►
From YouTube: GitHub Quick Reviews
Description
00:00:00 - Needs Work: Mark Windows-specific APIs https://github.com/dotnet/designs/pull/138
01:42:25 - Approved: Add static hash helper methods https://github.com/dotnet/runtime/issues/17590#issuecomment-656829666
01:42:35 - Approved: Expose a ValueRef property on LinkedListNode(T) https://github.com/dotnet/runtime/issues/37681#issuecomment-656831777
01:46:48 - Approved: Make IncrementalHash.CreateHMAC ReadOnlySpan(byte) key public https://github.com/dotnet/runtime/issues/35869#issuecomment-656833490
A
Let's
do
this
alright,
so
I
wrote
this
proposal
last
night,
so
it's
effectively
something
we
talked
about
before,
which
is
we
have
these
new
fancy
attributes
that
allow
us
to
mark
api's
as
being
platform-specific,
so
what
I
did
is
I
used
the
the
data
file
that
we
used
for
the
platform,
compat
analyzer
that
we
shipped
a
few
years
ago
as
a
starting
point,
and
so
what
I
did?
Is
they
basically
just
intersected
dad
with
the
assembly
information
from
dotnet,
core
and
I?
A
Basically,
just
first
started
with
a
bunch
of
assemblies
that
I
think
should
be
just
marked
wholesale
as
being
window
specific,
as
opposed
to
putting
attributes
on
specific
types.
I
would
put
them
on
just
the
entire
assembly,
which
makes
it
a
bit
easier
for
us
to
reason
about,
and
then
the
other
thing
I
thought
about
was
okay.
What
version
annotation?
Are
we
actually
going
to
use
because
you
know
fundamentally,
what
you
would
normally
do?
A
Is
you
would
say:
okay,
I
call
in
a
West
Pacific
API,
which
means
you
know
my
feature
that
uses
this
API
is
only
available
when
the
underlying
API
is
available,
and
you
know
for
witness
that
would
mean
we
would
hunt
down
the
P
invokes.
You
would
find
the
Windows
version
that
introduced
set.
P
invoke
and
I
would
just
basically
forward
that
information
inside
the
attribute,
since
Donnan
core
doesn't
support
anything
lower
than
Windows
seven
and
pretty
much
everything
that
we
use
was
introduced
before
Windows
7
or
in
Windows
7.
A
In
other
words,
we
don't
have
any
usage
really
of
api's
that
are
newer
than
that.
I
would
just
suggest.
We
just
use
Windows
7
instead
of
hunting
down
the
version
number,
because
it
basically
does
the
same
thing
for
us,
and
so
basically
what
I
want
to
do
in
this
meeting
is
I
want
to
review
effectively
the
assemblies
that
I
proposed.
We
are
marking
and
also
some
of
the
types
and
methods
that
I
am
proposing,
marking
any
questions
so
far.
I.
B
Just
have
a
general
comment
on
the
windows.
7
thing
I
realized
that
Windows
7
is
the
only
thing
still
in
support
and
I
realize
that
dotnet
core
in
particular
doesn't
support.
But
if
we're
defining
the
API
surface-
and
the
attribute
is
part
of
that,
then
I
think
it
would
be
better
to
formally
define
that
as
the
correct
thing.
B
A
So
I
think
my
stance
would
be
if
somebody
is
willing
to
make
port
or
runtime
to
Windows
XP,
then
they're
more
than
welcome
to
back
for
the
attributes
as
well.
I
would
not
optimized
for
the
ok
I
mean
if
somebody
wants
to
change
the
version
numbers
I'm
not
going
to
block
that
I.
Think
if
somebody
says
oh
actually,
this
was
introduced
in
I.
Don't
know
3.5
then
sure,
like
I'm
I
mean
I'm
much
I'm
not
see
I.
A
Don't
think
I
see
much
value
in
this,
because
most
of
these
API
is
are
basically
as
far
as
we
are
concerned.
You
know
available
forever
and
it's
really
more
for
things
where
the
mainstream
user
will
see
different
versions
in
practice
right
versus.
In
our
case,
we
can
pretty
much
destroy
that
ninety-nine
point:
nine,
nine,
nine,
nine,
nine,
nine,
nine
nine
nine
percent
of
our
customers
will
only
ever
see
two
in
seven
or
up
because
we
don't.
We
don't
support
anything
lower
than
that.
A
A
C
A
A
So
like
I
think
right
now
it
would
be
very
manually,
but
somebody
would
actually
have
to
go
through,
let's
say
registry
and
say
I,
recalling
any
registry
API
server.
You
know
in
version
X
or
version
X,
plus
one
right
and
like
I
mean
we
can
probably
do
this
if
you
really
cared
but
like,
as
I
said,
it
seems
I.
E
B
F
B
A
C
A
Right
so,
let's,
let's
just
go
over
the
list,
because
there's
lots
of
stuff
here
so
for
the
assemblies
so
basically
I
did
is
I
took
the
obvious
ones
that
I
knew
about
so
basically
the
registry
registry
access
control
system
events
should
be
pretty
much
uncontroversial,
I
think
event,
lock
has
also
Windows
only
because
it's
tied
to
the
Windows
Event
log
mechanism.
So
a
perf
concert.
D
A
A
C
D
D
A
We
wait
until
github.
Finally,
when
is
this
thing:
okay,
yeah
somebody
was
asking:
why
did
I
check
in
the
excel
file?
Funny
yours,
because
I
just
had
the
same
problem
for
magnets
and
a
blog
post,
where
I
did
not
check
in
my
previous
excel
file
and
when
I
come
back
six
months
later,
it's
nice!
