On Tuesday, 3 March 2015 at 20:56:50 UTC, w0rp wrote:
The key phrase is "guaranteed by the programmer." Which means that the programmer, not the compiler, is providing a guarantee that calling a @trusted function will not violate memory safety. If the programmer cannot make that guarantee, the function should be marked as @system instead. It's a mechanism which allows humans to achieve something the compiler isn't capable of achieving, at least at this point in time.
Yes, but in that case it should not be OK to wrap up "free(obj)" as @trusted, since it cannot be called safely from @safe code (as in any constellation of @safe code). So either the wording of the spec has to change or this practice goes against the spec.
