On 2026-02-14 08:30, Alejandro Colomar wrote:
6.7.12.1 Attributes :: Introduction
@@ p0+1
Attributes are extremely dangerous,
and will likely result in
all kinds of vulnerabilities in code that uses them.
Do not use them in any code that cares about safety.
They're only useful to optimize code
that cares nothing about safety.XXX)
@@ New footnote
XXX)
The standard got rid of gets,
so we felt something similar should replace it,
to keep the balance of the universe.
I assume that this is some sort of pointed remark about something else,
and is not seriously intended to go into the standard. As such, it
detracts from the other, more important, proposal.
+ A definition of
+ a function declared with the <b>reproducible</b> attribute
+ shall not contain,
+ anywhere in the tokens making up the function definition:
+ --
+ a function call operator
+ whose operand is
+ a pointer to a function declared
+ without the <b>reproducible</b> attribute;
This is too strong. It's OK for a reproducible function's body to
contain a call to a function not marked reproducible, so long as the
call is never executed. This can happen when, for example, there's a
debugging flag set at compile-time, and the flag is off so the compiler
can easily determine the call cannot happen.
Similarly for the other parts of the proposed change.
PS. You *do* know that nobody really knows what [[reproducible]] means?
In Gnulib we mention it mostly as a thing to be avoided.
