Will Safe C++ Extensions Make C++ Memory‑Safe? Insights from Rust and NSA

导读：C++正在不断向Rust等语言学习，让自己变得安全可依赖。

Introduction

In 2020 Google discovered that over 70% of Chrome’s severe security bugs stemmed from memory‑safety issues, essentially blaming C++ pointer errors for many vulnerabilities.

In 2022 NSA Cybersecurity Technical Director Neal Ziring warned that memory‑management flaws have been exploited for decades and urged developers to adopt memory‑safe languages and protective measures.

The White House Office of the National Cyber Director later released a report urging programmers to migrate to memory‑safe languages, noting that current security burdens fall on end users and that languages lacking memory‑safety features, such as C and C++, are widely deployed in critical systems.

High‑profile incidents like the 2014 Heartbleed bug in OpenSSL and the 2017 WannaCry ransomware attack underscore the real‑world impact of memory‑safety failures.

Ensuring C++ Safety

Memory‑safe languages already exist—Rust, Go, Java, Swift, Python—but C++ remains under scrutiny because it powers massive amounts of critical code.

In September this year the C++ Alliance announced a “Safe C++ Extensions” proposal, described by President and Executive Director Vinnie Falco as a revolutionary effort to add memory‑safety features to the language.

Falco emphasized the urgent demand for safe code as software security and reliability become increasingly vital, putting pressure on developers to adopt safer coding practices.

The Safe C++ Extensions aim to introduce new features that prevent common memory‑related errors.

Critics, such as C++ Alliance developer Sean Baxter, argue that Rust remains the only widely‑used system language offering strict memory safety, and that C++ and Rust differ fundamentally, making incremental migration difficult.

Developers are advised to adopt multiple measures to ensure C++ code safety, including prohibiting patterns that can lead to undefined behavior in lifetimes, types, or threads.

Conclusion

Transitioning code to memory‑safe languages is a daunting, time‑consuming effort. The U.S. Defense Advanced Research Projects Agency (DARPA) is exploring AI‑driven solutions, developing a tool called TRACTOR that converts C code to Rust, aiming to achieve Rust‑level quality and eliminate all memory‑safety vulnerabilities in C programs.

What do you think? Share your thoughts in the comments.