Bjarne Stroustrup, creator of C++, has issued a call for the C++ community to defend the programming language, which has been shunned by cybersecurity agencies and technical experts in recent years for its memory safety shortcomings.
The problem is unsolvable. In order to make C++ memory safe, the language has to be changed so much it might as well be a new one - requiring a rewrite of existing codebases.
If what we are talking about then is a completely new C+±like language, which will take a decade or more to develop, we might as well just use Rust, which is available right now and working surprisingly well.
This is exactly what Google and others have decided to do.
C++ is not going away, due to the staggering amount of existing code. But its usage will stop growing and then start to slowly shrink.
Yeah it’s too late. Maybe if they had taken this problem seriously 20 years ago…
C++ [relies] on manual memory management
not exactly. i can’t remember the last time i
new
’d ordelete
d anything at work. not only do we have smart pointers for over a decade now, but also, most of the time, you don’t even want to be allocating stuff on the heap anyway, so raii will take care of managing your resources. memory management in c++ is explicit, but it’s mostly automaticyeah it’s not as safe as rust, but idiomatic c++ isn’t supposed to be littered with
new
anddelete
statements. that’s indication of java-like c++ code, which has been the true villain in c++ codebases for decades, imo. most shitty c++ code is java-like c++ code written by people who would rather be coding in java (or java++ aka c#)Exactly… I’ve never gotten the whole “C++ is so unsafe” thing. If you’re having trouble with manual memory management in modern C++, it’s likely because you’re doing something wrong.
There are use-cases for it, but if you’re working with something so performance critical that you can’t afford an
std::array
orunique_ptr
, you’re probably better off just writing straight C instead (except then you don’t even have references).Modern C++ has a shitload of guardrails if you care to use them, but also lets you say “fuck it, this
void*
points to a double, trust me” if you want to.
Just use Rust. Eazy Peazy. C++ will likely be still be used because it’s just not realistic for some softwares to switch to a safer programming language.
I feel like it’s just a matter of time.
Since someone managed to make an event based library in Rust, I don’t think we need to stop at it.
As long as some of the problems with the borrow checker with large code-bases can be fixed, it should be usable for pretty much every application.On the other hand, all we have done is changed the terms of “don’t make it crash” to a simpler, “don’t use
unsafe
”. That, I feel, would eventually bring up similar problems in different ways from what we have now.
On the other, other hand, until my concentration becomes so bad that I am not able to handle my memory allocations, I will not stop using C++
I will use Rust when const generics are actually useful and we get some viable alternative to variadic templates.
I know very little about C++, can you help me understand at a very basic level what variadic templates are? Is it about a template taking a varying number of generic types? If it is, then you can get something very similar in Rust by implementing a trait for tuples of various lengths.
Until chip manufacturers officially support rust, my clients will not want me to use an unofficial crate no matter how good it is.
ESP32 has official support, and others are working on it. I think it will come sooner than you and I might think
I hope that it comes sooner than later. But I cannot offer Rust to most of my customers until it is officially supported.
Of course! If you can, ask your vendor about it. If enough of their customers ask they will likely invest in it
Storm in a teacup!