Bjarne Stroustrup, the father of C++, is advocating for the adoption of profiles that enforce guidelines to enhance the safety and security of the language.
Translated from:Bjarne Stroustrup on How He Sees C++ Evolving[1]
Author: David Cassel
“Bjarne Stroustrup[2] told TNS, “I want to communicate my views on the expected direction of C++ development to the broader community, especially to the members of WG21.”
This 74-year-old creator of C++ has observed the growth of the language he designed in 1985 for 40 years.
To encourage some long-desired features, last month Stroustrup published “21st Century C++[3]” in the Communications of the ACM, a 6,300-word article promising to showcase the key concepts of modern, type-safe “21st Century C++” to create a “supercharged C++. For example, in the article, Stroustrup emphasizes long-term experiments in methods such as writing safer code using guideline enforcement profiles[4]. To maintain compatibility with decades of existing C++ code, Stroustrup wrote, “We cannot change the language, but we can change how it is used…”
However, this evolution does not solely depend on him. In one chapter at the end of the article[5], Stroustrup acknowledges WG21, the standardization working group[6], and its inevitable role in the extent of changes to the language. “I am reluctant to make predictions about the future,” Stroustrup wrote, “partly because it is risky, especially since the definition of C++ is controlled by a large ISO standards committee through consensus.”
“The last time I checked, there were 527 entries on the membership list. This indicates enthusiasm, broad interest, and extensive expertise, but it is not ideal for programming language design, and the ISO rules cannot be significantly modified.”
Nevertheless, when it comes to key audiences, Stroustrup told TNS, “Some people do not understand the history and therefore miss key points, such as how guidelines and profiles align with the long-term development direction of C++.” Therefore, he is taking steps to educate them, “For this, I must demonstrate where the key features are.”
His detailed article is a good start, but it is just part of a multi-faceted effort. Ultimately, all of this could change the trajectory of the entire C++ ecosystem[7], while providing programmers with the high-performance, type-safe, and flexible language they have long desired.
And while achieving Stroustrup’s long-held goals since the 1980s…
Urgent Call to Action
Stroustrup has also communicated directly with WG21.The Register noted[8], “For the past three or four years, industry and government cybersecurity experts have been discouraging the use of C and C++, while strongly promoting languages with better memory safety.” Therefore, three days after publishing his article, Stroustrup left a formal statement with the C++ standards committee, describing it as “partly an urgent call to action in response to unprecedented and serious attacks on C++.”
“I believe WG21 needs to do something significant and to let people see it doing so. Profiles are a framework that can achieve this.”
Stroustrup’s vision is clear. He wrote in the article, “Guidelines are good and useful, but consistently following them in large codebases is essentially impossible.” What is needed is some form of enforcement mechanism that can actually mark and prevent issues like dangling pointers, range errors, and null pointer dereferences.
Fortunately, this enforcement mechanism is already provided in the form of guideline enforcement profiles[9]. A footnote provides an example of their use in Visual Studio 2019, which implemented an early version of the “Lifetime” profile[10] that checks for dangling pointers and references in C++ and other common errors in object lifetimes…
Essentially, each profile validates whether the requirements for achieving specific outcomes are met, typically at compile time. In addition to the “Lifetime” checking profile, more are planned, including a “Bounds” profile that ensures all code accessing arrays includes range-checking safety checks.
In our email interview, Stroustrup pointed out that C++ has already supported better prevention of range errors through its new span[11] class template (introduced in 2020). The “Bounds” profile simply confirms that those functions ensuring boundary safety are indeed in place.
“Most of this is standard and available today,” Stroustrup told me. There are also plans for several other profiles to help code avoid type or arithmetic errors. Stroustrup believes, “In the near future, Profiles[12] will provide a framework for enforcing various constraints.”
Hopefully, this will provide the safety guarantees that people are seeking in C++. But it is also a natural evolution of Stroustrup’s original vision for C++ from 40 years ago.
A Better Approximation
Type safety and other features have always been one of Stroustrup’s safety and performance goals[14] for C++.
“This has not changed since the earliest days,” he wrote in the article, directing readers to his 1994 book The Design and Evolution of C++[15]. However, compared to earlier versions of C++, contemporary C++ can better achieve these long-term goals, partly because the language was “designed to be evolvable,” Stroustrup wrote at the end of the article. Thus, after decades of improvements, he describes “contemporary C++,” like C++ 23 (the version released in October), as “a better approximation” of his original ideal.
He also emphasized this point in his statement urging WG21 to adopt Profiles: “As I said before, this is also an opportunity, as type safety and resource safety (including memory safety) have been key goals of C++ from the very beginning.”
