[Haskell-cafe] More on the random idea

Donald Bruce Stewart dons at cse.unsw.edu.au
Sat May 26 11:13:41 EDT 2007


isaacdupree:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Donald Bruce Stewart wrote:
> > Lambdabot uses 1) type guarantee of no-IO at the top level, along with
> > 2) a trusted module base (pure module only, that are trusted to not
> > export evil things), as well as 3) restricting only to H98-language only
> > (things like TH can, and have been, exploited, for example).
> 
> And lambdabot's only allowing _expressions_, so GHC's (former?)
> vulnerability to instances of Ix that return out-of-bounds indexes did
> not affect it.

Oh yes, it only allows expressions (how could I forget that?), meaning
also that, for example, crafty newtype recursion is disallowed. And of
course, no evil Ix instances.

Oh, also, there's another exploit using a variety crafty expressions
that trigger pathological type inference behaviour, causing the type
checker to effectively lock up the system. (One is particularly easy to
come up with...). There's really a lot of things to watch out for,
actually.

We should document all the interesting exploits that have been found
over the years!

> There are some extensions that are safe... explicit forall, rank-N
> types, etc... which can be enabled on an "opt-in" basis so that only
> safe ones are chosen?

We could do that (explicit forall is probably the most requested).
Currently we only allow -fextended-defaulting, (giving ghci like
defaulting).

-- Don


More information about the Haskell-Cafe mailing list