Disable Haskell type coercion

Question

I have example based on hyperloglog. I'm trying to parametrize my Container with size, and use reflection to use this parameter in functions on containers.

import           Data.Proxy
import           Data.Reflection

newtype Container p = Container { runContainer :: [Int] }
    deriving (Eq, Show)

instance Reifies p Integer => Monoid (Container p) where
  mempty = Container $ replicate (fromIntegral (reflect (Proxy :: Proxy p))) 0
  mappend (Container l) (Container r) = undefined

My lame Monoid instance defines mempty based on reified parameter, and doing some "type-safe" mappend. It works perfectly when I'm trying to sum containers of different size, failing with type error.

However it's still can be tricked with coerce, and I'm looking for way to block it at compile time:

ghci> :set -XDataKinds
ghci> :m +Data.Coerce
ghci> let c3 = mempty :: Container 3
ghci> c3
ghci> Container {runContaner: [0,0,0]}
ghci> let c4 = coerce c3 :: Container 4
ghci> :t c4
ghci> c4 :: Container 4
ghci> c4
ghci> Container {runContainer: [0,0,0]} 

Adding type role doesn't help

type role Container nominal

Answer 1

The issue is that newtypes are coercible to their representation as long as the constructor is in scope – indeed, this is a big part of the motivation for Coercible. And Coercible constraints are like any other type class constraint, and are automatically searched and put together for you, only even more so. Thus, coerce c3 is finding that you have

instance Coercible (Container p) [Int]
instance Coercible [Int] (Container p')

for all p and p', and happily building the composite coercion for you via

instance (Coercible a b, Coercible b c) => Coercible a c

If you don't export the Container constructor – as you probably want to do anyway! – then it's no longer known that the newtype is equal to its representation (you lose the first two instances above), and you get the desired error in other modules:

ContainerClient.hs:13:6:
    Couldn't match type ‘4’ with ‘3’
    arising from trying to show that the representations of
      ‘Container 3’ and
      ‘Container 4’ are the same
    Relevant role signatures: type role Container nominal nominal
    In the expression: coerce c3
    In an equation for ‘c4’: c4 = coerce c3

However, you'll always be able to break your invariants in the module where you define the newtype (via coerce or otherwise).

---

As a side note, you probably don't want to use a record-style accessor here and export it; that lets users use record-update syntax to change out code from under you, so

c3 :: Container 3
c3 = mempty

c3' :: Container 3
c3' = c3{runContainer = []}

becomes valid. Make runContainer a free-standing function instead.

---

We can verify that we're getting the composition of the two newtype-representation constraints by looking at the Core (via -ddump-simpl): within the module that defines Container (which I've also called Container), the output is (if we remove the export list)

c4 :: Container 4
[GblId, Str=DmdType]
c4 =
  c3
  `cast` (Container.NTCo:Container[0] <GHC.TypeLits.Nat>_N <3>_N
          ; Sym (Container.NTCo:Container[0] <GHC.TypeLits.Nat>_N <4>_N)
          :: Container 3 ~R# Container 4)

It's a bit hard to read, but the important thing to see is Container.NTCo:Container[0]: the NTCo is a newtype coercion between the newtype Container p and its representation type. Sym turns this around, and ; composes two constraints.

Call the final constraint γₓ; then the whole typing derivation is

Sym :: (a ~ b) -> (b ~ a)
-- Sym is built-in

(;) :: (a ~ b) -> (b ~ c) -> (a ~ c)
-- (;) is built-in

γₙ :: k -> (p :: k) -> Container p ~ [Int]
γₙ k p = Container.NTCo:Container[0] <k>_N <p>_N

γ₃ :: Container 3 ~ [Int]
γ₃ = γₙ GHC.TypeLits.Nat 3

γ₄ :: Container 4 ~ [Int]
γ₄ = γₙ GHC.TypeLits.Nat 4

γ₄′ :: [Int] ~ Container 4
γ₄′ = Sym γ₄

γₓ :: Container 3 ~ Container 4
γₓ = γ₃ ; γ₄′

---

Here are the source files I used:

Container.hs:

{-# LANGUAGE FlexibleContexts, UndecidableInstances, ScopedTypeVariables,
             RoleAnnotations, PolyKinds, DataKinds #-}

module Container (Container(), runContainer) where

import Data.Proxy
import Data.Reflection
import Data.Coerce

newtype Container p = Container { runContainer :: [Int] }
    deriving (Eq, Show)
type role Container nominal

instance Reifies p Integer => Monoid (Container p) where
  mempty = Container $ replicate (fromIntegral (reflect (Proxy :: Proxy p))) 0
  mappend (Container l) (Container r) = Container $ l ++ r

c3 :: Container 3
c3 = mempty

-- Works
c4 :: Container 4
c4 = coerce c3

ContainerClient.hs:

{-# LANGUAGE DataKinds #-}

module ContainerClient where

import Container
import Data.Coerce

c3 :: Container 3
c3 = mempty

-- Doesn't work :-)
c4 :: Container 4
c4 = coerce c3