According to Rowe, Bjarne Stroustrup, the creator of the C++ language, stated that he has been working on “Profiles” [PDF] and hopes to continue doing so. “I have great respect for Bjarne, but I don't think Profiles are the right answer,” Rowe said. “In the C community, the answer is even less clear, with no real action plan.” On November 14, it was reported that Herb Sutter, the chairman of the ISO C++ Committee, has left Microsoft after 22 years and joined Citadel Securities as a technology researcher responsible for technology strategy and training. He will continue serving as the chairman of the ISO C++ committee and declared that 2024 will be a “critical year” for C++.
1. "Dangerous" C++, Slow Progress on Memory Safety
As Sutter said, 2024 is a pivotal year for C++. A significant part of the pressure comes from the U.S. government, as improving memory safety has become a national security issue. Supported by the White House, Five Eyes intelligence agencies, federal law enforcement, and the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this issue is far from unfounded. According to Google data, memory safety vulnerabilities account for around 75% of zero-day vulnerabilities, and about 70% of severe vulnerabilities in large codebases stem from such issues.
Unfortunately, as older programming languages, C and C++ frequently introduce memory safety vulnerabilities due to their reliance on manual memory management. The advantage of manual memory management is that it generally offers better performance with lower overhead, compared to languages like Python or Java that rely on garbage collection for memory management. However, manual memory management can lead to memory-related errors, such as buffer overflows and use-after-free issues.
In February this year, the White House announced that measures would need to be taken to improve memory safety in C and C++ or switch to Rust.
This sparked widespread discussion within the C and C++ communities, as both languages lack inherent memory safety, and whether memory safety can be achieved is highly debated.
One response from the C++ community was the proposal of Safe C++. Former computer science professor, product designer, and graphics expert Robin Rowe, who was a member of the C and C++ committee, mentioned the decision of Bjarne Stroustrup, the creator of C++. According to Rowe, Stroustrup has been studying “Profiles” [PDF] and intends to continue his work. “I have great respect for Bjarne, but I don’t think Profiles are the right answer,” Rowe said. “And in the C community, the answer is even less clear, with no real action plan.”
Some of the biggest memory safety vulnerabilities in C++ are inherited from C. “At the March meeting, we discussed how to improve exception handling so that C++ could have better error handling capabilities,” Rowe said. Developers in game development, embedded systems, and high-availability server development typically disable exceptions because they are non-deterministic and can cause performance issues.
What actual actions and directions is C++ taking regarding security? At a subsequent CppCon, Sutter stated that security doesn’t equal perfection, but the priority will be to address “reachable security goals,” including introducing more secure libraries in the standard library, eliminating undefined behavior related to security, and adding static security rules and dynamic security checks at compile time.
2. C++26: The Most Impactful Change Since C++11, Expected in Mid-2026
At the CppCon in September, Sutter stated, “The C++26 standard could change the way we develop software” and will be the most significant transformation of the language since C++11. The C++26 standard is expected to be completed in mid-2026, with certain features already gradually implemented in compilers such as Clang and GCC.
Sutter highlighted four key features of C++26:
Improvements to
std::execution(the standard library for asynchronous operations) to enhance concurrency and parallelism.Enhancements to type and memory safety, aiming to align with other modern, safer languages.
Reflection and code generation, marking a major shift toward compile-time programming and possibly the “most impactful feature.”
Contract features for specifying interfaces and verifying compliance, including preconditions, postconditions, and state assertions.
In his blog this week, Sutter mentioned that the previous milestone, C++11, introduced features such as auto, lambda expressions, and smart pointers, while C++26 will feature “default safety” and full support for compile-time generative libraries based on reflection.
Sutter is enthusiastic about the language: “Reflection/generation brings unlimited possibilities! Looking forward to full standardization and compiler implementation!” Some developers commented after his speech.
However, other developers expressed concerns about the increasing complexity of the language: “The language is becoming so complex. Projects like Cppfront help, but we need a new language to rise from the ashes of C++ rather than Rust.” Cppfront is an experimental compiler created by Sutter to validate new concepts.
Due to the need to maintain compatibility with legacy code, adding new language features is always easier than removing them.
3. Microsoft’s Slow Implementation of New C++ Features
Sutter previously worked on Visual C++ at Microsoft, a tool widely used in key applications such as Windows and Office.
Given Sutter’s position in the ISO committee, it is somewhat strange that Visual C++ has been slower than Clang and GCC in implementing new C++ features.
Some believe that part of the reason is that in recent years, prominent figures at Microsoft have advocated for a shift to Rust for security and reliability reasons, with Azure CTO Mark Russinovich being one of them.
4. New Approaches to Improving C++ Memory Safety
Of course, C++ is also making efforts to meet the White House's memory safety requirements, and switching to Rust is not the only solution.
This week, Rowe proposed a new approach to improving memory management called TraPC, which leverages compiler intelligence to avoid unnecessary pointer checks, improving performance. He hopes that compilers will automatically zero out out-of-bounds pointers, thereby preventing dangerous “wild pointers.”
The design philosophy of TraPC is to keep the style of C largely unchanged, but handle pointers and error management in a more transparent manner.
However, due to the slow process of the current C++ standard committee, Rowe believes that following the traditional proposal route is too time-consuming, which is why he has chosen to directly fork the C language.
Reference link: DevClass Article