If
I,
have
the
analysis
still
for
this,
and
this
is
the
design
sweeper,
so
I
personally
don't
care,
but
if
somebody
feels
strongly
about
it,
I
don't
have
to
check
it
in
there.
A
A
D
A
A
A
C
C
A
A
E
A
C
A
D
C
F
A
So
let
me
quickly
talk
about
this,
because
that's
the
other
thing
we
just
brought
up
with
blaze
or
the
other
day,
so
pretty
in
principle.
The
way
the
attributes
work
right
now
they
assume
that
if
something
isn't
marked
it's
cross-platform
and
if
something
is
marked,
then
it's
only
supporting
the
ones
that
are
being
marked
right.
A
So
because
that's
why
I
said
earlier,
this
is
only
really
meant
for
things
that
are
clearly
platform,
specific
things
that
are
partially
portable,
like
reflection
amid
or
something
else
that
is
portable
too
many
operating
systems
that
doesn't
really
work
super
nicely
with
these
attributes,
because
then
the
the
set
of
attributes
or
the
set
of
checks
that
we
expect
the
caller
to
do
would
vary
over
time.
Right
versus
registry
will
always
have
the
same
check.
A
So
this
the
check
itself
is
stable
right
as
soon
as
you
promote
fragile
checks,
where
you
have
to
compare
for
this
operating
system
or
that
operating
system
on
that
operating
system,
you're,
basically
back
to
where
the
problems
were
with
brows,
that
checks
in
JavaScript
right,
because
it's
a
moving
base.
Basically
this.
A
A
That's
what
I'm
saying
so
like
basically
for
Blaser,
where
we
are
talking
about
doing
that,
because
you
really
want
to
execute,
not
include
the
challenge
with
that
is,
though,
that
it's
still
somewhat
unclear
what
the
check
would
be.
We
would
basically
just
have
a
you
know
if
not
this
operating
system
check,
which
would
probably
work
reasonably
well.
We
don't
have
that
yet
so,
like
that,
that's
why?
For
and
also
the
nice
thing
is,
this
is
really
an
analyzer
realistically.
A
So
it
would
be
something
that
we
can
do
effectively
every
time
the
SDK
ships
we
can
update
their
analyzer.
So
that's
something
that
we
can
do
if
we
don't
fit
it
into
five
or
we
can
do
it
post
five.
Four,
that's
why
I'm
focusing
here
on
the
windows
only
once,
because
you
know
they're,
easier
and
they're
kind
of
stable
as
well.
I
guess.
E
A
Yeah,
so
that's
so
that's
the
thing
we
talked
about
the
blazer
guys.
So
the
way
that
this
would
work
is,
you
would
save
between
five
and
six.
So
all,
let
me
say
differently
so
today
the
problem
is
we.
Yes,
we
can
up-to-date
the
kids,
often
as
we
want.
We
kind
of
the
de-reference
assembles
every
time
you
want,
because
we
don't
have
a
servicing
story
for
those
right.
The
only
way
we
can
update
them
as
when
we
ship
a
new
version
of.net,
which
basically
means
donate
$5
at
607.
A
So
the
way
we
would
do
it
is,
you
would
say
similar
to
have
that
from
competitor
burger,
but
just
say
the
you
know.
Until
we
can
actually
physically
put
an
attribute
in
the
reference
assembly
said,
we
would
ship
a
sidecar
file
for
the
analyzer.
That
just
is
a
list
of
API
as
it
knows
about,
and
then
we
would
churn
that
one
and
then
you
know
next
time
we
can
actually
bet
the
reference
the
same
miss
you
would
convert
them
into
actual
attribution
into
the
references
that
we
said.
D
C
E
A
D
A
Like
I'm
yeah
I
just
want
to
what
the
fire
drill
right
because
it
so
the
thing
is
for
for
things
like
this
one.
Here
we
now
effectively.
This
doesn't
for
this
only
works
on
sorry.
This
doesn't
work
on
Windows.
Those
things
are
easier
like
for
blaze
in
particular.
The
problem
is
that
the
set
of
API
is
they
know
about
is,
is
is
still
churning
right.
A
So,
like
my
confidence
that
we
can
just
a
note
ate
them
in
five
four,
even
if
we
said
let's,
let's
spend
resources
on
this
is
not
very
high
that
we
get
them
right
anyways.
So
that's
why
I'm
saying
to
me
they're,
getting
it
done
by
five
I
kind
of
assumed
that
we
don't
have
the
time
to
do
that.
So
no
matter
what
we
do
and
that's
why
I
don't
think,
there's
a
fire
roll,
that's
necessary,
because
we
can
do
it
later.
A
I
agree
with
you
that
the
design
should
probably
be
more
fake
than
hand-wavy,
but
given
the
experience
of
platform
compound
I
think
I
have
a
pretty
good
design
in
head.
That
will
work
for
that.
So
I'm
not
very
concerned
about
that,
but
yeah
I
can
I
can
totally
write
it
up.
This
was
my
goal
for
next
week.
Anyway,
all
right,
so
then
for
the
OpenSSL
one.
Let
me
just
record
the
fact
that
it
would
be
nice
to
have
a
negative
marker
in
there
somewhere.
F
C
Mean
it
does
also
raise
the
potential
problem
of
anything
that
has
version
it
needs
this
kind
of
version
attribute
on
a
Linux,
because
what
does
Linux
mean
in
that
case
we
certainly
or
I
assume
we
don't
want
to
paint
versions
of
every
distro
ever
then.
Maybe
the
answer
is
we
just
hope
we
don't
run
into
it.
I
guess.
