C++ creator rebuts White House warning

C++ creator Bjarne Stroustrup has defended the widely used programming language in response to a Biden administration report that calls on developers to use memory-safe languages and avoid using vulnerable ones such as C++ and C.

In a March 15 response to an inquiry from InfoWorld, Stroustrup pointed out strengths of C++, which was designed in 1979. “I find it surprising that the writers of those government documents seem oblivious of the strengths of contemporary C++ and the efforts to provide strong safety guarantees,” Stroustrup said. “On the other hand, they seem to have realized that a programming language is just one part of a tool chain, so that improved tools and development processes are essential.”

Safety improvement always has been a goal of C++ development efforts, Stroustrup stressed. “Improving safety has been an aim of C++ from day one and throughout its evolution. Just compare the K&R C language with the earliest C++, and the early C++ with contemporary C++. My CppCon 2023 keynote outlines that evolution,” he said. “Much quality C++ is written using techniques based on RAII (Resource Acquisition Is Initialization), containers, and resource management pointers rather than conventional C-style pointer messes.”

The White House in a report released February 26 called on developers to reduce the risk of cyber attacks by using programming languages that do not have memory safety vulnerabilities. C++ and C were cited as two examples of languages with memory safety vulnerabilities. A November 2022 cybersecurity information sheet from the US National Security Agency (NSA) cited C#, Go, Java, Python, and Rust as languages considered to be memory-safe.

Stroustrup cited a number of efforts to improve C++ safety. “There are two problems related to safety. Of the billions of lines of C++, few completely follow modern guidelines, and peoples’ notions of which aspects of safety are important differ. I and the C++ standard committee are trying to deal with that,” he said. “Profiles is a framework for specifying what guarantees a piece of code requires and enable implementations to verify them. There are documents describing that on the committee’s website—look for WG21—and more are coming. However, some of us are not in a mood to wait for the committee’s necessarily slow progress.”

Profiles, Stroustrup said, “is a framework that allows us to incrementally improve guarantees—e.g., to eliminate most range errors relatively soon—and to gradually introduce guarantees into large code bases through local static analysis and minimal run-time checks. My long-term aim for C++ is and has been for C++ to offer type and resource safety when and where needed. Maybe the current push for memory safety—a subset of the guarantees I want—will prove helpful to my efforts, which are shared by many in the C++ standards committee.”

Stroustrup previously defended the safety of C++ against the NSA, which recommended using memory-safe languages instead of C++ and C in a November 2022 bulletin.