Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Safe execution of untrusted Haskell code

Tags:

haskell

execution

isolation

sandbox

I'm looking for a way to run an arbitrary Haskell code safely (or refuse to run unsafe code).

Must have:

  • module/function whitelist
  • timeout on execution
  • memory usage restriction

Capabilities I would like to see:

  • ability to kill thread
  • compiling the modules to native code
  • caching of compiled code
  • running several interpreters concurrently
  • complex datatype for compiler errors (insted of simple message in String)

With that sort of functionality it would be possible to implement a browser plugin capable of running arbitrary Haskell code, which is the idea I have in mind.

EDIT: I've got two answers, both great. Thanks! The sad part is that there doesn't seem to be ready-to-go library, just a similar program. It's a useful resource though. Anyway I think I'll wait for 7.2.1 to be released and try to use SafeHaskell in my own program.

like image 574
Tener Avatar asked May 12 '11 03:05

Tener

2 Answers

We've been doing this for about 8 years now in lambdabot, which supports:

  • a controlled namespace
  • OS-enforced timeouts
  • native code modules
  • caching
  • concurrent interactive top-levels
  • custom error message returns.

This series of rules is documented, see:

  • Safely running untrusted Haskell code
  • mueval, an alternative implementation based on ghc-api

The approach to safety taken in lambdabot inspired the Safe Haskell language extension work.

For approaches to dynamic extension of compiled Haskell applications, in Haskell, see the two papers:

  • Dynamic Extension of Typed Functional Languages, and
  • Dynamic applications from the ground up.
like image 186
Don Stewart Avatar answered Oct 31 '22 10:10

Don Stewart

GHC 7.2.1 will likely have a new facility called SafeHaskell which covers some of what you want. SafeHaskell ensures type-safety (so things like unsafePerformIO are outlawed), and establishes a trust mechanism, so that a library with a safe API but implemented using unsafe features can be trusted. It is designed exactly for running untrusted code.

For the other practical aspects (timeouts and so on), lambdabot as Don says would be a great place to look.

like image 38
Simon Marlow Avatar answered Oct 31 '22 11:10

Simon Marlow
Sign in to Comment

Related questions

Contradictory Behaviour of Lambda Functions
Proving "no corruption" in Haskell
Use case for rank-3 (or higher) polymorphism?
Why does length return 1 for a tuple with 2 elements, and gives an error for a tuple with more elements?
Restructuring an OOP datatype into Haskell types
What is MonadBaseControl for?
Is Haskell appropriate for long-running applications?
Lazy List of Prime Numbers
How to list all the installed packages and their version with Cabal?
Foldable, Monoid and Monad
What monads can be expressed as Free over some functor?
Haskell: How does 'atomicModifyIORef' work?
How to improve the performance of this Haskell program?
How to compile a resource into a binary in Haskell?
How to make a type with restrictions
What is the difference between different orderings of the same monad transformers?
Haskell interact function
Efficient queue in Haskell
How to get Haskell QuickCheck 2.4 to increase # tests?
Are closures a violation of the functional programming paradigm?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!