Hannes Siebenhandl pushed to branch wip/fendor/freeze-throw at Glasgow Haskell Compiler / GHC Commits: 38a6b92c by fendor at 2026-02-13T15:12:00+01:00 Hide implementation details from base exception stack traces Ensure we hide the implementation details of the exception throwing mechanisms: * `undefined` * `throwSTM` * `throw` * `throwIO` * `error` The `HasCallStackBacktrace` should always have a length of exactly 1, not showing internal implementation details in the stack trace, as these are vastly distracting to end users. CLC proposal [#387](https://github.com/haskell/core-libraries-committee/issues/387) - - - - - 5 changed files: - libraries/ghc-internal/src/GHC/Internal/Exception.hs - libraries/ghc-internal/src/GHC/Internal/STM.hs - + libraries/ghc-internal/tests/backtraces/T15395.hs - + libraries/ghc-internal/tests/backtraces/T15395.stdout - libraries/ghc-internal/tests/backtraces/all.T Changes: ===================================== libraries/ghc-internal/src/GHC/Internal/Exception.hs ===================================== @@ -87,7 +87,7 @@ throw e = -- Note also the absolutely crucial `noinine` in the RHS! -- See Note [Hiding precise exception signature in throw] let se :: SomeException - !se = noinline (unsafePerformIO (toExceptionWithBacktrace e)) + !se = noinline (unsafePerformIO (withFrozenCallStack $ toExceptionWithBacktrace e)) in raise# se -- Note [Capturing the backtrace in throw] @@ -162,7 +162,12 @@ throw e = -- primops which allow more precise guidance of the demand analyser's heuristic -- (e.g. #23847). --- | @since base-4.20.0.0 +-- | Collect a Backtrace and attach it to the 'Exception'. +-- +-- It is recommended to use 'withFrozenCallStack' when calling this function +-- in order to avoid leaking implementation details of 'toExceptionWithBacktrace'. +-- +-- @since base-4.20.0.0 toExceptionWithBacktrace :: (HasCallStack, Exception e) => e -> IO SomeException toExceptionWithBacktrace e ===================================== libraries/ghc-internal/src/GHC/Internal/STM.hs ===================================== @@ -28,7 +28,7 @@ import GHC.Internal.Base import GHC.Internal.Exception (Exception, toExceptionWithBacktrace, fromException, addExceptionContext) import GHC.Internal.Exception.Context (ExceptionAnnotation) import GHC.Internal.Exception.Type (WhileHandling(..)) -import GHC.Internal.Stack (HasCallStack) +import GHC.Internal.Stack (HasCallStack, withFrozenCallStack) -- TVars are shared memory locations which support atomic memory -- transactions. @@ -187,7 +187,7 @@ throwSTM e = do -- N.B. Typically use of unsafeIOToSTM is very much frowned upon as this -- is an easy way to end up with nested transactions. However, we can be -- certain that toExceptionWithBacktrace will not initiate a transaction. - se <- unsafeIOToSTM (toExceptionWithBacktrace e) + se <- unsafeIOToSTM (withFrozenCallStack $ toExceptionWithBacktrace e) STM $ raiseIO# se -- | Exception handling within STM actions. ===================================== libraries/ghc-internal/tests/backtraces/T15395.hs ===================================== @@ -0,0 +1,85 @@ +{-# LANGUAGE LambdaCase #-} +{-# LANGUAGE TypeApplications #-} + +import GHC.Internal.Control.Exception +import GHC.Internal.Data.Foldable (traverse_) +import GHC.Internal.Exception.Backtrace +import GHC.Internal.Exception.Context +import GHC.Internal.Exception.Type +import GHC.Internal.STM (atomically, throwSTM) +import qualified GHC.Internal.Stack as HCS +import qualified GHC.Internal.Stack.Types as HCS +import Control.Monad (when) +import qualified Data.List as List +import System.Exit (exitFailure) + +main :: IO () +main = do + -- Make sure there are HasCallStackBacktraces + setBacktraceMechanismState HasCallStackBacktrace True + mapM_ (uncurry runCase) + [ ("throw", throwAction) + , ("throwIO", throwIOAction) + , ("error", errorAction) + , ("throwSTM", throwSTMAction) + , ("undefined", undefinedAction) + ] + +runCase :: String -> IO () -> IO () +runCase name act = do + putStrLn $ "=== Validate stack size of '" ++ name ++ "' has length 1" + catchAndVerifyStackTraceLength name act + putStrLn "" + +throwAction :: IO () +throwAction = evaluate $ throw $ ErrorCall "my throw error" + +throwIOAction :: IO () +throwIOAction = throwIO $ ErrorCall "my throwIO error" + +errorAction :: IO () +errorAction = error "plain error" + +throwSTMAction :: IO () +throwSTMAction = atomically $ throwSTM $ ErrorCall "my throwSTM error" + +undefinedAction :: IO () +undefinedAction = evaluate undefined + +catchAndVerifyStackTraceLength :: String -> IO () -> IO () +catchAndVerifyStackTraceLength name act = do + try act >>= \ case + Right _ -> do + putStrLn $ "Exception expected but got a result for '" ++ name ++ "'" + exitFailure + Left exc -> + verifyBacktraceSize name exc + +verifyBacktraceSize :: String -> SomeException -> IO () +verifyBacktraceSize label se = do + message <- evaluate (displayException se) + putStrLn "==== Caught exception:" + putStrLn message + putStrLn "==== Exception Backtraces:" + let backtraces = getExceptionAnnotations @Backtraces $ someExceptionContext se + traverse_ validateBacktrace backtraces + +validateBacktrace :: Backtraces -> IO () +validateBacktrace bt = + case btrHasCallStack bt of + Nothing -> pure () + Just cs -> do + let stack = HCS.getCallStack cs + + traverse_ mustNotReferenceInternalPackages stack + traverse_ (putStrLn . prettyCallSite) stack + where + prettyCallSite (f, loc) = "- " ++ f ++ ", called at " ++ HCS.prettySrcLoc loc + + mustNotReferenceInternalPackages (_, loc) = + case List.find (HCS.srcLocPackage loc ==) internalPackages of + Just val -> fail $ "Stack trace must not reference '" ++ val ++ "' package." + Nothing -> pure () + +internalPackages :: [String] +internalPackages = ["base", "ghc", "ghc-internal", "ghc-experimental"] ===================================== libraries/ghc-internal/tests/backtraces/T15395.stdout ===================================== @@ -0,0 +1,30 @@ +=== Validate stack size of 'throw' has length 1 +==== Caught exception: +my throw error +==== Exception Backtraces: +- throw, called at T15395.hs:35:26 in main:Main + +=== Validate stack size of 'throwIO' has length 1 +==== Caught exception: +my throwIO error +==== Exception Backtraces: +- throwIO, called at T15395.hs:38:17 in main:Main + +=== Validate stack size of 'error' has length 1 +==== Caught exception: +plain error +==== Exception Backtraces: +- error, called at T15395.hs:41:15 in main:Main + +=== Validate stack size of 'throwSTM' has length 1 +==== Caught exception: +my throwSTM error +==== Exception Backtraces: +- throwSTM, called at T15395.hs:44:31 in main:Main + +=== Validate stack size of 'undefined' has length 1 +==== Caught exception: +Prelude.undefined +==== Exception Backtraces: +- undefined, called at T15395.hs:47:28 in main:Main + ===================================== libraries/ghc-internal/tests/backtraces/all.T ===================================== @@ -4,3 +4,7 @@ test('T26507', [ when(have_profiling(), extra_ways(['prof'])) , when(js_arch(), skip) , when(ghc_with_ipe(), skip) # IPE builds include an IPE backtrace section on stderr. , exit_code(1)], compile_and_run, ['']) + +# Stack traces shouldn't expose implementation details +test('T15395', [ when(have_profiling(), extra_ways(['prof'])) + , when(js_arch(), skip)], compile_and_run, ['']) View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/38a6b92c85c53cce82c6ead375ac0329... -- View it on GitLab: https://gitlab.haskell.org/ghc/ghc/-/commit/38a6b92c85c53cce82c6ead375ac0329... You're receiving this email because of your account on gitlab.haskell.org.