I'm looking for a way to run an arbitrary Haskell code safely (or refuse to run unsafe code).

Must have:

• module/function whitelist
• timeout on execution
• memory usage restriction

Capabilities I would like to see:

• ability to kill thread
• compiling the modules to native code
• caching of compiled code
• running several interpreters concurrently
• complex datatype for compiler errors (insted of simple message in String)

With that sort of functionality it would be possible to implement a browser plugin capable of running arbitrary Haskell code, which is the idea I have in mind.

EDIT: I've got two answers, both great. Thanks! The sad part is that there doesn't seem to be ready-to-go library, just a similar program. It's a useful resource though. Anyway I think I'll wait for 7.2.1 to be released and try to use SafeHaskell in my own program.

We've been doing this for about 8 years now in lambdabot, which supports:

• a controlled namespace
• OS-enforced timeouts
• native code modules
• caching
• concurrent interactive top-levels
• custom error message returns.

This series of rules is documented, see:

• Safely running untrusted Haskell code
• mueval, an alternative implementation based on ghc-api

The approach to safety taken in lambdabot inspired the Safe Haskell language extension work.

For approaches to dynamic extension of compiled Haskell applications, in Haskell, see the two papers:

• Dynamic Extension of Typed Functional Languages, and
• Dynamic applications from the ground up.

GHC 7.2.1 will likely have a new facility called SafeHaskell which covers some of what you want. SafeHaskell ensures type-safety (so things like unsafePerformIO are outlawed), and establishes a trust mechanism, so that a library with a safe API but implemented using unsafe features can be trusted. It is designed exactly for running untrusted code.

For the other practical aspects (timeouts and so on), lambdabot as Don says would be a great place to look.