O/T but a brilliant quote:

I have always wished for my computer to be as easy to use as my telephone; my wish has come true because I can no longer figure out how to use my telephone.

Bjarne Stroustrup (1950- )

Getting that speed right does indeed matter.

Rush too soon to Rust, and the world shortage of C/C++ programmers becomes total, we've still got billions of lines of code to look after for a long time to come with no one to maintain it. Draw it out too long, or take too long to add proper memory safety to C++, we'll be paying the price of not transitioning quicker.

It's almost as if there's the need for a plan. What could such a plan be?

Plan

I think it'd have to involve educators, projects, standards bodies and governments. Some sort of "date" would have to be set. Standards bodies would have to agree whether the future is Rust, or some sort of modified C++. Educators would have to start teaching C, C++ and Rust or modified C++ to degrees appropriate to where that generation of students are with respect to the "date". That is, keep teaching C/C++ before the date, start mixing in Rust or modified C++ as the data approaches and for a period aterwards (to make sure there's people comfortable with both), and then finally drop the C/C++ (unmodified) when the bulk of the work is done. Government would need to make Standards bodies and the education actually conform to the agreed plan and timescale, and nudge projects by procurement policy (i.e. an unimproved legacy OS gets banned from government services). Projects would have to commit to being ready-ish for "the date", or face becoming irrelevant.

An alternative plan - and one that a lot of C++ people seem to hope would pay off - is to somehow modified C++ to retain source code compatiiblity, whilst bringing in the safety benefits that we know other languages can readily achieve.

Reality

What actually seems to be happening is that Rust is unexpectedly good and hard to fault, is generating its own momentum (through the enthusiasm of the people using it), and everyone else is being left behind by the fast pace being set. Government is already pushing ahead with some heavyweight nudging. Which means, the C++ standards bodies and educators need to act now or be faced with a de facto Rusty future.

So yes, Bjarne Stroustrup's call for urgency is appropriate.

Thing is, it's going to be very hard to make C++ "competitive" with Rust in the "safety" stakes whilst also not totally breaking C++ source code and forcing a major re-write of source code anyway. That's a pretty narrow technical window to aim for, and a narrow window of opportunity time-wise. The odds are not in C++'s favour, I'd say.

C++'s Best Bet?

I think the thing that's probably best for C++ is to go all-in on the "safety" aspects of changes; add syntax to make it syntactically equivalent to Rust, remove old C++ syntax and all the trouble it causes, and force projects to do a lot of work if they want to use it.

That would make new C++ kind of a C++ homage to Rust. However, this could be a good thing. Rust's one weakness is that it is further removed from C/C++ syntax than is usual. Having all of Rust's tricks, whilst still resembling old fashioned C/C++ might make it a few friends.

And the nice thing is, such a language could be rapidly built as nothing more than a language translater that emitted Rust source code. This new C++ would be to Rust what TypeScript is a bit like to JavaScript; something a bit nicer, friendlier (and familiar), but totally fitting in with what's underneath.

C Dies Off

C's demise seems pretty hard to avoid, long term.

The problem with memory safe C++ is the same with C++ vs C, it will always be backwards compatible. That means that all the ugly stuff from C is still possible in C++ and hence "memory safe C++".

Isn't this the same problem Rust has ?

We write new pretty front ends in Rust or Super-Safe-C++ but they are calling 40 years of underlying library code written in C.

At least the Fortran libraries are safe

The proposal is to add compilation flags to disable memory unsafe C and older memory unsafe C++ to be left with only the newer more memory safe C++ commands and classes.

It sems a much easier way to make existing software memory safe throw it out and rewrite in another language.

Circle (the minor dialect change to the C++ LLVM compiler) by Sean Baxter's excellent research claims to have proven all the best bits of the borrow checker are possible with C++ today without substantially changing the whole language.

You can mark the security critical parts to under go this stricter checking with keyword that are in effect the opposite of rusts unsafe. This would obviously allow a suitably configured compiler to only allow 'safer' code or otherwise error.

So a path does exist that seems compatible with what exists, but the existing standards committee structure and viewpoint still has their head buried in the same. So maybe this recent announcement by Bjorne is to force them to chose a credible path. At the moment is is unclear what real world problem the profiles idea will be capable of solving or if it is enough to cover everyones needs. Is it still a talking point vapourware or is it implemented in at least one of the bug three compiler suites. So we can take it for a spin?

Its just a shame that Sean's work appears to be been self funded and has failed to see a commercial backer or see it being made available as open source available to all under existing compiler licenses.

If we're hoping to making progress with memory safety, we have to accept that at present the majority of compilation units will not be memory safe and that in future it would be unduly constraining for all memory-safe compilation units to be written in the same language.

We really need to focus on the semantics: the syntax du jour is then a matter of detail.

Stroustrup fails to see (or doesn't want to see) the simple fact that you can't retrofit C++ to become a memory safe language. A memory safe language requires a from-the-ground-up approach like Rust has been doing since day one.