“I am deeply convinced of this. Please do not be misled by my relatively calm language.”
Stroustrup’s article points out that a continuously evolving language presents a problem: “Many people’s views of C++ remain stuck in outdated perspectives.” “Today, we still see endless references to the mythical C/C++ language, often implying a view of C++ as a minor extension of C that embodies all of C’s worst aspects and the grotesque misuse of complex C++ features…” But C++ is continuing to evolve, Stroustrup emphasizes, noting that improvement work is ongoing and experimental features have already been provided, such as a general model for asynchronous computation[16] and SIMD[17].
“A serious concern is how to integrate different ideas into a coherent whole,” Stroustrup wrote. Unlike most software projects (and even much of the academic CS work), designing a language requires making decisions in a space where “not all relevant factors can be known, and where accepted results cannot be significantly changed over decades.”
In short, it is a conundrum—and it remains a known issue. “The fact that almost all language design work has failed for decades underscores the importance of this problem.”
But that does not mean C++ has stopped trying to evolve…
Significant Improvements
Profiles are not the only way to improve C++ in the 21st century. “I would also point out that modules[18] are a mechanism for more concise code and significantly reduced compile times,” Stroustrup said in our email interview.
Stroustrup’s article cites that speed “improved by 7 to 10 times” when importing compiled modules instead of using the old #include statements.
“Most people today can significantly improve their code by using the features provided in C++23,” he told me. Looking ahead, Stroustrup predicts more performance-enhancing features in the future. “In C++26, we may see improved concurrency support, static reflection, and contracts, along with many small improvements and standard library components.”
This forward-looking hope may explain why Stroustrup wants to place his call for Profiles in the larger historical context of C++. Stroustrup told me, “My article shows the direction of C++ evolution. Safety guarantees are on the way, which is not a novel idea in the context of C++, but part of long-term goals. Complete type safety and resource safety were among C++’s original goals, but pushing such a broad application area forward takes time and incremental completion.”
He recognizes that the installed codebase is extensive and that C++ “now covers a wide range of application areas. Safety guarantees must and will address those areas where C++ has already been used to deliver high-quality applications.
“Those concerned with memory safety should note that C++ is not C, and that solutions based on safer programming styles and fortified libraries have been widely deployed in C++.” I asked him whether his ACM article had an impact—though this is obviously difficult to quantify. “I am reluctant to make predictions about the future,” Stroustrup said, “but we have already seen better support for generic programming in the form of concepts[19].”
If you are looking for impactful improvements, Stroustrup points out that you can also look beyond the language itself. Currently, C++ developers can utilize a variety of tools.
“A language is not just what you find in the language specification or formal standard.”
Reference Links
<span>[1]</span> Bjarne Stroustrup on How He Sees C++ Evolving:https://thenewstack.io/bjarne-stroustrup-on-how-he-sees-c-evolving/<span>[2]</span>Bjarne Stroustrup:https://stroustrup.com/<span>[3]</span>21st Century C++:https://cacm.acm.org/blogcacm/21st-century-c/<span>[4]</span>Guideline Enforcement Profiles:https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2025/p3081r1.pdf<span>[5]</span>One chapter at the end of the article:https://cacm.acm.org/blogcacm/21st-century-c/#future<span>[6]</span>WG21, the standardization working group:https://isocpp.org/std/the-committee<span>[7]</span>The entire C++ ecosystem:https://thenewstack.io/introduction-to-c-programming-language/<span>[8]</span>The Register noted:https://www.theregister.com/2025/03/02/c_creator_calls_for_action/<span>[9]</span>Guideline Enforcement Profiles:https://cacm.acm.org/blogcacm/21st-century-c/#guide<span>[10]</span>Implemented an early version of the “Lifetime” profile:https://habr.com/en/companies/microsoft/articles/437660/<span>[11]</span>span:https://www.geeksforgeeks.org/cpp-20-std-span/<span>[12]</span>Profiles:https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2025/p3589r0.pdf<span>[13]</span>Safety Guarantees:https://thenewstack.io/secure-coding-in-c-avoid-buffer-overflows-and-memory-leaks/<span>[14]</span>Safety and Performance Goals:https://thenewstack.io/bjarne-stroustrups-plan-for-bringing-safety-to-c/<span>[15]</span>The Design and Evolution of C++:https://www.stroustrup.com/dne.html<span>[16]</span>A General Model for Asynchronous Computation:https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2024/p3109r0.html<span>[17]</span>SIMD:https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2024/p1928r9.pdf<span>[18]</span>modules:https://en.cppreference.com/w/cpp/language/modules<span>[19]</span>concepts:https://en.cppreference.com/w/cpp/language/constraints