Workaround for #10826, forbid annotations when Safe Haskell safe mode is enabled.
ClosedPublic

Authored by KaneTW on Sep 6 2015, 5:57 PM.

Details

Summary

For now, this fails compliation immediately with an error.
If desired, this can be a warning that annotations in Safe Haskell are ignored.

Signed-off-by: David Kraeutmann <kane@kane.cx>

Diff Detail

Repository
rGHC Glasgow Haskell Compiler
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.
KaneTW updated this revision to Diff 4098.Sep 6 2015, 5:57 PM
KaneTW retitled this revision from to Workaround for #10826, forbid annotations when Safe Haskell safe mode is enabled..
KaneTW updated this object.
KaneTW edited the test plan for this revision. (Show Details)
KaneTW updated the Trac tickets for this revision.
KaneTW updated this revision to Diff 4099.Sep 6 2015, 6:10 PM
KaneTW edited edge metadata.

Fix stage 1 compilation with -Werror

Note that I didn't check whether the compiler is inferring safety. So the following two modules
Test.hs:

module Test (hook) where

import System.IO.Unsafe

{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
hook = undefined

and Safe.hs:

{-# LANGUAGE Safe #-}
module Test2 where
import Test

compiled using ghc Safe.hs
produce "Woops." even with the patch.

I decided that if safe compilation is desired, the user will pass -XSafe to the compiler. If the above is a problem I'll make it ignore annotations when inferring safety, too.

When compiling with -XTrustworthy or -XUnsafe, the user asserts that the code is safe respectively unsafe, so annotations don't have to be blocked.

goldfire accepted this revision.Sep 8 2015, 10:40 AM
goldfire edited edge metadata.
In D1226#34211, @KaneTW wrote:

produce "Woops." even with the patch.

But then compilation failed? If it fails in the end, I agree that this is fine behavior.

Looks like a great patch. Many thanks!

compiler/typecheck/TcAnnotations.hs
58

ptext . sLit is used only for historical reasons these days. Prefer just text, which has the same type (String -> SDoc) as ptext . sLit.

docs/users_guide/7.12.1-notes.xml
108

The word "annotation" may be misconstrued here. I would add (that is, the <literal>{-# ANN ... #-}</literal> directive) to clarify.

This revision is now accepted and ready to land.Sep 8 2015, 10:40 AM
austin accepted this revision.Sep 8 2015, 11:13 AM
austin edited edge metadata.

LGTM too!

This revision was automatically updated to reflect the committed changes.
KaneTW added a comment.EditedSep 8 2015, 12:16 PM

@goldfire didn't manage to fix the two issues before the commit got pushed, but i'll take note for the future. Mostly saw ptext . sLit used everywhere, so I continued using it. Maybe make a lint rule that triggers on that when pushing a diff (Not sure if Phab's lint can do that).

I'm not sure if compilation fails. I'll take a look. I think it's fine either way, since nothing is stopping an untrusted or safety inferred module from modifying GHC internals -- the guide on safe compilation explicitly mentions passing -XSafe on the command line. Having to require no annotations for safety inferred code might be a bit too much.