From 4356dacb4a2ae29dfbd7126b25b72d89bb9db1b0 Mon Sep 17 00:00:00 2001
From: David Kraeutmann <kane@kane.cx>
Date: Tue, 8 Sep 2015 11:35:33 -0500
Subject: [PATCH] Forbid annotations when Safe Haskell safe mode is enabled.

For now, this fails compliation immediately with an error. If desired, this
can be a warning that annotations in Safe Haskell are ignored.

Signed-off-by: David Kraeutmann <kane@kane.cx>

Reviewed By: goldfire, austin

Differential Revision: https://phabricator.haskell.org/D1226

GHC Trac Issues: #10826
---
 compiler/typecheck/TcAnnotations.hs                   | 11 ++++++++++-
 docs/users_guide/7.12.1-notes.xml                     |  9 +++++++++
 docs/users_guide/safe_haskell.xml                     |  6 ++++++
 testsuite/tests/annotations/should_fail/T10826.hs     |  7 +++++++
 testsuite/tests/annotations/should_fail/T10826.stderr |  6 ++++++
 testsuite/tests/annotations/should_fail/all.T         |  2 +-
 6 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 testsuite/tests/annotations/should_fail/T10826.hs
 create mode 100644 testsuite/tests/annotations/should_fail/T10826.stderr

diff --git a/compiler/typecheck/TcAnnotations.hs b/compiler/typecheck/TcAnnotations.hs
index 474630b789..688a1e9370 100644
--- a/compiler/typecheck/TcAnnotations.hs
+++ b/compiler/typecheck/TcAnnotations.hs
@@ -12,6 +12,8 @@ module TcAnnotations ( tcAnnotations, annCtxt ) where
 #ifdef GHCI
 import {-# SOURCE #-} TcSplice ( runAnnotation )
 import Module
+import DynFlags
+import Control.Monad ( when )
 #endif
 
 import HsSyn
@@ -47,7 +49,14 @@ tcAnnotation (L loc ann@(HsAnnotation _ provenance expr)) = do
     let target = annProvenanceToTarget mod provenance
 
     -- Run that annotation and construct the full Annotation data structure
-    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ runAnnotation target expr
+    setSrcSpan loc $ addErrCtxt (annCtxt ann) $ do
+      -- See #10826 -- Annotations allow one to bypass Safe Haskell.
+      dflags <- getDynFlags
+      when (safeLanguageOn dflags) $ failWithTc safeHsErr
+      runAnnotation target expr
+    where
+      safeHsErr = vcat [ ptext (sLit "Annotations are not compatible with Safe Haskell.")
+                  , ptext (sLit "See https://ghc.haskell.org/trac/ghc/ticket/10826") ]
 
 annProvenanceToTarget :: Module -> AnnProvenance Name -> AnnTarget Name
 annProvenanceToTarget _   (ValueAnnProvenance (L _ name)) = NamedTarget name
diff --git a/docs/users_guide/7.12.1-notes.xml b/docs/users_guide/7.12.1-notes.xml
index 5a6670df75..bc5c7afe8f 100644
--- a/docs/users_guide/7.12.1-notes.xml
+++ b/docs/users_guide/7.12.1-notes.xml
@@ -100,6 +100,15 @@
                     See <xref linkend="injective-ty-fams"/> for details.
                </para>
            </listitem>
+
+           <listitem>
+               <para>
+                   Due to a <ulink href="https://ghc.haskell.org/trac/ghc/ticket/10826">
+                       security issue
+                   </ulink>, Safe Haskell now forbids annotations in programs marked as
+                   <literal>-XSafe</literal>
+               </para>
+           </listitem>
        </itemizedlist>
     </sect3>
 
diff --git a/docs/users_guide/safe_haskell.xml b/docs/users_guide/safe_haskell.xml
index 814f5c9f20..f9bcf549bc 100644
--- a/docs/users_guide/safe_haskell.xml
+++ b/docs/users_guide/safe_haskell.xml
@@ -946,6 +946,12 @@
       Wiki</ulink>.
     </para>
 
+    <para>
+    Additionally, the use of <link linkend="annotations">annotations</link>
+    is forbidden, as that would allow bypassing Safe Haskell restrictions.
+    See <ulink url="https://ghc.haskell.org/trac/ghc/ticket/10826">ticket #10826</ulink>.
+    </para>
+
   </sect2>
 
 </sect1>
diff --git a/testsuite/tests/annotations/should_fail/T10826.hs b/testsuite/tests/annotations/should_fail/T10826.hs
new file mode 100644
index 0000000000..cddf33ca6f
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.hs
@@ -0,0 +1,7 @@
+{-# LANGUAGE Safe #-}
+module Test (hook) where
+
+import System.IO.Unsafe
+
+{-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
+hook = undefined
diff --git a/testsuite/tests/annotations/should_fail/T10826.stderr b/testsuite/tests/annotations/should_fail/T10826.stderr
new file mode 100644
index 0000000000..0e2bed5d8b
--- /dev/null
+++ b/testsuite/tests/annotations/should_fail/T10826.stderr
@@ -0,0 +1,6 @@
+
+T10826.hs:6:1: error:
+    Annotations are not compatible with Safe Haskell.
+    See https://ghc.haskell.org/trac/ghc/ticket/10826
+    In the annotation:
+      {-# ANN hook (unsafePerformIO (putStrLn "Woops.")) #-}
diff --git a/testsuite/tests/annotations/should_fail/all.T b/testsuite/tests/annotations/should_fail/all.T
index 21eaa765c3..0b10d8394a 100644
--- a/testsuite/tests/annotations/should_fail/all.T
+++ b/testsuite/tests/annotations/should_fail/all.T
@@ -18,7 +18,7 @@ test('annfail10', req_interp, compile_fail, [''])
 test('annfail11', normal, compile_fail, [''])
 test('annfail12', req_interp, compile_fail, ['-v0'])
 test('annfail13', normal, compile_fail, [''])
-
+test('T10826', normal, compile_fail, [''])
 """"
 Helpful things to C+P:
 
-- 
GitLab