is the primary goal and simplicity is
>     secondary.
> 
>     BTW it's better to use unsafeCoerceP than unsafeCoerce; it has a type
>     that means it's less likely to be used by accident on the wrong kind of
>     thing.
> 
>     Feel free to ask more questions by email or arrange another morning IRC
>     meeting.
> 
>     Cheers,
> 
>     Ganesh
> 
> 
> 
> 
> -- 
> BSRK Aditya

More information about the darcs-devel mailing list