A
It
depends
on
all
you
see
this
right
and
the
way
I
would
do
it
is
I
would
basically
say
we
what
we
would
annotate
those
things.
We
know
that
are
black
and
white
right,
so
we
know
for
a
fact.
This
thing
doesn't
work
on
Windows
right.
We
don't
know
the
actual
Linux
distros
red
all
works
on,
so
we
would
basically
not
flag
it
and
then
just
you
know,
potentially
get
a
runtime
error
for
those
right
and
then
basically
we
would
just
you
know,
see
who
plays
I
might
just
mark.
A
A
D
Will
just
be
the
opposite,
probably
be
this
version
or
earlier,
rather
than
this
version
or
later
yeah
yeah,
I
guess
what
I'm
really
getting
at
is
if
Windows
has
been
moving
to
a
model
where
functionality
is
acquired
via
the
store,
rather
than
via
some
particular
operating
system
version,
we
don't
want
to
box
ourselves
into
a
corner
where
I
can
go
acquire
something
like
this
from
the
store
on
an
existing
Windows
version.
That's
already
in
market
sure
that
makes
sense
right.
C
C
C
A
A
So,
as
I
said
earlier,
like
one
of
the
concerns
are
have
is
I,
don't
want
to
be
like
I,
don't
want
to
have
a
world
where
we
have
like
a
lot
of
platforms,
attribution
all
over
the
place,
so
I
still
want
to
have
a
kind
of
like
a
model
where
it's
like.
This
obviously
never
works
on
winner.
So
this
obviously
only
works
on
windows,
because
that's
much
easier
to
reason
about
them.
A
B
A
Like
to
be
clear,
like
I,
think
what
tena
is
asking
is
these
attributes?
Also
these
these
api's,
take
in
the
new
terminal
window.
I
think
there's
an
assumption
that
they're
more
unix-like,
because
they
support
the
NZ
escapes
but
I
still
think
as
a
bunch
of
API
is
like,
for
example,
buffer
manipulation
and
with
no
manipulation
that
doesn't
have
an
NC
escape
sequence
equivalent.
So
there's
no
way
to
make
them
work
on
pure
UNIX.
A
C
A
Alright,
so
there
gets
ten
console
when
people
are
fine
with
that,
but
this
time
here
the
both
methods
are
marked.
The
type
doesn't
do
much
else,
so
I'm
almost
inclined
to
just
mark
the
entire
type,
which
is
kind
of
the
way
I
would
think
about
that
like.
If
they
see
the
work
host
methods
of
a
type
don't
work,
it
would
mark
the
type
seems
fine,
like
this
little
value
and
being
able
to
instantiate
a
type.
Then
it
can't
actually
do
any
very
useful
work.
I
mean.
C
We
have
the
same
problem
if
if,
in
fact,
I
think
it
is
polymorphic
and
if
the
encrypt
and
decrypt
are
overrides,
then
really
the
thing
that
you
want
to
flag
is
the
person
who
said
new
of
your
you're
building
a
thing:
that's
that's
going
to
blow
up
somewhere
else
granted
the
fact.
If
you
return
one,
you
have
no
idea
if
the
caller
is
going
to
be
expecting
it
or
not,
but
it
gives
you
the
the
warning
of
like
you
thought
you
were
doing
something
with
platforms,
and
this
isn't
gonna
do
what
you
want.
That's.
A
A
good
point:
polymorphic
things
might
actually
not
work
today.
For
that
reason
right,
because
both
I
think
the
call
set
is
through
the
base
type
usually
and
yeah
wasn't
probably
doesn't
help
with
that
I
mean
we've
data
flow
you
should
you
should
be
able
to
tell
that
it's
the
other
instance,
but
there
would
be
extra
work.
C
A
Like
I
was
just
thinking
even
the
naive
kolevatov
rx
equals
new
DP
API,
protect
the
configuration
provide,
and
then
you
say,
X
dot,
decrypt
I.
Think
when
you
look
at
the
call
sort
of
extra
decrypt
I
think
because
the
wave
c-sharp
works
I
think
it
would
see
through
the
if
it's
a
polymorphic
function
through
the
base
type,
normally
I.
Don't
think
it
will
tell
you
that
this
is
from
the
DP
API,
protect
the
configuration
provider
and
then.
A
So
like
within
the
I
think
within
the
method,
you
would
be
able
to
use
data
flow
for
this
buddy
across
across
method
boundaries.
You're
kind
of
out
of
luck-
I
mean
they
have
this
but
like
I,
would
not
use
it
because
it's
extremely
expensive
to
run
and,
as
you
said,
I
think
in
those
cases
we're
just
better
off
just
saying
sorry,
the
constructor
itself
is
perform
specific,
so
you
don't
get
to
new
it
up.
A
Yeah,
so
this
is
getting
into
this
territory,
where
we
don't
have
a
good
way
to
describe
this
with
an
attribution
when
certain
combinations
of
parameters
will
throw.
So
my
personal
opinion
is,
if
that's
the
case,
we
should
not
put
an
attribute,
and
we
can
then
decide
whether
we
have
a
dedicated
analyzer
that
detects
these
particular
combinations
of
parameters
or
whether
we
don't
and
I
would
drive
that.
Basically,
by
on
how
popular
is
the
API,
is
it
actually
worth
it.
D
But
I
mean
these:
if
you're
passing
in
like
a
literal
period
or
something
to
refer
to
the
local
machine,
why
not
just
call
the
overload
that
doesn't
take
it
because
sometimes
you're
not
passing
a
literal,
it's
passed
in
as
a
variable
from
somewhere
up
higher
and
set
it.
