Add a comment about safety of accursedUnutterablePerformIO usage

IntersectMBO · Nov 20, 2024 · 03d23d0 · 03d23d0
1 parent 1588e3a
commit 03d23d0
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/cardano-crypto-class/src/Cardano/Crypto/PackedBytes.hs b/cardano-crypto-class/src/Cardano/Crypto/PackedBytes.hs
@@ -123,6 +123,12 @@ instance KnownNat n => MemPack (PackedBytes n) where
     buf <- ask
     pure $! buffer buf
       (\ba# -> packBytes (SBS.SBS ba#) curPos)
+      -- Usage of `accursedUnutterablePerformIO` is safe below because there are no memory
+      -- allocations happening that depend on the IO monad that we are excaping here. All
+      -- IO actions are morally pure reads using pointers into the immutable
+      -- memory. Furthermore, in the place where ByteArray is allocated in
+      -- `packPinnedPtrN`, mutation and freezing are encapsulated with `runST` and is not
+      -- related to the `IO` we are escaping.
       (\addr# -> accursedUnutterablePerformIO $ packPinnedPtr (Ptr (addr# `plusAddr#` curPos#)))
   {-# INLINE unpackM #-}