Does an intrinsic module have to be part of the standard?

Help
17

It seems quite reasonable one could provide an alternative ifport and inject some fake (and potentially malevolent) subroutines:

module ifport
    public
    character(len=*), parameter :: msg = "hello"
end module

program main
  use ifport   ! oops, not the Intel one
  implicit none
  print *, msg
end program

$ ifort test_ifport.f90 
$ ./a.out
 hello

One can move the mock ifport module into a separate file, but the search order for use puts the source folder on the top:

When the compiler is looking for .mod and .smod files, directories are searched in this order:

  1. In the directory of the source file that contains the USE statement
  2. In the directories specified by compiler option module path
  3. In the current working directory
  4. In the directories specified by compiler options -Idir (Linux* and macOS) or /include (Windows*)
  5. In the directories specified with environment variables CPATH or INCLUDE
  6. In the standard system directories

Addendum: Security issues of Fortran have been discussed in this thread What about security issues in Fortran?

Looking into ISO/IEC/JTC 1/SC 22/WG 23 DOCUMENT REGISTER, the document N1319 on Fortran Vulnerability states in Section 4.4

The Fortran standard defines a set of intrinsic procedures and intrinsic modules, and allows a processor to extend this set with further procedures and modules. A program that uses an intrinsic procedure or module not defined by the standard is not standard-conforming. A program that uses an entity not defined by the standard from a module defined by the standard is not standard-conforming. Use of intrinsic procedures or modules not defined by the standard should be avoided. Processors are able to detect and report the use of intrinsic procedures or modules not defined by the standard.

I must say the paragraph is confusing…

  • The first sentence implies intrinsic modules are defined by the standard.
  • The second sentence says that using an intrinsic module not defined by the standard is not standard conforming, which would imply what NAG does goes against the standard.
  • The third sentence seems reasonable, standard modules should not define anything extra.
  • The fourth sentence recommends to avoid using non-standard intrinsic procedures or modules.
  • And the last sentence states processors should be able to report when a non-standard intrinsic procedure or module is used.