You
know
earlier
in
your
program
sure,
but
at
that
point
now
you
actually
want
to
be
aware
of
the
fact
this
API
might
not
work.
D
D
D
A
I
think
I
think
to
Levis
appointment.
You
could
imagine
a
world
where
we
have
basically
dedicated
api's
for
that,
but
my
concern
with
that
is
that
it's
very
noisy
right,
because
if
these
API
is
exists,
which
is
against
the
case,
maybe
father
existence
would
be
I.
Believe,
like
these
things
are
super
widely
used
right
and
then
you
basically
have
on
of
false
positives.
A
You
ask
everybody
to
change
their
code,
in
which
point
the
analyzer
also
loses
its
value
when
it
just
flex
too
much
aggressively
right,
so
I
think
in
those
cases
we
are
better
off
just
saying:
well,
let's
just
not
have
the
attribute
instead
of
a
dedicated
analyzer.
That
can
basically
say
sorry,
you
put
you
I,
think
you're
passing
a
normal
string
here
that
won't
work,
but
and
but
the
problem
with
that
is
these
arcane
or
handwritten
analyzers
for
every
single
case
right,
unless
we
find
a
way
to
formalize
it,
which
might
be
very
hard.
A
Yeah
I
mean
I
would
opt
for
being
conservative
here,
like
I
mean
that's
the
general
stands.
We
take
analyzers,
it's
just
reducing
numbers
of
false
positives,
even
if
that
means
you're,
risking
false
negatives,
because
I
mean
we
live
in
a
world
right
now,
where
basically
only
have
false
negatives.
So
if
we
can
reduce
the
number
of
false
negatives,
that's
still
a
huge
win.
But
if
we
draw
on
everybody
in
warnings,
then
we're
not
maybe
not
helping
anybody.
A
A
D
He
had
annotated
some
inu
values
rather
than
you
know,
a
whole
type
or
the
method
that
take
those
new
values
and
that
actually
works
well
for
us-
and
there
are
these
situations
like
I,
talked
about
this
later
in
the
doc
like
on
socket.
There
are
several
api's
that
you
know
only
work.
If
specific
I
only
work
on
Linux,
it's
a
specific
value
was
passed
in,
but
as
long
as,
if
we
annotate
the
enum
values
that
don't
work
instead
of
the
method,
then
we
can
probably
still
catch
99%
of
the
misuse
right.
D
A
A
D
A
A
A
A
D
B
A
C
D
Mean,
though,
maybe
maybe
the
analyzer
in
this,
this
gets
beyond
the
current
design,
but
you
know:
we've
talked
about
confidence
levels
for
analyzers
in
the
past,
you're
like
being
able
to
have
some
the
warning
and
some
things
be
an
ID
suggestion,
or
some
things
be
about
warning,
but
like
at
a
I'm,
only
25
percent
sure
this
you
know,
don't
trust
me
on
it.
Maybe
we
need
something
like
that
in
some
of
these
cases.
D
A
We
already
have
that
today
in
many
cases,
but
the
problem
is
that
the
dogs
are
us
or
not
actually
always
up
to
date
or
not
always
read,
and
it's
actually
kind
of
hard
to
do
that.
But
I
was
thinking
of
in
the
past
was
saying.
Instead
of
generating
a
warning,
we
basically
just
changed
the
colorization
of
the
identifier
that
the
ID
displays,
which
kind
of
maybe
make
it
orange,
or
something
to
indicate
that
there
might
be
an
issue
here,
but
we're
not
causing
a
lot
of
noise
that
one
we
haven't
really
explored
any
further.
A
But
like
the
problem
of
any
sort
of
like
warning
or
a
suggestion,
is
that
I'm
really
concerned
you
just
ground
the
people
when
in
actuality
what
you
really
want
is
when
somebody
writes
code,
you
want
them
to
consider
the
impact
that
they
have
from
their
cross
platform
thing
right
as
they're
writing
it
once
they
once
they've
written
it
once
it's
tested.
The
video
also
goes
down.
A
A
C
A
C
D
C
A
E
C
D
C
A
Because
I
think
I
so
I
know
I,
don't
think
so
because
I
added
definitely
we
did
it
on
a
Senate
push.
I
ran
it
again
because
we
I
remember
now
that
we
added
the
comp
at
pack,
which
was
also
new
tool,
time
frame
and
that's
where
a
lot
of
the
window
specific
things
came
in
to
begin
with,
so
it
might
have
been
actually
too
old,
I
might
have
not
been
too
much.
I
mean
yeah,
I
think
it
was
probably
too
or
not
the
moment.
Yeah.
A
D
F
A
C
I
don't
know
if
we
can
special
case
equality
and
switch
statements
and
because
those
are
equality
but
I'm
just
pointing
out
that
would
be.
The
concern
is
where
somebody's
using
it
as
a
their
probation,
Garden
yeah
that
they're
using
it
as
a
guard
instead
of
they're
using
it
as
an
input
value.
That's
fair
I
mean.
A
Let
me
think
about
this
for
a
moment,
I
think
we
can
probably
special
case
that
the
inlaws
it
would
be
my
guess,
because
the
thing
is
we
know,
of
course,
what
you
do
with
the
value.
So,
if
I
think
for
an
enum,
probably
the
the
most
useful
thing
to
do
is
block
assignments,
and
everything
else
is
probably
fine
right.
A
C
C
If
now,
if
you
only
use
it
in
the
guard,
I'm
not
gonna,
warn
you,
but
if
you
passed
it
as
something
else
now,
I
have
to
warn
you
that,
like
some
paths
may
be
weird
so
I'm,
just
this
one
I
think
is
gonna,
be
the
biggest
source
of
us
introducing
noise,
and
it
may
be
that
we
keep
refining
it
over
time
but
I'm
bringing
it
to
to
consciousness
right
now.
