I know the reason to mark a method as trusted from the docs:

> Trusted functions are guaranteed by the programmer to not exhibit any undefined
> behavior if called by a safe function. Generally, trusted functions should be kept
> small so that they are easier to manually verify.

> Undefined behavior happens when an illegal code construct is executed.
> Undefined behavior can include random, erratic results, crashes, faulting, etc.
> A buffer overflow is an example of undefined behavior.

So would you mark the following with @trusted? The format() function is not @safe but what is @trusted really trying to say? This method is @safe as far as i'm concerned? The arguments make format() @safe? I'm confused.

	/**
	 * Get the current timestamp for the log.
	 *
	 * Returns:
	 *     The current timestamp.
	 */
	private string getTimestamp() const
	{
		auto time = Clock.currTime();
		return format("%d/%02d/%02d %d:%02d:%02d", time.year, time.month, time.day, time.hour, time.minute, time.second);
	}

On Wednesday, 12 June 2013 at 13:09:40 UTC, Gary Willoughby wrote:
> So would you mark the following with @trusted? The format() function is not @safe but what is @trusted really trying to say? This method is @safe as far as i'm concerned? The arguments make format() @safe? I'm confused.
>
> 	/**
> 	 * Get the current timestamp for the log.
> 	 *
> 	 * Returns:
> 	 *     The current timestamp.
> 	 */
> 	private string getTimestamp() const
> 	{
> 		auto time = Clock.currTime();
> 		return format("%d/%02d/%02d %d:%02d:%02d", time.year, time.month, time.day, time.hour, time.minute, time.second);
> 	}

In this case, format std.string.format function should work under the `safe annotation.

I recently worked to make it possible.
https://github.com/D-Programming-Language/phobos/pull/1337

Kenji Hara