Can Safe C++ Bring Memory Safety Without Dropping the Language?

Current versions of Safe C++ require an 18‑month design and implementation effort, prompting the question of whether it can meet developers' needs and expressive power.

To avoid memory‑related errors, the usual advice is to switch C++ developers to Rust, but other options exist.

The 21st Working Group, formed in 1990 by recognized experts interested in C++, released a proposal in September that sparked extensive online discussion about the "Safe C++ extension".

This reflects a larger movement within the C++ community to explore new solutions for the language’s 39‑year history, addressing ongoing memory‑safety concerns.

The broader programming community’s demand for safer code has grown, leading the Safe C++ proposal to acknowledge criticism of C++ and to view Rust’s safety model as a valuable reference for designing Safe C++.

Proposed Solution

Two dedicated developers authored the proposal: Sean Baxter, a veteran who worked at NASA’s Jet Propulsion Laboratory and later as an NVIDIA research scientist, created the Circle C++ alternative compiler; and Christian Mazakas, a senior engineer at the C++ Alliance, a charitable organization supporting the C++ community.

In September, the C++ Alliance announced a partnership with Baxter, calling the proposal a revolutionary addition of memory‑safety features to C++.

The key part of the proposal is a "safe standard library" that augments the C++ standard library with robust, memory‑safe implementations of critical data structures and algorithms, ensuring new code considers safety from the start.

The documentation emphasizes "safety first," prohibiting operations that could cause undefined behavior related to lifetime, type, or thread safety, and relying on compiler front‑end checks, static analysis, and runtime panics to enforce safety.

Evolving Toolchain

Baxter, motivated by a long‑standing interest, created Circle in 2019—a new C++ compiler that, with improved toolchains, can provide the advantages of a successor language while remaining source‑compatible with existing C++ code.

Circle introduced a Rust‑like borrow checker for C++, and in 2022 Baxter challenged C++ critics by demonstrating that the language can be made safer and more efficient without sacrificing compatibility.

He argues that while Rust is unfamiliar to many C++ developers and interoperability tools add friction, Safe C++ offers a viable path to memory safety.

Recent papers and warnings from industry leaders (e.g., Microsoft Azure CTO Mark Russinovich, U.S. agencies, the White House) highlight the urgency of addressing memory safety.

Baxter acknowledges that government warnings have drawn global tech attention to memory safety.

Research suggests incorporating Rust’s safety model into C++ could improve interoperability and reduce security‑related software defects.

What Has Changed?

Beyond Safe C++, other initiatives aim to improve C++ safety. Thirteen months ago, Bjarne Stroustrup described C++ as an "opportunity" and advocated for configuration files that enforce safety rules.

The C++ Core Guidelines, edited by Stroustrup and Herb Sutter, now reference these configuration files to achieve type and boundary safety.

However, a recent paper critiques the "Safe Configuration Files" introduced in 2015, noting they have failed to deliver reliable safety guarantees after a decade of effort.

The paper argues C++ can achieve memory safety without discarding viable methods, emphasizing the need for clearer expression of aliasing, lifetimes, and safety attributes.

Collaborative Process

The discussion continues, with the C++ Alliance seeking feedback from developers, researchers, and stakeholders to refine the proposal.

They claim industry participation will help resolve remaining design issues, aiming to deliver a robust language and standard library within the next 18 months.

Since June, the domain SafeCPP.org redirects visitors to the draft proposal page.

Author: Listening‑to‑Music‑Fish

Related reading:

U.S. Federal Government: Critical software must abandon C/C++ by 2026

What’s New in the Safe C++ Proposal? What Programmers Need to Know

Google Plans to Replace C++ with Rust in Android