How to modify GHC internals?

Alastair Reid
Sat, 19 Jul 2003 15:49:32 +0100

> <Aim>
> To guarantee security of a Haskell program so it can
> be used as an applet.
> </Aim>
> <Method>
> Over-ride GHC's code generator to produce an
> assembly language that I specify. Also disable
> program access to system calls and foreign
> functions, except for a single trusted library
> that I specify.
> </Method>

I think more info is needed about your goals.

For example, if you can accept some loss of performance, you could write an 
interpreter (or a very simple compiler) for CoreHaskell (ghc has a flag which 
will dump out optimized, typed lambda calculus).  This would reduce the size 
of your trusted computing base because:

1) You wouldn't use the GHC runtime system (garbage collector, threads, etc.) 
which has been written with performance in mind rather than ease of 
performing a security audit.

2) Your interpreter or code generator would be very much smaller than the 
combined size of GHC's code generator and gcc and the infamous assembly 
mangler because it could skip a number of optimization opportunities.

3) CoreHaskell is strongly typed so any safety derived from type safety still 
holds at this level too but would be absent from assembly code.

But, you'd probably see a slowdown by a factor of 2-10 (depending on whether 
you interpret or compile) so this might not suit your needs.

Alastair Reid