Biden administration seems oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees, Bjarne Stroustrup said.
C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C.
In a March 15 response to an inquiry from InfoWorld, Stroustrup pointed out strengths of C++, which was designed in 1979. "I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees," Stroustrup said. "On the other hand, they seem to have realized that a programming language is just one part of a tool chain, so that improved tools and development processes are essential."
Safety improvement always has been a goal of C++ development efforts, Stroustrup stressed. "Improving safety has been an aim of C++ from day one and throughout its evolution. Just compare the K&R C language with the earliest C++, and the early C++ with contemporary C++. My CppCon 2023 keynote outlines that evolution," he said. "Much quality C++ is written using techniques based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers rather than conventional C-style pointer messes."
The White House in a report released February 26 called on developers to reduce the risk of cyber attacks by using programming languages that do not have memory safety vulnerabilities. C++ and C were cited as two examples of languages with memory safety vulnerabilities. A November 2022 cybersecurity information sheet from the US National Security Agency (NSA) cited C#, Go, Java, Python, and Rust as languages considered to be memory-safe.
Stroustrup cited a number of efforts to improve C++ safety. "There are two problems related to safety. Of the billions of lines of C++, few completely follow modern guidelines, and peoples' notions of which aspects of safety are important differ. I and the C++ standard committee are trying to deal with that," he said. "Profiles is a framework for specifying what guarantees a piece of code requires and enable implementations to verify them. There are documents describing that on the committee's website -- look for WG21 -- and more are coming. However, some of us are not in a mood to wait for the committee's necessarily slow progress."
Profiles, Stroustrup said, "is a framework that allows us to incrementally improve guarantees -- e.g., to eliminate most range errors relatively soon -- and to gradually introduce guarantees into large code bases through local static analysis and minimal run-time checks. My long-term aim for C++ is and has been for C++ to offer type and resource safety when needed. Maybe the current push for memory safety -- a subset of the guarantees I want -- will prove helpful to my efforts, which are shared by many in the C++ standards committee."
Stroustrup previously defended the safety of C++ against the NSA, which recommended using memory-safe languages instead of C++ and C in a November 2022 bulletin.
Next read this:
Why companies are leaving the cloud 5 easy ways to run an LLM locally Coding with AI: Tips and best practices from developers Meet Zig: The modern alternative to C What is generative AI? Artificial intelligence that creates The best open source software of 2023