On Friday, March 16, 2018 22:58:13 ag0aep6g via Digitalmars-d wrote: > On 03/16/2018 10:22 PM, Nordlöw wrote: > > Shouldn't `pureMalloc` at > > > > https://dlang.org/library/core/memory/pure_malloc.html > > > > be @system instead of @trusted? > > You can only access the uninitialized memory with @system features: > casting the pointer or slicing it. So it's safe, because you can't do > anything unsafe with it in @safe code.
And because it's @trusted, you know that you don't have to spend time figuring out if you're using it in an @safe way. You just have to spend the time figuring out if you're using the result in an @safe way so that you can mark that code with @trusted. Ultimately, I think that the question of how @trusted is used comes down to making it so that the programmer knows which code they need to examine to manually verify @safety - that and not marking anything as @trusted that isn't actually @safe. But returning something that can't be used in @safe code isn't necessary unsafe. - Jonathan M Davis
