[Issue 11176] array.ptr in @safe code

[via Digitalmars-d-bugs]

https://issues.dlang.org/show_bug.cgi?id=11176

--- Comment #15 from Jonathan M Davis <issues.dlang at jmdavisProg.com> ---
In general, we should not make something @system unless it needs to be, but
it's not like we guaranteed that the compiler wasn't conservative in what it
considered to be @safe. So, losing out on some potentially @safe operations
with ptr in order to make it more straightforward for the compiler to detect
@system uses of it and to make it easier for the programmer to understand it is
something that we can do if we deem it appropriate.

Simply marking .ptr as @system at all times would be kind of like marking & on
local variables as @system. Sure, what you're doing with the pointer could be
@safe, but it can't necessarily guarantee that what you're doing with it is
@safe. And the compiler is not going to treat stuff like

int foo;
auto result = &foo is null;

or

int foo;
int bar;
auto result = &bar - &foo;

as @safe. You're taking the address of a local variable, and it considers that
@system. Just because you're doing something @safe with the resulting pointer
does not mean that it's going to consider it @safe. That's up to you to figure
out.

So, I'm inclined to argue that .ptr should just always be considered @system
like taking the address of a local variable is always considered @sytem. It's
simple and staightforward, and if the code in question is obviously @safe to
the programmer, then it'll be easy for them to figure out that it's okay to
mark it @trusted. And we seriously reduce the risk of screwing up and allowing
operations that aren't actually @safe into @safe code.

--