#16260: Use of plugins causes -XSafe to fail -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: new Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by watashi): * owner: (none) => watashi -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:1 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes -XSafe to fail -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: closed Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: fixed | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by watashi): @mpickering Thanks, I didn't notice there was already a similar ticket. `-fno-safe-haskell` would resolve the compilation issue in the ticket, but we still gets inconsistent `TcGblEnv`. For more background, I am trying to use source plugins to implement paralleled haddock, and this will generate wrong "Safe Haskell" information even we don't make any change. As you commented in #15920

I'm not that enthusiastic about a proposal as I don't know that anyone should rely on safe haskell as it's quite a neglected feature. I think I would rather write a proposal about removing safe haskell rather than understand how it should interact more precisely with plugins.

In this case, do you think it makes sense to simply remove calls of `mark_plugin_unsafe` in `renamed/typeCheckResultAction` https://gitlab.haskell.org/ghc/ghc/blob/c2455e64/compiler/typecheck/TcRnDriv... and push the responsibility of calling `recordUnsafeInfer` to the plugin author and document this somewhere? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes -XSafe to fail -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: closed Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: fixed | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by watashi):

Perhaps a better solution is to make all the fields which can modify the AST return Maybe so that if any modifications take place then the module is marked Unsafe. Plugins can return Nothing if they want to purely inspect information.

I thought about this as well. But `keepRenamedSource` is a useful couterexample that modifies the return value but doesn't affect the final output. I am not familiar with all the use cases of source plugins. Assuming we push the responsibility the plugin authors, how bad will it be if they forget calling `recordUnsafeInfer` when they should? Is this worse than `-fno-safe-haskell`? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:5 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes -XSafe to fail -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: closed Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: fixed | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by mpickering): My reasoning is that if a consumer decides that they don't care about Safe Haskell then they can use `-fno-safe-haskell` and skip the checks. However, if a user does care about safe haskell then they would care if one of their dependencies was modified with a plugin, this kind of situation is easy to achieve when using nix for example. If it is up to the plugin authors to be prudent, I imagine that none of them will be. Perhaps if we just modify the `Sf_Ignore` constructor to be `Sf_Ignore SafeHaskellMode` to record the mode it is ignoring then that would solve your problem? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:7 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes different SafeHaskellMode returned for the module -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: new Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Changes (by watashi): * owner: (none) => watashi -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:9 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes different SafeHaskellMode returned for the module -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: new Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by watashi): Cool, I will make a change for this then. Personally, I leans a little bit on the reverting side just because I am not a big fan of too many flags. But I think those two are actually orthogonal even though they are originally built to address the same issue, and I will leave the decision to you. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:11 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler

#16260: Use of plugins causes different SafeHaskellMode returned for the module -------------------------------------+------------------------------------- Reporter: watashi | Owner: watashi Type: bug | Status: closed Priority: normal | Milestone: Component: Compiler | Version: 8.7 Resolution: fixed | Keywords: Operating System: Unknown/Multiple | Architecture: Type of failure: GHC rejects | Unknown/Multiple valid program | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by Marge Bot ): In [changeset:"406e43af2f12756c80d583b86326f760f2f584cc/ghc" 406e43a/ghc]: {{{ #!CommitTicketReference repository="ghc" revision="406e43af2f12756c80d583b86326f760f2f584cc" Add `-fplugin-trustworthy` to avoid marking modules as unsafe By default, when a module is compiled with plugins, it will be marked as unsafe. With this flag passed, all plugins are treated as trustworthy and the safety inference will no longer be affected. This fixes Trac #16260. }}} -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/16260#comment:13 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler