https://issues.dlang.org/show_bug.cgi?id=12857
Kenji Hara <k.hara...@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords|accepts-invalid | Severity|major |enhancement --- Comment #3 from Kenji Hara <k.hara...@gmail.com> --- OK, this is not a corruption of @safe concept. The original code can be rewritten as follows: int* ptr; static void foo() @system { ptr = cast(int*)1; // stomp memory } auto func(int n) @safe { if (!ptr) ptr = new int(n); return &foo; } void main() { ... } And func cannot assume the pointer value won't be corrupted, because someone can corrupt it. But, in original code, the static variable `ptr` is declared inside the safe function. Therefore anyone cannot stomp it from outside of foo. I think that everything inside @safe function should be safe or trusted. From the point of view, declaring @system function inside @safe is much dangerous. By disallowing it, we can stop writing error-prone code. --