Yes, I vaguely remember ;-)
I think you misunderstood. There is nothing runtime here. It says "to statically check". This means, if the pragma is present in the scope of the foreign function definition and you make a call to the foreign function, then either of two things would happen:

- if the format string in your call is not a compile-time expression, the compiler would report that.

- if the format string in your call is a compile-time expression, the compiler would then use the rules in the pragma to identify argument specifiers, the number of required arguments and their types, then check that against the actual parameters passed and if there is a mismatch, report the mismatch.

As to the question what the consequences then are, this should be under user control. For example a compiler switch would determine whether the report should be a warning, thus being ignored, or whether it should be an error, thus preventing generating any executable code. Also, a user may want the first case to be treated as a warning but the second case to be treated as an error.


This could be

Well, perhaps for pedantic folks, there might be a compiler switch that makes the compiler even reject the call because the format string is not a compile-time expression, but that would be under the user's control and shouldn't be the default.

It is very much in the spirit of Wirthian languages to do as much as possible during compile-time to increase safety at runtime. In this respect such a feature would be within the spirit of the language.

I'd agree that it would be against the style of the language to add proper syntax for such a feature, but we are talking about an optional pragma, that is to say, a recommendation to implementors "if you feel strong enough about checking this type of dangerous FFI call, then here is how you should do it".
No, that wouldn't be the case for a couple of reasons.

First, any extensions that might be added are extremely unlikely to break existing format strings. Therefore, any existing calls that the compiler verified and cleared as a result of the pragma would continue to compile fine even after the format specifier syntax had been extended. The only impact at that point would be that if you wanted to make use of the additional format syntax in your foreign function calls, then the compiler would likely report a mismatch.

Second, the whole reason why we have been thinking about a grammar or regular expression based pragma is that it is under user control what the compiler should check for in the format string. So, if extensions are added to the format string syntax of a C function you want to call, and you would like to make use of this additional format string syntax, then you would want to update the grammar or regular expression definitions in the pragma to teach the compiler the additional syntax.

Last but not least, we have conditional compilation pragmas, so you can always do something like this:

<* IF GCC_EXTENDED_PRINTF_FMTSTR *>
PROCEDURE printf ( fmt : ARRAY OF CHAR; arglist : UNSAFEARGLIST ) <* FFI = "C" *>;
<* MSG = WARN : "*** CALLS TO C PRINTF FUNCTION ARE UNCHECKED ***" *>
<* ELSE *>
PROCEDURE printf ( fmt : ARRAY OF CHAR; arglist : UNSAFEARGLIST ) <* FFI = "C" *>
<* VARARGFMTSTR = fmt : <regexp1> = <type1>, <regexp2> = <type2>, ... *>;
<* MSG = INFO : "*** Calls to C printf function are checked ***" *>
<* ENDIF *>
We have native support for type safe variadic procedures.
No, because support for unsafe variadic parameters is limited to foreign function interfaces only.

If you want to implement a variadic procedure in Modula-2, then you have to use a type safe variadic formal parameter in the procedure header. Type safe variadic formal parameters can be used for foreign function interfaces as well, but they do not cover the printf use case, so if you want to call printf style C functions then the only way to do so is via the unsafe facility which must be imported from SYSTEM btw.

hope this clarifies