I think that the "haters" would not be inclined to listen to the author of a language that they've rejected.

@@khatharrmalkavian3306, so do I. _Inclined_ to do that isn't something they are, I'd say. Yet I have seen them in the C++ Communities commenting and posting their stuff, and even redirecting C++ Links to their stuff. So, what do we know, right?!!

@@khatharrmalkavian3306 I listen to him, but hate C++. Before 20 years, after using C++ 20 years, I quited my relationship with this language. I acknowledge Bjarne's efford. But he could design a new language to replace C++ learning from the past. He didn't and now other clever people that hate C++ gave us the Rust.

Probably they use the word "hate" wrong as a non-native english speaker, as I did before I realized that is the wrong word. Native language matters, as C++ matters for Bjarne. 😄(I used C++ for 20 years, if it matters...)

​@@khatharrmalkavian3306I know, but I think that "hate" you say comes from JavaScript engineers working one React app with Gajjillion Bytes of memory along with TailwindCSS.... Don't really see a difference between Heap allocated data and Array... No stack no heap... Just soy goodness... And when they encounter C++, since their CS fundamentals are too weak to withstand it... They "hate" it

Yeah it blows my mind that no mainstream language have embraced dependent types yet. Why not? Why not focus on getting the compiler to find as many bugs as possible at compile time. I have looked at Idris and these other languages but for me as a Haskell guy even that becomes a little bit too heavy. It is not for the faint of heart and there is a serious lack of learning material. The best language I have ever used is F#. It combines the ease of use of imperative languages with the safety and expressiveness of the FP world and the tooling is excellent. It seems that we are on the same page here with regards to compile-time checking.

@@torarinvik4920 right on. Templates are basically dependent types, but you,d have to gnarly tmp to get say some sort of types indexed on predicates or refinement types and there would be no help from the language like there is in F*, the smt aided solver helps a lot. I think its possible in a lang like c++ but youd have to squint and cock your head sideways for it to make sense. Afaik atm, a path might be encoding a sort of denotational symantics for c++ >> a DTT kernel w/ a rich effect system like F*, essentially a monad where you preserve the original program structure/meaning from the category of C++ to the category of the dtt kernel where you can do type level program verification using the same algos in well known proof assistants. At least thats were my heads at atm, the meanderings of my mind.

I'm hopeful that Herb Sutter's cpp2/cppfront will do much of this eventually, but only time will tell.

@@torarinvik4920 sadly, most languages nowadays in the mainstream still embraces the billion dollar mistake.

The quote he uses is directly from the NSA advisory. It's just the latter list where they don't mention Rust.

@@dynfoxx Still shame on Bjarne for not going with the list that includes Rust, since out of the listed Rust is the only language with guaranteed COMPILE-TIME memory safety. No other language has that.

@@cyrusolThe Language that shall not be named!

@@dynfoxx yea, he definitely made a choice which one to include from, though

"Memory safety" isn't all there is to "safety". There are many, probably infinite, logic errors that Rust, or any "Memory safe" language wont help you catch. Memory safety could be specified with the proper tools provided to the programmer, and those same tools can be used to specify higher level safety properties that no compiler or static analyzer could possibly foresee. They can also be used to specify linear logics for say GPU programming in accelerated linear algebra libraries. While a research language, ATS is trying to tackle this issue, F* is interesting as well, hopefully we'll get a "systems programming" language that provides those features to the programmer. @@cyrusol

Eh i flinch when he says "I'm an engineer not a mathematician, having sometimes almost never happen is often good enough." In particular given the talk has no solution for iterator invalidation, though it does at least acknowledge it. The worst C++ codebase bugs that took the most effort to resolve in my career were all these. The problem with an invalidation bug, besides it occurring in code that generally seems compliant on code review, is that it is "almost never" apparent, that you need millions of iterations of the software for it to become obvious, as for a number of containers, only a small number of nominal invalidation events lead to true invalidation (i.e. vector gets resized) and even after deallocation, there is still usually a valid looking ghost data behind a dangling iterator, hiding the bug some more. And there's really no accepted or published modern-C++ way to guard it that i know of. When you have a software which has networked, and soft-realtime components, it tends to become impossible to automatically instrument the software to track down these issues precisely, you need a static compile time solution. You can't accidentally produce an iterator invalidation in Rust.

As a mostly C++ guy, who has yet to learn Rust, from what I hear, I agree that modern C++ code that follows best practices is very similar to Rust. I don't see why new projects would choose C++ over Rust, since they target the same niche, but Rust does it without 50 years (including C) of baggage.

@@SianaGearz Good comment.

you should try c++, it won't force you to do anything and quite literally will liberate you

The fact that Rust exists is evidence that C++ got complacent. It might have been better to deprecate some things and break older code. Tough call though.

Core guidelines can be automatically enforced with static tools like clang-tidy that are already in use

You didn't understand the talk.

What function?

