proposal: add 'unsafeCoerce'

Robert Dockins robdockins at
Sat Nov 11 08:47:17 EST 2006

On Saturday 11 November 2006 03:50, Bulat Ziganshin wrote:
> Hello Donald,
> Saturday, November 11, 2006, 5:47:36 AM, you wrote:
> > yes! this was *critical* in lambdabot, for allowing random users to run
> > pure h98 expressions. A lot of time went in to working out the trusted
> > module import base (so not stToIo, , unsafe* and so on).
> >
> > Currently unsafe things are scattered around System.*, Data.Array.*
> > Control.*.
> isn't it _much_ better to use Virtual Machine to disallow bad code?
> may be yhc may provide such VM?

Well, since you bring it up, I'm currently working on this topic.  Yes, you 
can examine a program bytecode file and disallow FFI and primitive actions 
_in that module_ pretty easily.  However, if your untrusted module imports 
Foreign.IO.unsafePerformIO, or Some.PathTo.unsafeCoerce, all your hard work 
goes out the window.

The idea is to segregate all the unsafe code in one place do its easy to 
discriminate against it at the module level rather than at the individual 
function level.

Rob Dockins

Talk softly and drive a Sherman tank.
Laugh hard, it's a long way to the bank.
       -- TMBG

More information about the Libraries mailing list