[commit: ghc] master: Forbid annotations when Safe Haskell safe mode is enabled. (4356dac)

git at git.haskell.org git at git.haskell.org
Tue Sep 8 16:34:33 UTC 2015 

Repository : ssh://git@git.haskell.org/ghc

On branch  : master
Link       : http://ghc.haskell.org/trac/ghc/changeset/4356dacb4a2ae29dfbd7126b25b72d89bb9db1b0/ghc

>---------------------------------------------------------------

commit 4356dacb4a2ae29dfbd7126b25b72d89bb9db1b0
Author: David Kraeutmann <kane at kane.cx>
Date:   Tue Sep 8 11:35:33 2015 -0500

    Forbid annotations when Safe Haskell safe mode is enabled.
    
    For now, this fails compliation immediately with an error. If desired, this
    can be a warning that annotations in Safe Haskell are ignored.
    
    Signed-off-by: David Kraeutmann <kane at kane.cx>
    
    Reviewed By: goldfire, austin
    
    Differential Revision: https://phabricator.haskell.org/D1226
    
    GHC Trac Issues: #10826


>---------------------------------------------------------------

4356dacb4a2ae29dfbd7126b25b72d89bb9db1b0
 compiler/typecheck/TcAnnotations.hs                   | 11 ++++++++++-
 docs/users_guide/7.12.1-notes.xml                     |  9 +++++++++
 docs/users_guide/safe_haskell.xml                     |  6 ++++++
 testsuite/tests/annotations/should_fail/T10826.hs     |  7 +++++++
 testsuite/tests/annotations/should_fail/T10826.stderr |  6 ++++++
 testsuite/tests/annotations/should_fail/all.T         |  2 +-
 6 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/compiler/typecheck/TcAnnotations.hs b/compiler/typecheck/TcAnnotations.hs
index 474630b..688a1e9 100644
--- a/compiler/typecheck/TcAnnotations.hs
+++ b/compiler/typecheck/TcAnnotations.hs
@@ -12,6 +12,8 @@ module TcAnnotations ( tcAnnotations, annCtxt ) where
 #ifdef GHCI
 import {-# SOURCE #-} TcSplice ( runAnnotation )
 import Module
+import DynFlags
+import Control.Monad ( when )
 #endif
 
 import HsSyn
@@ -47,7 +49,14 @@ tcAnnotation (L loc ann@(HsAnnotation _ provenance expr)) = do
     let target = annProvenanceToTarget mod provenance
 
     -- Run that annotation and construct the full Annotation data structure
-    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ runAnnotation target expr
+    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ do
+      -- See #10826 -- Annotations allow one to bypass Safe Haskell.
+      dflags <- getDynFlags
+      when (safeLanguageOn dflags) $ failWithTc safeHsErr
+      runAnnotation target expr
+    where
+      safeHsErr = vcat [ ptext (sLit "Annotations are not compatible with Safe Haskell.")
+                  , ptext (sLit "See https://ghc.haskell.org/trac/ghc/ticket/10826") ]
 
 annProvenanceToTarget :: Module -> AnnProvenance Name -> AnnTarget Name
 annProvenanceToTarget _   (ValueAnnProvenance (L _ name)) = NamedTarget name
diff --git a/docs/users_guide/7.12.1-notes.xml b/docs/users_guide/7.12.1-notes.xml
index 5a6670d..bc5c7af 100644
--- a/docs/users_guide/7.12.1-notes.xml
+++ b/docs/users_guide/7.12.1-notes.xml
@@ -100,6 +100,15 @@
                     See <xref linkend="injective-ty-fams"/> for details.
                </para>
            </listitem>
+
+           <listitem>
+               <para>
+                   Due to a <ulink href="https://ghc.haskell.org/trac/ghc/ticket/10826">
+                       security issue
+                   </ulink>, Safe Haskell now forbids annotations in programs marked as
+                   <literal>-XSafe</literal>
+               </para>
+           </listitem>
        </itemizedlist>
     </sect3>
 
diff --git a/docs/users_guide/safe_haskell.xml b/docs/users_guide/safe_haskell.xml
index 814f5c9..f9bcf54 100644
--- a/docs/users_guide/safe_haskell.xml
+++ b/docs/users_guide/safe_haskell.xml
@@ -946,6 +946,12 @@
       Wiki</ulink>.
     </para>
 
+    <para>
+    Additionally, the use of <link linkend="annotations">annotations</link>
+    is forbidden, as that would allow bypassing Safe Haskell restrictions.
+    See <ulink url="https://ghc.haskell.org/trac/ghc/ticket/10826">ticket #10826</ulink>.
+    </para>
+
   </sect2>
 
 </sect1>
diff --git a/testsuite/tests/annotations/should_fail/T10826.hs b/testsuite/tests/annotations/should_fail/T10826.hs
new file mode 100644
index 0000000..cddf33c
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.hs
@@ -0,0 +1,7 @@
+{-# LANGUAGE Safe #-}
+module Test (hook) where
+
+import System.IO.Unsafe
+
+{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
+hook = undefined
diff --git a/testsuite/tests/annotations/should_fail/T10826.stderr b/testsuite/tests/annotations/should_fail/T10826.stderr
new file mode 100644
index 0000000..0e2bed5
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.stderr
@@ -0,0 +1,6 @@
+
+T10826.hs:6:1: error:
+    Annotations are not compatible with Safe Haskell.
+    See https://ghc.haskell.org/trac/ghc/ticket/10826
+    In the annotation:
+      {-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
diff --git a/testsuite/tests/annotations/should_fail/all.T b/testsuite/tests/annotations/should_fail/all.T
index 21eaa76..0b10d83 100644
--- a/testsuite/tests/annotations/should_fail/all.T
+++ b/testsuite/tests/annotations/should_fail/all.T
@@ -18,7 +18,7 @@ test('annfail10', req_interp, compile_fail, [''])
 test('annfail11', normal, compile_fail, [''])
 test('annfail12', req_interp, compile_fail, ['-v0'])
 test('annfail13', normal, compile_fail, [''])
-
+test('T10826', normal, compile_fail, [''])
 """"
 Helpful things to C+P:

More information about the ghc-commits mailing list