Typical security issues in C++: why the GC isn't your enemy

[areYouSureAboutThat]

On Wednesday, 14 December 2022 at 13:00:51 UTC, Siarhei Siamashka 
wrote:
>
> I guess, you probably want the @trusted parts of Phobos to be 
> annotated as @supertrusted and ignored by this switch, because 
> it's the standard library deserving special privileges? And 
> only complain about the @trusted attribute usage in your own 
> code or in third-party libraries written by plebeians ;-)

No. I do not 'trust' the standard library to be 'safe'. Why 
should I?

This is where a compiler switch would come in handy, as it could 
tell me when my @safe is calling @trusted, in the same way it 
does with @system and @nogc ....

That is, the compiler would help me discover that I might be 
relying on @trusted code somewhere down the chain, and that I 
should know about it.

As it is, I do not know unless I go examine the source code of 
Phobos.

The compiler switch could provide the assistance i need to go 
discover those parts mark as trusted.

Of course it could be optin, and as you point out, probably 
should be.

I guess I just need to work out how the compiler does it with 
@system and @nogc .. and adapt it to 'my needs', so I know 
@trusted code is being compiled into my library as well.