That's
good!
My
guess
is.
It
won't
be
too
bad
because.
D
C
Lot
likely
a
bug
hard,
but
yeah
yeah
well,
I
can
see
you
assigned
a
local
and
you're
using
that
in
an
if
later
you
didn't
pass
it
as
an
input
parameter
to
something,
and
so
it's
like
well,
it's
not
all
assignments
are
bad.
It's
non-local
assignments
are
bad,
but
then
we
need
to
paint
the
local
as
a
as
a
bad
value
itself.
So
that's
the
complex
flow
things,
and
maybe
we
don't
need
that
and
wave
one,
but
I
mean.
A
What's
also
worthwhile
is
just
actually
seeing
what
happens
when
we
turn
it
on
right,
I
mean
like
I
would
not
be
shocked
with
the
vast
majority
of
usages
is
just
in
passing
being
passed
around
and
then,
if
the,
if
check
is
extremely
low,
then
also
suppressing
it
locally
is
fine
too,
in
my
opinion
like
if
it's.
C
Just
making
sure
that
we're
thinking
about
all
the
potential
problem,
spaces
and
but
I
yeah.
So
as
long
as
we
have
considered
it,
and
especially
there's
the
wonderful
annotate,
these
things
run
the
analyzer
and
see
how
many
warnings
we
get.
And
then
that
tells
us
what
things
we
forgot
to
consider.
Yeah.
A
A
Mean
I
think
right
now,
the
way
the
analyzer
works,
anyways
I,
think
I'm
not
sure
how
much
money
generalized
it
out,
but
I
believe
last
I
checked
there
was
to
punt.
There
was
still
plumbing
the
flow
analysis
to
the
generic
framework
through
anyway,
which
means
it
does
flow
analysis
for
data
as
well,
so
I
think
at
the
time
we
run.
We
can
basically
ask
flow
analysis
for
data
as
well,
so
it
wouldn't
make
it
more
expensive.
C
A
E
A
E
D
E
D
I
think
it's
a
I
think
it's
a
sliding
scale
here
we
start
by
adding
it
to
the
EMU
member.
We
see
you
know
either
by
observation
about
running
the
analyzer
report
ever
code
based
we
have
available
to
us
how
much
noise
there
is
and
we
start
adding
special
cases.
For
you
know
we
only
flag,
it's
an
assignment
or
an
argument
and
then
the
only
flag,
if
it's
blah
blah
blah
I
mean
add
in
the
data
flow
analysis,
and
you
know
we
kind
of
go
down
the
rabbit
hole
right.
A
Okay,
I
can
think
right
now,
like
we're
shouldn't.
Do
anything
basically
like,
depending
on
how
the
thing
is
written
I
believe
she
already
will
find
new
members
anyway,
because
it
just
appears
effectively.
You
know,
field
reads
right,
static
field,
weeds,
and
so
they
should
effectively
show
up
as
anything
else.
A
D
F
C
I,
thank
you
Jeff,
that
what
we
have
is
the
iterative
plan
of
step
one
is
we
don't
special
case
anything.
So
it's
talking
about
the
Cena
member
is
a
warning,
and
then
we
say:
okay,
we
identify
a
class
which
is
it's
in
a
it's
being
used
in
a
in
equality
or
a
quality
check.
Let's
ignore
that
one,
because
that's
a
that's
a
guard
and
then
and
then
we
keep
finding
places
of
it's
not
inappropriate
to
use
this
enum
member
and
and
then
we
suppress
the
warnings
in
those
cases.
D
E
A
Right
so
then
that's
cool
further,
so
port,
so
yeah
so
I
said,
should
be
marked
this
entire
thing,
because
the
list
of
API
is
were
very
high,
but
I
also
remember
that
we
made
part
of
it
available.
Cross-Platform,
like
is
that,
like
it's
the
data
here
outdated?
Or
is
it
really
so
that
most
of
the
things
don't
work?
C
A
E
A
That
is
a
bold
assumption,
and
this
it's
unless
it's,
what
does
it
fire
I'm.
A
F
A
C
A
I
can,
which
is
probably
the
easiest
thing
to
do,
and
it's
use
it
as
a
starting
point.
The
tricky
thing
usually
is
to
find
the
right
implementation
right.
So
what
I
did
for
the
platform?
I
just
downloaded
the
the
run
time
and
didn't
run
it
over
the
run
time
and
then
found
public
entry
points
in
the
run
time
but
like
in
when
you
get
packages,
it's
harder,
because
you
have
to
basically
pick
the
correct
binary
which
right.
C
A
No
because
it
like
so
I
need
to
know
I'm
not
just
naively
checking
the
route,
because
that
would
not
find
almost
anything
in
the
PCL.
What
I
did
is
I
said
up
to
five
levels,
deep,
which
also
is
one
of
the
reasons
why
I
have
lots
of
false
positives,
because
if
you
do
that
well,
there's
a
lot
of
code
now
between
you
and
the
platform
or
supported
exception.
So
there
might
be
a
lot
of
conditions
under
which
it
throws,
rather
than
it
doesn't
work
at
all
right.
A
A
C
D
C
D
D
A
A
A
D
G
A
D
D
A
C
A
C
So
CSP
key
container
info
and
CSP
parameters
marking
both
of
those
will
cover
the
one
like
that'll,
then
make
them
it'll
bubble
up
to
the
appropriate
constructors
and
properties
on
the
RSA
and
DSA
crypto
service
provider
types
and
then
crypt
derive
K
is
correct
and
import
CSP
love
is
correct.
