Use requiredInit on keys - this simplifies error handling by providing
more compile-time guarantees through type.
Loophole: clear will leave an invalid key in memory, not
guaranteed by type - it requires an explicit action to produce, so it's
somewhat better than the current situation where by default, keys are
invalid, but it's not watertight.
something like a sink would be needed which would have to guarantee
that clear is the last use of the instance.
Use requiredInit on keys - this simplifies error handling by providing more compile-time guarantees through type.
Loophole:
clearwill leave an invalid key in memory, not guaranteed by type - it requires an explicit action to produce, so it's somewhat better than the current situation where by default, keys are invalid, but it's not watertight.something like a
sinkwould be needed which would have to guarantee thatclearis the last use of the instance.