True if Goal is safe to call (i.e., cannot access dangerous
system-resources and cannot upset other parts of the Prolog
process). There are two types of facts. ISO built-ins are
declared without a module prefix. This is safe because it is not
allowed to (re-)define these primitives (i.e., give them an
unsafe implementation) and the way around
(redefine_system_predicate/1) is unsafe. The other group are
module-qualified and only match if the system infers that the
predicate is imported from the given module.
Declare the core pengine operations as safe. If we are talking
about local pengines, their safety is guaranteed by the
sandboxing done for all pengines.
To be done
- If at some point we allow for `unsafe' pengines, we must
reconsider this.