I
think.
A
C
C
C
A
C
The
property
or
add
the
attribute
so
get
CSP
key
container
info
on
both
RSA
and
DSA
CSP.
It
should
be
Windows
only
the
whole
return
type
from
that
should
be
Windows
only
instead
of
the
properties
individually,
and
then
you
marked
on
an
RSA
crypto
service
provider,
the
two
constructors
that
take
a
CSP
parameters.
Those
are
both
good.
You
I
think
probably
missed
an
equivalent
one
on
DSA
crypto
service
provider,
but
we
should
just
mark
the
whole
CSP
parameters
type
as
platform-specific.
C
A
C
Feel
like
there
should
be
a
second
hit
of
that,
but
maybe
it's
in
a
different
assembly.
It
got
complicated,
Lee
moved
for
layering
for
net
core
before
we
tried
completely
removing
it
because
it
was
not
gonna
work
on
non
windows,
so
it
got
duplicated
in
the
last
there
right
as
we
were
starting
the
project
before
I
join
the
team.
A
F
D
A
A
D
C
C
A
Let
me
do
this.
Let
me
just
go
run
the
tool
again,
because
I
think
we
were
good
people
back.
Then
we
added
a
manual
inclusion
list
and
a
manual
exclusion
list,
so
we
should
not
like.
If
I
run
it
again,
we
should
be
able
to
still
subtract
and
add
the
ones
we've
did
manually
and
then
everything
that
is
net
new.
We
can
then
review.
D
A
A
Fair
enough
yeah,
alright,
I
will
just
run
this
thing
again
and
then
see
what
falls
out
anything
else.
So
the
only
other
thing
that
I've
heard
as
far
as
Merkle's
here
is
the
exclusion
addition
to
the
spec,
which
I
will
probably
drive
more
from
a
move
from
a
blazer
standpoint,
and
then
the
other
part
was
the
analyzer
on
enums.
D
A
A
So
the
the
way
we
thought
about
this
in
a
better
context
is
so
so
blazer
has
two
problems.
One
of
them
is
it's
really
cross-cutting
concerns
that
that
don't
work
in
laser
that
are
like
not
really
platform-specific
at
all
and
then
there's
the
other
problem
that
it's
very
widely
used.
Api's,
where,
like
file,
I/o
networking,
you
know
threading,
so
I,
don't
think
it's
desirable
to
say.
A
We
need
to
file
new
class
library
that
we
suddenly
warn
you
for
everything
that
might
not
work
on
blazer,
because
the
vast
majority
of
class
libraries
don't
care
whether
they
would
work
in
blazer
right
because
basis.
This
somewhat
narrow
scenario
for
the
net
developers
right
versus
not
running
on
Mac
or
not
running
on
Linux,
you
could
argue
all
they're
kind
of
the
same
computer,
so
you
probably
should
be
optimizing
for
that,
but
it
is
a
very
new
environment,
like
you
know,
an
Apple
watch,
for
example.
That
is
super
crunch
constrained
as
well.
A
A
You
have
to
opt
into
that
because
otherwise
we
just
draw
on
people
and
warnings
again
for
platforms
in,
but
if
they
may
never
care
about-
and
you
know
if
the
scenario
really
is-
that
the
vast
majority
of
new
class
libraries
will
not
target
this
environment,
then
you
know
we
should
have
a
way
to
opt
these
things
in
manually
or
opt
out
manually
or
whatever
the
process
for
that
is,
and
they
will
probably
also
publish
to
the
context.
Sorry,
no.
D
D
A
D
F
D
F
C
A
So
that's
the
ball
movement
standard
right
like
so
that's
why
originally
the
the
analyzer
was
very
heavily
designed
to
be
out
of
pan,
because
the
assumption
was
we
can
never
annotate
that
standard
after
the
fact
right,
but
now
that
we
converged
and
a
lot
at
5:00
timeframe,
I
think
we
can
just
assume
that
we
can
touch
the
reference
assemblies
in
general
right.
But
it's
yeah,
it's
more
like
a
servicing
problem,
I
just
like!
A
Well,
we
can't
serve
as
the
existing
ones,
so
you
only
get
them
the
next
time
you
get
to
ref
the
assembly
set,
which
is
done
at
5:00
done
at
6:00
kind
of
thing
right
and
so
I
think
for
the
for
the
basis
scenario
like
I
will
formalize
the
you
know,
sidecar
information,
somehow
in
the
SDK
and
I
think
we
can
decide
that
we
generalize
this
for
observation
as
well.
If
we
really
cared
enough
but
I
think
it's
totally
fine
to
say
be
I'm.
Sorry,
like
you
know,
we
will
do
it
and
done
at
6:00.
A
If
you
forget
something
about
at
5:00
like
it's,
not
terrible,
it's
terrible
for
blazer,
because
there's
lots
of
stuff
that
doesn't
work
on
blazer
and
people
who
want
to
build
blazer
apps,
don't
want
to
have
land
mines
everywhere,
but
I
think
for
for
esoteric
api's
Devi
decided
to
make
go
everywhere.
You
know
that
we
will
not
have
that
many
on
them
right
and
so
I
think
we
can
probably
scan
for
them
relatively
straightforwardly
and.
D
C
A
I
think
four
yeah
they
do
is
no
masking
is
because
then
I
can.
Actually.
You
know
check
that
my
tool
finds
them.
I
guess
it'll
it'll,
lift
through
OPN
is
easy.
It's
easy.
If
they
literally
do.
If
it's
an
internal
runtime
callin
death
throes.