He simply has to accept that C++ will one day be supplanted by Rust and other memory-safe languages but like most aging men he's trying to hold back the years and starting to look silly doing so.

I foresee the U.S. government mandating memory safe languages and microkernel operating systems for most of its critical computing tasks in the near future.

I forsee the US government doing whatever Musk says and Microsoft/Oracle/IBM choose to deliver

And they all write it with AI and the cheapest labor they can find

> Stroustrup fails to see (or doesn't want to see) the simple fact that you can't retrofit C++ to become a memory safe language. A memory safe language requires a from-the-ground-up approach like Rust has been doing since day one.

Well, Safe C++ (https://safecpp.org/draft.html) shows that you can have a C++ version of Rust, version that can be used as a migration path toward a memory safe language (IMHO this is a better alternative to Stroustrup's Profiles).

> I foresee the U.S. government mandating memory safe languages and microkernel operating systems for most of its critical computing tasks in the near future.

Uh huh. Just like the DoD mandated "ADA FOR EVERYTHING" - remember how well that worked out?

I saw all sorts of things that had Ada call C that never came back, including missile guidance software. It ticked the "written in Ada" checkbox though.

The US government currently couldn't mandate a piss up in a brewery. Maybe in four years time they can have another go, but by then C++26 will be out and the problem will be solved anyway.

Honestly, Rust simplifies a lot of things are the needlessly complex in C++. I'd rather have a non-memory safe Rust than a memory-safe C++. C++ was great for the time, but it has a lot of legacy cruft that newer languages have done away with.

I am not a young bloke. I learned C in 1991 (and was teacher's assistant too). Since then I've heards call to increase meory safety both in C and C++. And I suspect those calls were even older than that.

I read time and time again in BYTE Magazine and Dr Dobbs proposals for memory safety and garbage collection for C and C++

The standards bodies did not pick up any of those. And no compiler vendor presented a propiertary solution (but plenty of propiertary solutions for other stuff).

And now, after 34 years of innaction (from my perspective, I am sure the total innaction time is even bigger), ¿NOW they feel threatened and want the stadards bodies to pick up the pace?

Cry me a river. At least C is mildly ussefull, C++ can die in a (dumpster) fire.

¡Real Memory Safety from the ground up (instead of bolted on memory safety after the fact) for the win!

I sympathize with the C/C++ folks, I really do. Even though I've designed and implemented a couple of replacement languages (Draco and Zed). If someone is really good at something, they are likely happy with that. Any change is going to to take away from that. Those at the very top of the game will be impacted the most. Those just learning may not much care what language they use. If you know the syntax, semantics and rules of several languages, you probably aren't *really* good with any of them. "Jack of all trades, master of none." The human brain can only do so much.

So, forcing C/C++ wizards to change to another language is going to cause them a lot of pain, and reduce their productivity. So, adding rules, etc. to the language they are a wizard in is perhaps less painful for them. BUT. It *must* be enforced. Expediancy or a bit of efficiency cannot be used as an excuse to violate the new rules. And yes, management must be in agreement on this, because it will affect their plans and schedules, and *those* cannot be allowed to force rule violation.

If someone comes up with a new language that can solve the problems, I believe it should not attempt to look too much like C/C++. The reason is that the similarity can trick the experienced programmers into doing things that the new rules will prevent. => frustration. But, I believe the "style" of the new language syntax should be similar to what the programmers are used to. Changing the style of function headers, declarations, etc. shouldn't be done just because you can. There must be real advantages. For example, I really don't like the "." cascades that Rust seems to encourage - the code is ugly to my eye.

Most folks know that C/C++ declarations are awful. The "cdecl" program that translates between C syntax and English was written long ago, so the need isn't a new one. Swapping things like which side the "*" goes on makes a big difference - lots less parentheses needed.

From TFA: it's clear the issue is not just slow progress but the absence of a public narrative that can compete with the tech industry's adoration of Rust.

"Narrative" == modspeak for, "story" (which may be partial, or complete, bullshit).

We don't need PR wars adding noise to the issue.

C++ (and C, and other computer languages) are not things which need to be "defended". They're either fit for their purposes, or they are not.

The bounty of buffer overflow and unsanitized/unchecked input string vulnerabilities we're seeing these days is the fruit of decades of "economic race-to-the-bottom" managerial decisions which have reduced/eliminated proper instruction and training of programmers, demanded projects be completed in unreasonably-short time, outsourced programming to offshore companies, whose managers also have reduced/eliminated proper instruction and training of programmers, and demanded projects be completed in unreasonably-short time.

Adding poor working conditions and pay (YMMV, substantially) incentivises programmers to not give a flying fuck, so those who know they ought to put in various checks, do not, because they answer to managers whose primary concern is being able to tick the "done" box on some spreadsheet, come Friday afternoon.

> C and C++ rely on manual memory management

C++ does not rely on manual memory management.

When Rust and C++ interface with C libraries, then they all rely on manual memory management. This is where the errors creep in; Rust just hasn't been battle tested yet.