Shouldn't `pureMalloc` at

https://dlang.org/library/core/memory/pure_malloc.html

be @system instead of @trusted?

Because it returns uninitialized memory just like

    T x = void;

does, which is not allowed in @safe code.

On 03/16/2018 10:22 PM, Nordlöw wrote:
> Shouldn't `pureMalloc` at
> 
> https://dlang.org/library/core/memory/pure_malloc.html
> 
> be @system instead of @trusted?

You can only access the uninitialized memory with @system features: casting the pointer or slicing it. So it's safe, because you can't do anything unsafe with it in @safe code.

On Friday, March 16, 2018 22:58:13 ag0aep6g via Digitalmars-d wrote:
> On 03/16/2018 10:22 PM, Nordlöw wrote:
> > Shouldn't `pureMalloc` at
> >
> > https://dlang.org/library/core/memory/pure_malloc.html
> >
> > be @system instead of @trusted?
>
> You can only access the uninitialized memory with @system features: casting the pointer or slicing it. So it's safe, because you can't do anything unsafe with it in @safe code.

And because it's @trusted, you know that you don't have to spend time figuring out if you're using it in an @safe way. You just have to spend the time figuring out if you're using the result in an @safe way so that you can mark that code with @trusted. Ultimately, I think that the question of how @trusted is used comes down to making it so that the programmer knows which code they need to examine to manually verify @safety - that and not marking anything as @trusted that isn't actually @safe. But returning something that can't be used in @safe code isn't necessary unsafe.

- Jonathan M Davis