At least in C++11 and later, many classes of these memory bugs are eliminated with more modern container and pointer types. It’s not uncommon to have a company policy of not using “new” or “delete” anywhere.
Equating C with modern C++ is a common sleight of hand for rust evangelists. Most modern C++ projects with a fresh codebase have almost 0 use of new or delete. It turns out that C++ is a lot better than it used to be 10 years ago.
C++ is definitely better but it's still not memory safe. Compared to Rust, you still have little tracking which thread has access to which variable at which time. Even in modern C++, you still have to care about iterator invalidation.
Having no instances of new or delete does not, in any way, prevent the entire class of memory vulnerabilities. Running off the end of a buffer when processing untrusted data is just as easy. Heck, you can still absolutely get UAF issues even if you never allocate on the heap simply by holding a reference to a stack allocated object past its lifetime. Given how weird the rules around lifetime extension are, this can happy is really really subtle ways.
C++11 is not a safe language. Not even close. It is much much much better than what came before, but it is not safe.
The C++98 (Win32/MFC) codebase that I ocassionally touch has a lot of ill-designed abstractions in it, and is full of potential memory problems, but at least one can halfway see what's happening, and a full rebuild of the 30 years old codebase can be done in < 10 minutes.
Not sure if it's worse than the impossible to grok and slow to build C++11+ codebases that I've seen - everything is wrapped in unique_ptr and shared_ptrs, add lots of unused overloaded constructors and methods for every const and copy/move/value construct situation, then add an icing of templates. The trend is to assume that problems are solved by wrapping everything in more layers. But it seems like this ends in maybe fewer memory problems but also a lot less useful functionality, makes it a lot slower to build, and makes it so much harder to add, change and fix stuff.
The best code I've seen uses very, very few C++ features (if any at all) and just gets things done in a straightforward way without celebration.
pclmulqdq|4 years ago
pjmlp|4 years ago
Android source code is definitely not one of them, and yet Google as ISO C++ contributor should know all about modern C++, right?
Ah, what about Microsoft and their UWP code samples for C++ developers, or the C++/WinRT based libraries?
As advocates from C++ Core Guidelines, surely those samples will be perfect examples from modern C++, right?
Or what about Bloomberg, with heavy contributors like John Lakos?
Maybe they are still in the process of adopting C++11 and C++14, while writing a book about language adoption issues.
I like C++ a lot, but we really need a compiler switch to turn off compiling Vintage C++, it would be marvelous.
est31|4 years ago
UncleMeat|4 years ago
C++11 is not a safe language. Not even close. It is much much much better than what came before, but it is not safe.
elteto|4 years ago
mcguire|4 years ago
FartyMcFarter|4 years ago
For example, std::string_view is basically a pointer, as soon as it points to a string that went out of scope you're in trouble if you use it again.
pjmlp|4 years ago
jstimpfle|4 years ago
Not sure if it's worse than the impossible to grok and slow to build C++11+ codebases that I've seen - everything is wrapped in unique_ptr and shared_ptrs, add lots of unused overloaded constructors and methods for every const and copy/move/value construct situation, then add an icing of templates. The trend is to assume that problems are solved by wrapping everything in more layers. But it seems like this ends in maybe fewer memory problems but also a lot less useful functionality, makes it a lot slower to build, and makes it so much harder to add, change and fix stuff.
The best code I've seen uses very, very few C++ features (if any at all) and just gets things done in a straightforward way without celebration.