Somehow,
then
we
out
of
luck
but
like
abdomens,
published
Wilson
managed
code
would
be
my
guess.
A
C
B
A
So
one
thing
I
was
thinking
about
this
is
another
spec
I
wrote,
which
is
in
the
design
sleep
when
anybody
cares,
which
is
capability,
API
checks,
where
the
assumptions
are
a
good
example
here
would
be
reflection
amid
and
also
the
intrinsic
swear
you
expected
to
check.
You
know
a
thought
is
supported
property
somewhere
and
have
any
analyzer.
They
were
able
to
do
that.
A
The
challenge
with
these
analyzers
is
that
because
the
api's
are
in
open-ended
said,
it's
been
hard
to
formalize
this,
but
I
think
I
have
a
mechanism
that
that
could
work
in
those
cases,
and
so
we
could
imagine
a
case
where
we
would
basically
have
an
attribute
that
you
apply
on
a
on
something
that
says
well.
This
is
specific.
C
A
I
wouldn't
want
like
so
to
be
clear,
like
I,
don't
think
what
we
should
do
is
we
should
not
formalize
rids
or
architecture
similar
to
as
platforms
I
would
just
say.
We
have
OSS
because
they're
super
common
and
then
we
have
effectively
capability
checks
and
that's
for
everything
else,
because
I
mean,
for
example,
we
know
ref
admit
you
don't
want
to
really
have
people
saying
for
like.
Oh,
you
know,
there's
like
three
different
things.
You
can
check
for
right
and
it
doesn't
seem
worth
it.
C
A
A
I
mean
if
you
call
an
OS
platform
API,
we
can
probably
check
those
so
I
think
it
would
not
be
unreasonable
for
us
to
find,
pin
box
to
Windows
and
and
then
tell
you
that
all
you
calling
a
windows
API,
because
we
know
about
it
and
even
suggest
the
correct
attribution,
because
we
know
what
version
they
were
introduced
in
right.
So
that
wouldn't
be
unreasonable.
But,
like
I,
think
that
would
be
some
non-trivial
amount
of
work
for
us
to
actually
do
that.
Yep.
F
A
E
E
C
C
A
E
A
C
A
I
mean
it,
it
seems
fine
I,
don't
think
I
mean.
If
somebody
has
an
aesthetic
issue
with
it,
then
that's
unfortunate
but
I
think
that's
it.
Let's
see,
I
mean
if
we
really
cared
what
people
see
in
the
debugger
write
it.
We
can
easily
have
it.
What
is
it
deeper
debugger
display
attribute
where
you
say
you
have
a
two
debugger
display
method
and
that
one
basically
doesn't
render
Mac
doesn't
render.
Was
the
exit
Windows
Mac
OS
right
like
if
he
really
cared
enough
but
like
I.
B
A
B
E
Os
return
the
value
of
OS,
X
and,
and
then
the
way
we
were
trying
to
do
that
is
whenever
you're
calling
constructor
paestum
in
a
string,
we
would
just
coerce
the
string.
So
if
you
passed
in
the
string,
Mac
o
Mac
OS,
we
would
coerce
the
string
to
OS
X
and
what
everything
else
flow
through
thereafter
I
think
that
works
well
in
that
approach.
E
C
C
A
E
C
Right
but
but
where
did
you
get
one
of
them
that
would
be
you're,
comparing
a
literal
against,
so
we
can
make
the
equals
work,
but
I,
don't
think
that
we
need
to
care
about
the
two
strings
and
because
you
well,
you
can
have
written
Marik's
example.
Here.
Someone
somewhere
gave
you
the
OS
platform.
The
system
did
not
give
it
out
to
you.
A
E
You
know,
as
far
as
this
type
goes,
OSX
and
Mac
OS
are
different
and
then
in
the
implementation
error
in
the
is
OS
platform
and
is
OS
platform.
You
know
minute
whatever
the
minimum
earlier
I
can
have
a
lot
of
those
names
yeah
those
those
checks
would
have
to
handle
that
they're
equivalent
to
platforms
which.
A
A
A
A
E
A
I'm,
just
to
be
clear,
I
think
that's
going
to
be
a
problem,
no
matter
what
we
do
because
of
the
way
OSS
version
and
work
right.
So
another
instance
where
I
was
brought
up
was
imagine
we
want
especially
eight
different
browsers
and
wisdom,
so
you
have
know
what
Chrome
and
then
you
have
a
GM
or
whatever
we
will
call
it
right
and
then
you
have
so
does
edge.
Iam,
not
say
it's
Chrome,
probably
not
right.
A
C
A
C
E
C
B
Reason
why
you
might
want
to
know
is
because,
even
though
both
are
chrome
and
they
both
reference
line,
there
is
difference
in
what
extensions
are
exposed
in
some,
in
some
extension,
specific
api's
that
may
be
available.
It's
just
like
if
you're
writing
a
graphics,
a
graphics
engine
you're
going
to
write
against
Vulcan
or
DirectX,
but
you
might
also
want
to
expose
specific
functionality
if
you
know
you're
running
on
an
AMD
card
or
an
Nvidia
card
or
an
Intel,
and
so
you
may
want
to
query
for
expect
for
specific
extensions
beyond
that
base
level
and.
A
That's
fine
I
mean,
if
you
can
imagine
doing
this
in
various
ways.
One
of
them
is,
we
literally
have
I
mean
it's.
Maybe
a
bad
example
here
that
we
have
west
platform
entries
for
extensions.
Then
you
can
ask
for
those-
or
we
literally
just
have
a
different
way
of
doing
this,
but
I
think
the
idea
would
be
the
problem
that
we
basically
have
is
that
Wes's
get
forked
in
version
over
time.
