From: Jeremy Yallop <yallop@gmail.com>
To: Gabriel Scherer <gabriel.scherer@gmail.com>
Cc: caml users <caml-list@inria.fr>,
Jacques Garrigue <garrigue@math.nagoya-u.ac.jp>
Subject: Re: [Caml-list] Variance of GADT parameters
Date: Fri, 10 Feb 2012 22:10:46 +0000 [thread overview]
Message-ID: <CAAxsn=EcaJ14Dr-dvuweabGZhVQDGR4YHcc_S3-tzhHAibypYQ@mail.gmail.com> (raw)
In-Reply-To: <CAPFanBHvSWRTbgR-bb5q2DHZtN5Gfa__cVxUhqG_Zx2tm1V4nw@mail.gmail.com>
Dear Gabriel,
Here's an example of the sort of misbehaviour that the variance
condition on GADTs is intended to prevent. Consider what happens when
we decorate our old friend the equality GADT with a variance
annotation on one of the type parameters (it doesn't matter which):
type (_, +_) eq = Refl : ('a, 'a) eq
Even this fairly harmless looking addition allows us to write the
dreaded 'magic' function of type 'a -> 'b. Here's how (somewhat
untested):
let magic : 'a 'b. 'a -> 'b =
(* Dramatis personae:
* i, the input type
* o, the output type
* x, a value of the input type
*)
fun (type i) (type o) (x : i) ->
(* Step 1. Coerce a (legitimate) proof of <m:t> = <m:t> (any t) to a
* (dodgy) proof of <m:t> = < >.
*)
let bad_proof (type t) = (Refl : (<m:t>, <m:t>) eq :>
(<m:t>, < >) eq) in
(* Step 2. Use GADT pattern matching / type refinement to write a
* (legitimate) function from a proof of t = < > (any t) and a
* value of < > to a value of t.
*)
let downcast_1 : type a. (a, < >) eq -> < > -> a =
fun (type a) (Refl : (a, < >) eq) (s : < >) ->
(s :> a) in
(* Step 3. Apply the (legitimate) function to the (dodgy) proof to
* obtain a (dodgy) conversion from < > to <m:o>.
*)
let downcast_2 : < > -> <m:o> = downcast_1 bad_proof in
(* Step 4. Wrap up x in an object, and hide it behind a (legitimate)
* upcast to < >.
*)
let wrapped_x = ((object method m = x end) :> < >) in
(* Step 5. Apply the (dodgy) conversion to the wrapped x to obtain a
* value of type <m:o>, from which we can extract x at type o.
*)
(downcast_2 wrapped_x) # m
If I understand correctly, constraints 1-3 alone wouldn't be enough to
prevent this sort of thing.
Kind regards,
Jeremy.
next prev parent reply other threads:[~2012-02-10 22:10 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-10 10:11 Gabriel Scherer
2012-02-10 22:10 ` Jeremy Yallop [this message]
2012-02-11 1:51 ` [Caml-list] " Jacques Garrigue
2012-02-12 17:36 ` Gabriel Scherer
2012-02-13 10:23 ` Jacques Garrigue
[not found] ` <CAPFanBFqsgzmop2Lq3-3p60aycuGcXtVCrqRqF3h=namGLjyfA@mail.gmail.com>
2012-04-13 3:45 ` Jacques Garrigue
2012-04-13 10:51 ` Gabriel Scherer
2012-04-16 4:16 ` Jacques Garrigue
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAxsn=EcaJ14Dr-dvuweabGZhVQDGR4YHcc_S3-tzhHAibypYQ@mail.gmail.com' \
--to=yallop@gmail.com \
--cc=caml-list@inria.fr \
--cc=gabriel.scherer@gmail.com \
--cc=garrigue@math.nagoya-u.ac.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).