Typical security issues in C++: why the GC isn't your enemy
Nick Treleaven
nick at geany.org
Thu Dec 15 18:48:56 UTC 2022
On Monday, 12 December 2022 at 14:33:21 UTC, Siarhei Siamashka
wrote:
> On Monday, 12 December 2022 at 12:53:42 UTC, Nick Treleaven
> wrote:
>> I almost never use `@safe:` because it prevents @safe
>> attribute inference.
>
> Why is this a problem?
For example, template functions that are marked @safe are often
overly restrictive. The safety can be inferred (and @safe
unittests used to ensure they are inferred @safe). Template
functions often take a type parameter that could be a type with
@system operations, or an alias parameter that could take a
@system variable or a @system delegate say. In those cases the
template function will fail to instantiate (assuming the delegate
is called). I would say @safe annotated template functions are an
anti-pattern, certainly in a public API.
This is why `@safe module foo;` would be better than `@safe:` -
it wouldn't override inference of @safe/@system. The only
downside is then you have to have a module declaration even for
simple D files.
More information about the Digitalmars-d
mailing list