I have been thinking about a potential source of bugs from catch-all pattern matches and would like to know your thoughts.
Totality is usually a desirable property of a function and the catch-all can conveniently buy us totality. But at what price?
I have been indoctrinated that rigour goes above convenience (think along the lines of: "Once we indulge in the impurities of I/O, there is no redemption.")
I would like to evaluate the trade-offs between convenience for the programmer and a potential source of bugs.
My questions to the community—
- Are there real world examples of bugs caused by catch-alls?
- Do you think that a language extension that disallows catch-alls (and annotations to opt back in at pattern match sites or type declaration) could be useful for certain code bases?
- If this is a potential problem, then can you think of any better solutions a compiler could provide (i.e. that don't rely on an IDE / structured editing) other than disallowing catch-alls?
Feel free to chip in with your 2p (or 2¢), but please only if you have any concrete experience (or compelling theoretical evidence).
Consider the sum type:
data Answer = No | Yes
and the function:
foo : Answer -> String
foo Yes = "Woo-hoo!"
foo _ = "Bother."
Say we need to extend our sum type:
data Answer = No | Perhaps | Yes
However, we forget to handle the new case appropriately in foo
. The compiler is happy, but at runtime foo Perhaps
would evaluate to "Bother."
—with potentially catastrophic consequences.
(Please imagine this happening in a large codebase with several contributors, no single one of whom knows the entire codebase.)
I'd say they're useful in some particular instances, where you want a function that is only applied to one of the constructors (I think this is a... Prism(?) in Lens terminology).
In particular, if you're proposing a pragma (c.f. previous
{-# ANN ... #-}
comment), I think it's arguably something you want at the pattern-matching site, rather than where the type is declared. If only because the aforementioned functions are going to be once-offs, but the rest of the time I'd want the safeties turned on.