Shouldn't pureMalloc be @system instead of @trusted?

Jonathan M Davis newsgroup.d at jmdavisprog.com
Fri Mar 16 22:33:52 UTC 2018


On Friday, March 16, 2018 22:58:13 ag0aep6g via Digitalmars-d wrote:
> On 03/16/2018 10:22 PM, Nordlöw wrote:
> > Shouldn't `pureMalloc` at
> >
> > https://dlang.org/library/core/memory/pure_malloc.html
> >
> > be @system instead of @trusted?
>
> You can only access the uninitialized memory with @system features:
> casting the pointer or slicing it. So it's safe, because you can't do
> anything unsafe with it in @safe code.

And because it's @trusted, you know that you don't have to spend time
figuring out if you're using it in an @safe way. You just have to spend the
time figuring out if you're using the result in an @safe way so that you can
mark that code with @trusted. Ultimately, I think that the question of how
@trusted is used comes down to making it so that the programmer knows which
code they need to examine to manually verify @safety - that and not marking
anything as @trusted that isn't actually @safe. But returning something that
can't be used in @safe code isn't necessary unsafe.

- Jonathan M Davis




More information about the Digitalmars-d mailing list