A
Then
we
would
have
added
chrome
and
edge
later
and
then
the
person
who
writes
to
check
knows
that
edge
is
a
superset
of
chrome,
okay,
so
a
chromium
and
but
that's
kind
of
like
domain
knowledge.
At
the
point
you
write
the
code,
but
but
the
person
wrote
the
code
a
few
years
earlier,
only
knew
about
chromium.
So
that's
the
only
check
they
have
and
that's
why
it's
bad.
A
If
you
expose
an
enumeration
because
then
the
problem
is
when
we
add
new
things
to
it
now
you
have
bad
else
code
in
your
in
your
in
your
code,
but
that
person
from
two
years
ago
also
would
not
have
had
the
need
to
ask
for
an
edge
specific
extension
because
it
didn't
exist
at
the
time
he
wrote
the
code.
All
he
cared
about
was
something
that
was
in
chrome,
right
and
I.
A
Think
that's
kind
of
the
the
model
Bobby
want
to
have
this
a
bit
more
open-ended
and
a
bit
more
flexible
so
that
the
implementation
can
can
be
a
bit
more
forgiving.
But
that
doesn't
mean
that
you
can't
specifically
ask
for
specific
extensions.
I
think
that's
that's
reasonable!
It's
just
that!
We
didn't
have
the
need
yet,
but
it
would
probably
model
follow
the
same
model
me,
but
you
don't
get
to
numerate
the
extension
you
just
get
to
ask:
do
you
have
extension
X
and
that
thing
can
return
true
or
false.
E
B
C
E
Is
the
only
reason
why
I
was
thinking
having
runtime
information
to
have
a
helper
method
to
check
equivalence
between
two
platforms
was
so
that
the
analyzer
could
also
call
into
that,
and
then
this
platform
would
call
into
it
the
same
way.
But
I
don't
know
that
was
worth
making
that
a
public
API
yeah.
A
A
reason
why
it's
called
aesthetic
analysis
but
ya
know
it's
a
common
problem.
I
mean
like
that's,
that's
another
reason
why
we
wanted
some
of
this
TFM
data
to
be
more
static
and
msbuild
as
data,
so
you
can
create
for
multiple
parties,
but
like
it's
actually
hard
to
do
that
Sofi
to
this
day,
don't
have
that.
E
A
E
E
A
C
E
C
A
E
A
E
A
The
current
versioning
speed
right.
We
basically
said
that's
why
we
burn
in
the
point
Oh
in
the
end
up
end
up
in
the
project
files,
and
we
encourage
everybody
to
put
a
point
zero,
but
it
is
still
equal
to
not
have
the
point
zero
and
that
five
still
means
net
5.0,
but
also
net
10
will
mean
net
1.0,
which
is
not
useful.
E
A
C
C
C
C
Yeah,
it
was
crypto,
no
one
cared
so
yeah,
so
the
proposal
here
and
then
just
replace
all
hashes
with
hash
data
is
I.
Think
what
I
am
happiest
with
the
other
one
would
be
stateless,
hash
or
static
hash.
But
that
feels
more
like
we
put
a
word
here
because
we
have
to
I
mean
honestly,
that's
what
we're
doing,
but
I.
A
A
D
A
C
A
C
G
C
B
B
So,
basically,
for
a
linked
list:
node
we
have
an
ability
to
expose
the
under.
We
expose
the
underlying
value,
however,
there's
no
ability
to
expose
that
as
a
ref,
which
would
be
incredibly
useful,
especially
for
large
trucks,
to
avoid
a
copy.
This
is
completely
safe
to
do,
unlike
exposing
the
underlying
underlying
array
for
list
of
for
for
an
actual
list.
A
B
A
Yeah
I
mean
I
will
say,
though,
like
I'm
kind
of
Stephen,
like
that
I
would
yeah,
maybe
I'm
sceptical,
but
like
because
I
mean
you're
right
that
in
C,
both
of
us
use
linked
lists
but
like
linked
lists
in
C++
are
usually
better
perf
wise.
Then
this
one
is
there's
a
lot
of
interaction
going
on
and
I'll
be
curious
if
you're.
Actually,
you
might.
B
D
Nice
thing
about
this,
too,
is,
if
you're
allocating
a
bunch
of
these
nodes,
one
after
another,
you're
going
to
get
a
cache
locality
as
well.
Just
due
to
how
the
GC
works,
that
we
do
have
a
lot
of
data
structures
that
have
T's
as
Get
Set
properties.
I,
wonder
if
not
just
here,
but
we
should
take
a
look
through
some
of
those
other
data
structures
and
start
exposing
more
refs
throughout
the
framework.
I
looked.
B
A
D
C
C
Like
list,
it
seems
weird
because
with
lists,
if
you
got
a
ref
to
a
the
position,
5
remove,
like
a
bunch
of
things,
can
make
position
5
no
longer
part
of
the
list
or
now
part
of
a
different
concept
of
the
list.
But
this
the
node
would
have
been
removed
and
now
it's
removed
so
you're
modifying
dead
memory.
At
that
point,
which
is
fine.
B
B
C
D
A
C
A
A
C
The
array
one
handles
null
if
you've
turned
it
into
a
span
already.
That's
your
fault.
All
right
sounds
good.
That's
that
is
literally
our
answer
everywhere,
except
for
where
it
isn't
so
doing
something
other
than
that
is
the
exception
and
I
I
think
I
own
90%
of
that
special
case
code,
which
is
all
in
things
like
the
KDF
for
opening
PF
X's.