Forbid annotations when Safe Haskell safe mode is enabled.
authorDavid Kraeutmann <kane@kane.cx>
Tue, 8 Sep 2015 16:35:33 +0000 (11:35 -0500)
committerAustin Seipp <austin@well-typed.com>
Tue, 8 Sep 2015 16:35:59 +0000 (11:35 -0500)
For now, this fails compliation immediately with an error. If desired, this
can be a warning that annotations in Safe Haskell are ignored.

Signed-off-by: David Kraeutmann <kane@kane.cx>
Reviewed By: goldfire, austin

Differential Revision: https://phabricator.haskell.org/D1226

GHC Trac Issues: #10826

compiler/typecheck/TcAnnotations.hs
docs/users_guide/7.12.1-notes.xml
docs/users_guide/safe_haskell.xml
testsuite/tests/annotations/should_fail/T10826.hs [new file with mode: 0644]
testsuite/tests/annotations/should_fail/T10826.stderr [new file with mode: 0644]
testsuite/tests/annotations/should_fail/all.T

index 474630b..688a1e9 100644 (file)
@@ -12,6 +12,8 @@ module TcAnnotations ( tcAnnotations, annCtxt ) where
 #ifdef GHCI
 import {-# SOURCE #-} TcSplice ( runAnnotation )
 import Module
+import DynFlags
+import Control.Monad ( when )
 #endif
 
 import HsSyn
@@ -47,7 +49,14 @@ tcAnnotation (L loc ann@(HsAnnotation _ provenance expr)) = do
     let target = annProvenanceToTarget mod provenance
 
     -- Run that annotation and construct the full Annotation data structure
-    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ runAnnotation target expr
+    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ do
+      -- See #10826 -- Annotations allow one to bypass Safe Haskell.
+      dflags <- getDynFlags
+      when (safeLanguageOn dflags) $ failWithTc safeHsErr
+      runAnnotation target expr
+    where
+      safeHsErr = vcat [ ptext (sLit "Annotations are not compatible with Safe Haskell.")
+                  , ptext (sLit "See https://ghc.haskell.org/trac/ghc/ticket/10826") ]
 
 annProvenanceToTarget :: Module -> AnnProvenance Name -> AnnTarget Name
 annProvenanceToTarget _   (ValueAnnProvenance (L _ name)) = NamedTarget name
index 5a6670d..bc5c7af 100644 (file)
                     See <xref linkend="injective-ty-fams"/> for details.
                </para>
            </listitem>
+
+           <listitem>
+               <para>
+                   Due to a <ulink href="https://ghc.haskell.org/trac/ghc/ticket/10826">
+                       security issue
+                   </ulink>, Safe Haskell now forbids annotations in programs marked as
+                   <literal>-XSafe</literal>
+               </para>
+           </listitem>
        </itemizedlist>
     </sect3>
 
index 814f5c9..f9bcf54 100644 (file)
       Wiki</ulink>.
     </para>
 
+    <para>
+    Additionally, the use of <link linkend="annotations">annotations</link>
+    is forbidden, as that would allow bypassing Safe Haskell restrictions.
+    See <ulink url="https://ghc.haskell.org/trac/ghc/ticket/10826">ticket #10826</ulink>.
+    </para>
+
   </sect2>
 
 </sect1>
diff --git a/testsuite/tests/annotations/should_fail/T10826.hs b/testsuite/tests/annotations/should_fail/T10826.hs
new file mode 100644 (file)
index 0000000..cddf33c
--- /dev/null
@@ -0,0 +1,7 @@
+{-# LANGUAGE Safe #-}
+module Test (hook) where
+
+import System.IO.Unsafe
+
+{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
+hook = undefined
diff --git a/testsuite/tests/annotations/should_fail/T10826.stderr b/testsuite/tests/annotations/should_fail/T10826.stderr
new file mode 100644 (file)
index 0000000..0e2bed5
--- /dev/null
@@ -0,0 +1,6 @@
+
+T10826.hs:6:1: error:
+    Annotations are not compatible with Safe Haskell.
+    See https://ghc.haskell.org/trac/ghc/ticket/10826
+    In the annotation:
+      {-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
index 21eaa76..0b10d83 100644 (file)
@@ -18,7 +18,7 @@ test('annfail10', req_interp, compile_fail, [''])
 test('annfail11', normal, compile_fail, [''])
 test('annfail12', req_interp, compile_fail, ['-v0'])
 test('annfail13', normal, compile_fail, [''])
-
+test('T10826', normal, compile_fail, [''])
 """"
 Helpful things to C+P: