'SqlExpr' can be unsafely coerced using the safe 'coerce' function

[arthurxavierx]

It's now possible to write

let
  fromNull :: SqlExpr (Maybe (Entity e)) -> SqlExpr (Entity e)
  fromNull = coerce

  myNonNullableEntity = fromNull (myNullableEntity :: SqlExpr (Maybe (Entity SomeEntity)))

which could cause unexpected runtime errors.

[belevy]

Is there a way to prevent this outside of the library code? This is a feature in the internal code, we get free coercion.

Basically coerce is not part of our contract so if someone makes a runtime error using it I don't really care.

[parsonsmatt]

Hm.

We could have:

newtype SqlExpr a 
type role SqlExpr nominal

veryUnsafeCoerceSqlExpr :: SqlExpr a -> SqlExpr b
veryUnsafeCoerceSqlExpr = unsafeCoerce

unsafeCoerce is safe in this sense, since we're explicitly blocking the normal coerce behavior that would otherwise be used. Clients of the library need to write the scary name. And we can still use it internally. Is this an acceptable compromise?

[belevy]

that seems fine, we should probably be using veryUnsafeCoerceSqlExpr everywhere anyways though I think we lose the fmap (f . coerce) == coerce . fmap f rewrite rule

[parsonsmatt]

I think an INLINE pragma on veryUnsafeCoerceSqlExpr would work to get the rewrites firing again

[parsonsmatt]

Fixed in #413