Pretty much all I know about the Pledge() approach is what I gleaned from Theo's presentation (so, not much). What seems [to me] to be missing is
instrumentation, records, analysis, and feedback.
My concern is the reliability of the overall computing system will decrease. Some programs will violate their pledge and be terminated (
hasta la vista, baby) because the software is tricky and a specific context might trigger the violation. It seems like some kind of snapshot (
black-box) of the circumstances, environment, and state of the terminated program would be needed to determine the source of the problem. Without that, developers might never get a clear view of tricky, transient problems in some programs.