New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ new ] Factoring out unsafe parts of the library #414
Conversation
Would it make sense for |
Regarding your questions:
Without adding new primitives? I doubt we can.
Sure (it's a matter of generating a file importing all the modules whose name does not end in |
We're hitting the Is there a reason why Edit: the same will probably be true of |
Hmm I can see the advantage. On the other hand it's then not immediately clear which parts being used are unsafe and which are safe. The export hierarchy is also getting a little bit complicated at that point. e.g.
Ah of course. I missed this problem. I've been running The only solution to this problem that I can see is to extend the mechanism of explicitly turning Guess we should open an issue on the main Agda repository... |
I'd be more likely to continue to import X, and, for documentation:
```
open import X.Unsafe using (unsafeXfunction)
```
|
Good point, I like this approach.
+1 |
also building the docs for safe
Looking at our attempt to make (most of) the standard library compile with the `--safe` flag (cf. agda/agda-stdlib/pull/414), it would be nice to be able to drop some of the `postulate`s in `Agda.Builtin.*`. * Made `String`, `Char`, `Float`, `Word64` and the `Coinduction` builtins which do not require a corresponding definition. This allows us to remove all of the corresponding `postulate`s in `Agda.Builtin.*`. * Added a warning when a `BUILTIN` rebinds an existing name. This should make our change nicely backwards compatible: we don't need to use `postulate`s anymore but if we are then Agda simply warns us. * Made sure `BUILTIN`-bound names are recognized as proper declarations in the nicifier and that they can be attached a fixity. This is only used for `Sharp` in `Agda.Builtin.Coinduction` at the moment. And voilà!
(Provided that I make sure travis is using Agda's master on experimental) we should now |
Do we need to merge this into |
Good point. You would need to comment out this line in .travis.yml: https://github.com/agda/agda-stdlib/blob/safe/.travis.yml#L75 |
I'm so hyped by this. 🎆 |
I'm glad, it's been a long time coming! |
The latest attempt at factoring out the parts of the library that will not type check with the
--safe
option. See issue #143.All modules are now safe except:
IO(.Primitives)
Reflection
Relation.Binary.PropositionalEquality.TrustMe
Data.X.Unsafe
The main changes necessary:
Char
,String
,Word
etc. have all had their meaningful equality checks marked as unsafe.Relation.Binary.HeterogeneousEquality.Quotients(.Examples)
had function extensionality postulated. I've made these safe by moving extensionality to a module parameter. Therefore users can still postulate extensionality for themselves and use the definitions, but it no longer pollutes the library.Open questions:
--safe
option intomake tests
?