C++ Creator: The Safety of Memory-Safe Languages Like Rust is Not Superior to C++

Produced by | OSC Open Source Community (ID: oschina2013)After the National Security Agency (NSA) in the United States recommended organizations switch from C/C++ to memory-safe languages (such as C#, Rust, Go, Java, Ruby, or Swift), C++ creator Bjarne Stroustrup responded, stating that in his view, the “safe” programming languages mentioned in the NSA report are not actually superior to C++ in critical applications.Bjarne pointed out that the NSA’s judgment overlooks the advancements made in C/C++ over the past thirty years; many use cases of C++ remain stuck in the distant past, ignoring improvements, including significant enhancements in safety.

Now, if I believed that any of these “safe” languages were superior to C++ in the areas I care about, I would not consider the decline of C/C++ a bad thing, but that is not the case. Moreover, as described, “safety” is limited to memory safety, ignoring the many other ways a language can (and will) be used to violate some form of safety and security.

C++ Creator: The Safety of Memory-Safe Languages Like Rust is Not Superior to C++Bjarne stated that he has been working for decades to achieve a better, safer, and more efficient C++. In particular, his work on the C++ Core Guidelines aims to provide static guarantees of type safety and resource safety for those in need. A good static analyzer that complies with the C++ Core Guidelines can provide the necessary guarantees for C++ code safety and is much simpler than upgrading to a newer safe programming language.He criticized the NSA report for focusing solely on memory handling issues while neglecting many other programming language issues that affect project safety and reliability. He suggested using code comments and compiler options to control the inclusion of rules to ensure types and resources are handled safely. Given the potential damage to projects, he assured that the C++ community would not ignore safety issues, but focusing solely on safety issues is also not sufficient. Therefore, he plans to compile a list of issues that can be considered safety problems (including UB) and find ways to prevent these issues.Additionally, Bjarne added in a recent email communication with InfoWorld, “Too many people talk about the mythical C/C++ languages but then turn to focus on the weaknesses of C. Many of these weaknesses can be avoided in C++, often by writing more efficient code that more directly expresses the programmer’s intent.”In the email, Bjarne also shared his definition of safety: the goal is type and resource safety, meaning every object is used according to its type, with no resource leaks. For C++, this means some runtime range checks, eliminating access through dangling pointers, and avoiding misuse of casts and unions. C++ provides high-level tools such as containers, spans, range-for loops, and variants that can provide guarantees without sacrificing productivity or efficiency. Regarding the so-called safe languages cited by the NSA, Bjarne stated that all these languages are vulnerable to attacks from code that has not been statically verified. Furthermore, every system must use hardware, and effective hardware access is rarely safe.Bjarne also outlined his strategy for safely using C++:

  • Static analysis to verify that no unsafe code is executed.

  • Simplifying coding rules to make industrial-scale static analysis feasible.

  • Making such simplified code relatively easy to write and ensuring libraries perform runtime checks when necessary.

Currently, there are millions of C++ programmers and billions of lines of C++ code, with the language’s primary applications including aerospace, medical instruments, artificial intelligence/machine learning, biomedicine, and high-energy physics.Related links:

  • https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2739r0.pdf
  • https://www.infoworld.com/article/3686517/c-plus-plus-creator-bjarne-stroustrup-defends-its-safety.html

Previous recommendations

Several Senior “Open Source Giants” at Google Laid Off

With massive layoffs at major companies, which technical positions can remain unscathed?

C++ Creator: The Safety of Memory-Safe Languages Like Rust is Not Superior to C++ The Global Open Source Technology Summit GOTC 2023 will be held in April in Shanghai

Here you can find the latest open source news, software updates, technical insights, and more

Click here ↓↓↓ Remember to follow✔ and star⭐

Related posts

  1. Stop Saying Rust is Overhyped
  2. The Success of Go Also Heralds the Success of Rust
  3. Choosing Rust ORM Frameworks: A Complete Comparison Guide
  4. How To Fix And Prevent Buffered Streams Deadlock
  5. Is It Too Early to Replace C/C++ with Rust?
  6. Why Go And Rust Languages Abandon Inheritance
  7. Data Types in Python
  8. C++ Practice Today with RoboCode
  9. Rust Learning Notes – 01
  10. Rust Cured My Mental Exhaustion
  11. Representation of Basic Data Types in C++
  12. Building a Secure and Reliable Authentication Service with Rust: From Basics to Practical Implementation
  13. Reflex: A Full-Stack Framework for Creating Stunning Web Applications with Pure Python, Launch in Seconds!
  14. A Comprehensive Guide to Understanding Lambda Functions in Python
  15. Advanced Rust Programming: Writing Elegant Code
  16. In-Depth Exploration of Smart Pointers in Rust: Rc, Arc, and RefCell
  17. Understanding Makefile, Kconfig, and .config Files
  18. A New Method for Assessing Disease Severity in IBD Patients
  19. High-End Quad-Core DSP Chip ‘Hua Rui No. 1’ Ends the Pain of Domestic Radar Without ‘Core’!

Leave a Comment