Changes between Version 4 and Version 5 of SafeHaskell


Ignore:
Timestamp:
Nov 10, 2010 8:24:23 AM (4 years ago)
Author:
simonpj
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • SafeHaskell

    v4 v5  
    11= Safe Haskell = 
    22 
    3 This is a proposal for a Haskell extension through which people can safely execute untrusted Haskell code, much the way web browsers currently run untrusted Java and JavaScript, or the way the Spin and Singularity operating systems ran untrusted Modula-3 and C#/Sing#. The assumption is that untrusted Haskell code will be distributed in source form.  The party running the code will compile it using this proposed extension, and the extension will cause GHC to reject the code if importing it and evaluating its functions could cause unsafe effects. 
     3This is a proposal for a Haskell extension through which people can safely execute untrusted Haskell code, much the way web browsers currently run untrusted Java and !JavaScript, or the way the Spin and Singularity operating systems ran untrusted Modula-3 and C#/Sing#.  
     4 
     5== Setup == 
     6 
     7Safe Haskell assumes the following setup. 
     8 * A server S wants to run code provided by untrusted (and perhaps malicious) clients X. 
     9 * Clients X may send untrusted Haskell code to S ''in source form'' 
     10 * The server compiles this untrusted code, with the `-XSafe` flag. 
     11 * If compilation succeeds, S can safely run the code, knowing that it cannot cause unsafe effects. 
    412 
    513More specifically, there are two parts to this proposed extension: 
     
    816 
    917 2. An option to GHC ({{{-XTrusted}}}) indicating that, even though a module might invoke unsafe functions internally, the set of exported symbols cannot be used in an unsafe way. 
     18 
     19A module compiled with `-XSafe` can only import modules compiled with `-XTrusted` or `-XSafe`. 
    1020 
    1121== Safety Goal ==