On Tuesday, December 18, 2018 8:00:48 AM MST Steven Schveighoffer via Digitalmars-d-announce wrote: > On 12/17/18 4:42 AM, Dukc wrote: > > On Monday, 17 December 2018 at 09:41:01 UTC, Dukc wrote: > >> On Saturday, 15 December 2018 at 19:53:06 UTC, Atila Neves wrote: > >>> @safe and pure though... > >> > >> Why @safe? Can't you just write "@safe:" on top and switch to > >> @system/@trusted as needed? > > > > Argh, I forgot that you are not supposed to @safe templates away. > > You can apply @safe to anything. It's @trusted you have to be careful > with. > > Of course, it probably won't work for many templates.
@safe should only be used on a template if the @safety of the code does not depend on the template arguments, and it frequently does depend on them. Mass-applying attributes should rarely be done with templated code. It already causes enough problems with non-templated code, because it's easy to not realize that an attribute has been mass-applied, but without a way to explicitly mark a templated function so that an attribute is inferred in spite of it being mass-applied, mass-applying attributes with templated code will usually result in attributes being wrongly applied. Now, for any attribute other than @trusted, the worst that you're going to get out of incorrectly applying an attribute to a template is a compilation error when a particular instantiation doesn't work with that attribute, whereas for @trusted it's a disaster in the making. Mass-applying @trusted is almost always a terrible idea. The one exception would maybe be something like the bindings in druntime, where a number of modules do it, because it's just a bunch of C prototypes. But even then, there's a high risk of marking a function as @trusted later when someone adds it and doesn't realize that @trusted was applied. - Jonathan M Davis
