https://issues.dlang.org/show_bug.cgi?id=11176
--- Comment #15 from Jonathan M Davis <[email protected]> --- In general, we should not make something @system unless it needs to be, but it's not like we guaranteed that the compiler wasn't conservative in what it considered to be @safe. So, losing out on some potentially @safe operations with ptr in order to make it more straightforward for the compiler to detect @system uses of it and to make it easier for the programmer to understand it is something that we can do if we deem it appropriate. Simply marking .ptr as @system at all times would be kind of like marking & on local variables as @system. Sure, what you're doing with the pointer could be @safe, but it can't necessarily guarantee that what you're doing with it is @safe. And the compiler is not going to treat stuff like int foo; auto result = &foo is null; or int foo; int bar; auto result = &bar - &foo; as @safe. You're taking the address of a local variable, and it considers that @system. Just because you're doing something @safe with the resulting pointer does not mean that it's going to consider it @safe. That's up to you to figure out. So, I'm inclined to argue that .ptr should just always be considered @system like taking the address of a local variable is always considered @sytem. It's simple and staightforward, and if the code in question is obviously @safe to the programmer, then it'll be easy for them to figure out that it's okay to mark it @trusted. And we seriously reduce the risk of screwing up and allowing operations that aren't actually @safe into @safe code. --
