[Haskell-cafe] Safe Haskell?
Bertram Felgenhauer
bertram.felgenhauer at googlemail.com
Sat Apr 17 13:03:26 UTC 2021
Richard Eisenberg wrote:
> Hi café,
>
> Do you use Safe Haskell? Do you know someone who does? If you do, which
> of Safe Haskell's guarantees do you rely on?
Yes. lambdabot's evaluation mechanism is essentially designed around
Safe Haskell: expressions being evaluated are wrapped in `show`, so
there's nothing triggering IO actions from outside.
Safe Haskell (barring bugs or evil libraries) ensures that there's no
unsafePerformIO nor unsafeCoerce to break the type system, so there's
no way to perform arbitrary IO actions inside pure code.
The libraries are curated, so evil libraries have not been an issue.
As for bugs, there have been holes in Typeable in the past, but
currently I believe they're closed, except for the use of MD5 as a
hash function (but that may require ~2^64 hash operations to exploit
because it's hashing UTF-16 data, rendering the existing differential
path collision attacks useless... as far as I know, nobody has done
this yet).
Preventing the use of Template Haskell is another aspect that
lambdabot relies on.
Nowadays, lambdabot (as deployed on Freenode) also uses a sandbox for
evaluation, but I'm thinking of that as a second line of defense
rather than the primary mechanism for keeping things safe.
So I'd be sad to see SafeHaskell go away.
Cheers,
Bertram
More information about the Haskell-Cafe
mailing list