Typical security issues in C++: why the GC isn't your enemy

[areYouSureAboutThat]

On Wednesday, 14 December 2022 at 11:45:02 UTC, Dukc wrote:
>
> This is really just a nice shorthand for the `@safe` main with 
> `@trusted` lambda inside. It's also a better practice, since 
> `@trusted` in a function signature is easier to spot for a code 
> reviewer than the lambda inside the function.

The point of my referencing that link, is that you cannot compile 
in unsafe code into your library in Rust without (1) the compiler 
telling you, you can't do it unless.. or (2) you do what the 
compiler tells you.

That is, you cannot unknowingly compile in unsafe code into your 
library.

In D you can, since @trusted is no different from @system. It's 
just that @safe trusts @trusted. Therefore you have no way of 
knowing your getting @trusted (unsafe) in your library, as you do 
not need to annotate anything to get it. It just gets in there 
without you ever knowing.

Put simply, I would like to know when @trusted code is being 
compiled into my library..  hence my suggestion about an 'optin' 
compiler switch that tells you just that (as it currently does 
for @system, @nogc ...