@@gblargga little bit simplified (hiding the real template definitions that parametrize the char-type and the char-traits) but enough to get the idea: std::operator>>(std::istream&, char*) has been replaced by a template std::operator>>(std::istream&, char(&)[N]) with the well-meant intent that the actual buffer size is extracted from the second reference argument - given this is actually an array. This is all fine and nice, but IMO it would have been sufficient to ADD the new function. Because eg. In the embedded world there are (proprietary) string classes with lower overhead than Standard String which may have a pointer `ptr` to `num` chars, typically encapsulated in a class, say `MyString` together with more convenience operations (like assignment and comparisons) in operator notation. This worked fine and nice since C++98 and up to C++17 and therefore the following was a perfectly safe way (ie. no risk of buffet overflow at all) to implement an input operator for `MyString`: std::istream& operator>>(std::istream& s, MyString& t) { return s >> std::setw(t.len) >> t.ptr; } With the omission of the pointer version for reading into a char array the above code doesn't compile any longer and a "clean" solution would mean you explicitly reimplement a functionality that's still there "under the hood" as since C++ 20 the replacement version will just delegate to it (as eg.in glibc++).

@@mittelwelle_531_khz That's surprising. I can see an issue with the original operator in that there's no compile-time checking that you remembered to set the length. I'd have expected at least a normal two-argument function to input n characters to a pointer. I've avoided iostreams from the beginning due to their high overhead and complexity for very simple things.

@@gblargg my point is that the overload resolution can differentiate between the two cases, especially if the new version should work as a "seamless drop-in replacement" out of the box". Of course it would not work as such if there are intermediate call levels where the original array decays into a pointer. What the "inexperienced" developer then might do is carrying the templated "reference to array" argument through all the intermediate functions causing a huge potential increase of code size, as many new template instantiations will typically be created with the sole purpose to communicate a compile time constant to an (internal helper) function which finally uses it as runtime argument anyways. Note that even the new version obeys std::setw and reads only that many characters even if the supplied array had more space. Btw. I typically use input streams in combination with std::getline into a std::string from the original stream source) which I then turn into std::stringstream from which I can parse several expected variants until one fits, exactly how it was/is also possible with sscanf in C. If you only deal with parsing simple, hunan readable text-based communication. protocols (or trivial command languages) it's usually much simpler than throwing the input against a regular expression (or even using boost::spirit::qi as replacement for good ol' lex-yacc 🙂).

Not difficult at all. For example, if the language being compiled has type safe arrays, it can compile with array checks. The language being compiled and the language of the compiler have very little to do with each other.

think: the first C compiler wasn't written in C

Indeed they did lmao

How can you consider Rust a memory safe language when Rust considers leaking memory "safe". Gee, if the C standard said that leaking was safe then none of the CVEs attributed to C would be valid, which is obviously not logical... Rust is safer, but to coin it self as completely safe they simply said in the standard that leaking is considered safe, which is basically sweeping the problem under the rug and acting like nothing happned lol. C++ doesnt get credit points for being slightly memory safer than C, either you are memory safe or you are not.

@@AlFredo-sx2yy You can not have memory leak in Rust. You can leak in other language, like C, and if you dare to integrate/link with it, yeah, you wrap it in unsafe. That does not mean the rust is unsafe, it quite opposite. Rust is not 'saf-er', it strictly safe. You can not possibly write unsafe code with pure Rust.

Yeah, it is listed in the original report from NSA, but looks like it was removed in Bjarne's paper. Weird...

The quote he uses is directly from the NSA advisory. It's just the latter list where they don't mention Rust.

Mm Lil LL l pp l0.😊

Not for people who need it.

@@zizlog_sound YT has support for that..

What's really annoying about the captions is that they are saying "C" at several points instead of "C++" when a) the speaker is clearly saying C++, and b) the speaker made it clear early in the lecture that C++ is not C and vice versa.

​@@TerminalJack505 I particularly liked the part where it wrote "the SEA Committee" lol

Oh, the captions weren’t too bad. And very helpful for people like me with mild hearing loss.

He is saying be a chad programmer or STFU

They know, that's why they complain.

​@@dariuszantoniukI imagine they're considering making the leap to node.js. Webapps are all the rage these days, and it's important for them to stay within fashion

There is no organization that believes that "C/C++" is a programming language. The term is referring to both languages as a pair, since they have significant domain and design overlap. Bjarne knows this and is joking/complaining that people still refer to them together, since he's been trying to develop C++ as a superior alternative to C.

​@@khatharrmalkavian3306 But that's exactly the problem here, pretending that C and C++ are the same. They're not. You can use C++ just like C, but you also have many facilities which allows you to write safer code. Going with the "C/C++" approach works against improving the existing C++ applications - and no, we cannot rewrite anything in (assuming that's even desirable). We need to collaborate on this, all the actors involved.

Overly simplistic blanket statements from bureaucrats are cheap and should generally be discarded unless you are in direct business with them. Especially those whos' organization is implicitly untrustworthy and deals heavilly in ulterior motives.

@@mytech6779 Tinfoil arguments don't change the fact, that C++ has serious issues, including safety ones that need to be addressed. Developers have experienced e.g. iterator/reference invalidation way before NSA safety recommendations were published. Even builtin language feature like range-based for loop was fundamentally broken for over 10 years (temporaries lifetime issues - P2012, P2644, should be fixed in C++23)

just checked and my C++ compiler still compiles C code, I believe this is a choice made by the creator and later designers of C++

You wish c++ was as cool as a motorcycle, it's just an old combine harvester falling apart, being slowly turned into a redneck house attachment lol.

Simply don't make mistakes. Problem solved!

@@ThinkingNow Keep it simple. Fortran doesn't seem to have a lot of memory problems, for example.

@@ThinkingNow lmao