27

I'm looking for a way to run an arbitrary Haskell code safely (or refuse to run unsafe code).

Must have:

  • module/function whitelist
  • timeout on execution
  • memory usage restriction

Capabilities I would like to see:

  • ability to kill thread
  • compiling the modules to native code
  • caching of compiled code
  • running several interpreters concurrently
  • complex datatype for compiler errors (insted of simple message in String)

With that sort of functionality it would be possible to implement a browser plugin capable of running arbitrary Haskell code, which is the idea I have in mind.

EDIT: I've got two answers, both great. Thanks! The sad part is that there doesn't seem to be ready-to-go library, just a similar program. It's a useful resource though. Anyway I think I'll wait for 7.2.1 to be released and try to use SafeHaskell in my own program.

Tener
  • 5,280
  • 4
  • 25
  • 44

2 Answers2

31

We've been doing this for about 8 years now in lambdabot, which supports:

  • a controlled namespace
  • OS-enforced timeouts
  • native code modules
  • caching
  • concurrent interactive top-levels
  • custom error message returns.

This series of rules is documented, see:

The approach to safety taken in lambdabot inspired the Safe Haskell language extension work.

For approaches to dynamic extension of compiled Haskell applications, in Haskell, see the two papers:

Don Stewart
  • 137,316
  • 36
  • 365
  • 468
  • I'm accepting the answer because more people voted on this one. Simon's answer is great too. Thank you for responses! – Tener May 13 '11 at 22:53
26

GHC 7.2.1 will likely have a new facility called SafeHaskell which covers some of what you want. SafeHaskell ensures type-safety (so things like unsafePerformIO are outlawed), and establishes a trust mechanism, so that a library with a safe API but implemented using unsafe features can be trusted. It is designed exactly for running untrusted code.

For the other practical aspects (timeouts and so on), lambdabot as Don says would be a great place to look.

Simon Marlow
  • 12,785
  • 4
  • 42
  • 32
  • What part of SafeHaskell proposal will be implemented in 7.2.1? The whole thing? – Tener May 12 '11 at 11:09
  • David Terei has implemented the compiler parts of SafeHaskell, the patch is waiting in my review queue. The rest is modifying the base package and the other libraries to use Safe and Trustworthy as appropriate. David is working on that part right now. I expect SafeHaskell will be available in some experimental state in 7.2.1. – Simon Marlow May 13 '11 at 18:37