Received: by 10.66.88.5 with SMTP id bc5mr1793719pab.11.1344319025619;
        Mon, 06 Aug 2012 22:57:05 -0700 (PDT)
Path: g9ni2545pbo.0!nntp.google.com!npeer03.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!border3.nntp.dca.giganews.com!border1.nntp.dca.giganews.com!nntp.giganews.com!ctu-peer!ctu-gate!news.nctu.edu.tw!usenet.stanford.edu!postnews.google.com!glegroupsg2000goo.googlegroups.com!not-for-mail
From: trijezdci <trijez...@gmail.com>
Newsgroups: comp.lang.modula2
Subject: Re: request for feedback: making foreign function calls to C
 printf-style functions safer
Date: Thu, 2 Aug 2012 13:37:52 -0700 (PDT)
Organization: http://groups.google.com
Lines: 42
Message-ID: <91b94c6a-b148-4e1a-95e6-3e751ea1f93a@googlegroups.com>
References: <66023f48-9593-4886-84de-a15533da3508@googlegroups.com>
 <slrnk15fph.2rjp.marcov@toad.stack.nl> <0f5344ef-43ae-4dcc-a7c2-4e916ca7f57d@googlegroups.com>
 <slrnk1kouc.j2p.marcov@toad.stack.nl>
NNTP-Posting-Host: 77.192.240.27
Mime-Version: 1.0
X-Trace: posting.google.com 1343939872 12242 127.0.0.1 (2 Aug 2012 20:37:52 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: Thu, 2 Aug 2012 20:37:52 +0000 (UTC)
In-Reply-To: <slrnk1kouc.j2p.marcov@toad.stack.nl>
Complaints-To: groups-abuse@google.com
Injection-Info: glegroupsg2000goo.googlegroups.com; posting-host=77.192.240.27;
 posting-account=6kEoFwkAAACENPBfoedh2AWlLB_AoBL6
User-Agent: G2/1.0
Bytes: 3218
X-Received-Bytes: 3266
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Wirth defined a simple rule: Any facility that bypasses the otherwise stric=
t safety rules of the language belongs into module SYSTEM and as a conseque=
nce, once a facility is imported from SYSTEM, then safety may no longer be =
guaranteed, thus import from SYSTEM works as an indicator, too.

I know some people do not like this rule set. They believe SYSTEM is evil a=
nd should be removed or at least it should be crippled. I find Wirth's rule=
 set for SYSTEM perfectly sufficient and I do not share those notions on SY=
STEM. This is not something I feel like discussing either. I take SYSTEM fo=
r granted.


The suggested pragma takes effect only in combination with a facility that =
is provided by SYSTEM. Therefore, in order to use the pragma, one would fir=
st need to use the facility and in order to use the facility, one would fir=
st need to import it from SYSTEM. It thus satisfies Wirth's rule set for SY=
STEM.

Did we consider to revise Wirth's rule set for SYSTEM to put restrictions o=
n what kinds of modules can import from what other kinds of modules? Yes we=
 did and it turned out to be a silly idea that we abandoned soon again. I a=
m not going to comment any further on this.


> a terrible burden on the compiler builder (for doubtful benefit
> IMHO)

No, you have it upside down. The pragma is suggested as a recommendation so=
 that compiler implementors who feel they want such a check will be able to=
 use a blueprint that avoids rendering source code non-portable, which is a=
 risk if nothing is defined.


> I hope you make it an optional part to enforce this.

Copy-pasted from my earlier post:

>> we are talking about an optional pragma, that is to say,
>> a recommendation to implementors "if you feel strong
>> enough about checking this type of dangerous FFI call,
>> then here is how you should do it".