19 Jul
2003
19 Jul
'03
1:03 p.m.
<Aim> To guarantee security of a Haskell program so it can be used as an applet. </Aim>
<Method> Over-ride GHC's code generator to produce an assembly language that I specify. Also disable program access to system calls and foreign functions, except for a single trusted library that I specify. </Method>
Since all effects that you worry about (if you trust GHC's code generation, and I think you should) happen in the IO monad, you only need to limit what's available as libraries, and outlaw unsafePerformIO. You could also make your own version of the IO monad to get better control. -- Lennart