diff --git a/compiler/typecheck/TcAnnotations.hs b/compiler/typecheck/TcAnnotations.hs
index 474630b789f765818f6bb8b00340a6597d2feaa9..688a1e9370d048b9fb76714f85086210c36c1f96 100644
--- a/compiler/typecheck/TcAnnotations.hs
+++ b/compiler/typecheck/TcAnnotations.hs
@@ -12,6 +12,8 @@ module TcAnnotations ( tcAnnotations, annCtxt ) where
#ifdef GHCI
import {-# SOURCE #-} TcSplice ( runAnnotation )
import Module
+import DynFlags
+import Control.Monad ( when )
#endif
import HsSyn
@@ -47,7 +49,14 @@ tcAnnotation (L loc ann@(HsAnnotation _ provenance expr)) = do
let target = annProvenanceToTarget mod provenance
-- Run that annotation and construct the full Annotation data structure
- setSrcSpan loc $ addErrCtxt (annCtxt ann) $ runAnnotation target expr
+ setSrcSpan loc $ addErrCtxt (annCtxt ann) $ do
+ -- See #10826 -- Annotations allow one to bypass Safe Haskell.
+ dflags <- getDynFlags
+ when (safeLanguageOn dflags) $ failWithTc safeHsErr
+ runAnnotation target expr
+ where
+ safeHsErr = vcat [ ptext (sLit "Annotations are not compatible with Safe Haskell.")
+ , ptext (sLit "See https://ghc.haskell.org/trac/ghc/ticket/10826") ]
annProvenanceToTarget :: Module -> AnnProvenance Name -> AnnTarget Name
annProvenanceToTarget _ (ValueAnnProvenance (L _ name)) = NamedTarget name
diff --git a/docs/users_guide/7.12.1-notes.xml b/docs/users_guide/7.12.1-notes.xml
index 5a6670df75ad6ea4b3d5a551448d06a3e42091ca..bc5c7afe8f9f2e1cd74c1d84957fafa0ad4b1c38 100644
--- a/docs/users_guide/7.12.1-notes.xml
+++ b/docs/users_guide/7.12.1-notes.xml
@@ -100,6 +100,15 @@
See for details.
+
+
+
+ Due to a
+ security issue
+ , Safe Haskell now forbids annotations in programs marked as
+ -XSafe
+
+
diff --git a/docs/users_guide/safe_haskell.xml b/docs/users_guide/safe_haskell.xml
index 814f5c9f20e440b4a86562168e286a91a96f2314..f9bcf549bc743daf365dd796b2795cff2b185ca0 100644
--- a/docs/users_guide/safe_haskell.xml
+++ b/docs/users_guide/safe_haskell.xml
@@ -946,6 +946,12 @@
Wiki.
+
+ Additionally, the use of annotations
+ is forbidden, as that would allow bypassing Safe Haskell restrictions.
+ See ticket #10826.
+
+
diff --git a/testsuite/tests/annotations/should_fail/T10826.hs b/testsuite/tests/annotations/should_fail/T10826.hs
new file mode 100644
index 0000000000000000000000000000000000000000..cddf33ca6fba1e5baf3fe8ced86c6e3a6f84a73c
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.hs
@@ -0,0 +1,7 @@
+{-# LANGUAGE Safe #-}
+module Test (hook) where
+
+import System.IO.Unsafe
+
+{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
+hook = undefined
diff --git a/testsuite/tests/annotations/should_fail/T10826.stderr b/testsuite/tests/annotations/should_fail/T10826.stderr
new file mode 100644
index 0000000000000000000000000000000000000000..0e2bed5d8bec9d473227b5ade5035b7ec8f60c00
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.stderr
@@ -0,0 +1,6 @@
+
+T10826.hs:6:1: error:
+ Annotations are not compatible with Safe Haskell.
+ See https://ghc.haskell.org/trac/ghc/ticket/10826
+ In the annotation:
+ {-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
diff --git a/testsuite/tests/annotations/should_fail/all.T b/testsuite/tests/annotations/should_fail/all.T
index 21eaa765c32ccd02eda6fbc8d0371e5c1db79d3e..0b10d8394ad88c67d032cf5332aec7955b470150 100644
--- a/testsuite/tests/annotations/should_fail/all.T
+++ b/testsuite/tests/annotations/should_fail/all.T
@@ -18,7 +18,7 @@ test('annfail10', req_interp, compile_fail, [''])
test('annfail11', normal, compile_fail, [''])
test('annfail12', req_interp, compile_fail, ['-v0'])
test('annfail13', normal, compile_fail, [''])
-
+test('T10826', normal, compile_fail, [''])
""""
Helpful things to C+P: