Why doesn't Safe Haskell support Template Haskell?

Question

The documentation for Safe Haskell states:

[...] Unfortunately Template Haskell can be used to subvert module boundaries and so could be used gain access to this constructor. [...] The use of the -XSafe flag to compile the Danger module restricts the features of Haskell that can be used to a safe subset. This includes disallowing unsafePerfromIO, Template Haskell,[...]

Used as a macro system that translates an AST to another AST, should it not be possible to simply restrict TH to the safe subset of Haskell, and also restrict the resulting AST to this subset?

Answer 1

A bit further down on the page you linked:

TemplateHaskell — Is particularly dangerous, as it can cause side effects even at compilation time and can be used to access abstract data types. It is very easy to break module boundaries with TH.

The concern about side effects comes from the fact that TH allows you to run arbitrary IO computations at compile time using runIO. This would throw any hope of safety right out the window.

Breaking module boundaries means that using TH you can for example access data constructors even though a module did not export them.

See this repository for many examples of things that would be unsafe to allow in Safe Haskell, including an example of breaking module boundaries.

It might be possible that Template Haskell could be made safe if these features were disabled, however it would require significant changes to TH.