3

The unsafe keyword is a relatively familiar language feature, known mostly from C# and Rust.

The general idea of the feature is to define "safe" subset and then require demarking any usage of features outside of this subset. Therefore, the not-safe code can be better managed and accounted for in a larger codebase or when evaluating 3rd-party dependencies.

Russ Cox at ACM SCORED: Open Source Supply Chain Security at Google

(https://www.youtube.com/watch?v=6H-V-0oQvCA)

Were there any attempts to bring this feature into standard ISO C++?

The only related thing I managed to find is this one example of a diy solution with clang-query (https://gist.github.com/htfy96/24b8d6ec78236b17674b548595984315).

In Bjarne Stroustrup's 2021 article Thriving in a crowded and changing world: C++ 2006–2020 (https://dl.acm.org/doi/10.1145/3386320) there are no references to actual standardization proposals. The discussion seems to be unfriendly to the unsafe idea at first

It has repeatedly been suggested that the committee should improve type safety by banning unsafe features (e.g., abandoning C-isms, such as built-in arrays and casts). However, attempts to remove features (to "deprecate" them) have repeatedly failed as users ignored the warnings about removal and insisted that their implementation providers continue to supply them.

also this

From the earliest days of "C with Classes", people have suggested creating safe subsets of the language and compiler switches to enforce such safety. However, those suggestions failed for one of many reasons:

  • Not enough people could agree on a definition of "safe".
  • The unsafe features (for every definition of "unsafe") are the ones needed to build the basic safe abstractions.
  • The safe subset is insufficiently expressive.
  • The safe subset is inefficient. The second reason implies that you cannot define a safe C++ simply by banning unsafe features. "Perfection through restriction" approaches to programming language design at best works in very limited situations. You need to consider the context and nature of the use of features that in general are unsafe but have safe uses. Furthermore, the standard cannot abandon backwards compatibility (1.1), so we need a different approach.

but then becomes much more friendly in the final parts

The basic approach is not simple restriction, but what I called the subset-of-superset approach or SELL [Stroustrup 2005]:

  • First, extend the language with library facilities to makes a solid base for use.
  • Then, subset by removing unsafe, error-prone, and overly-costly facilities.
Improve this question
9
  • 1
    All C++ Committee papers are available here. There is no overall index, but broswing the years brings a couple of papers. Commented Aug 13, 2024 at 11:15
  • 7
    The closest I've seen is experiments to show how to make the language safer. The experiments were to spark discussion, and hopefully result in language proposals. Herb Sutter's C++ syntax 2 experiment, Sean Baxter's Circle experiment, and Baxter's New Circle experiment. Several of my coworkers (who are or have been on WG21) are skeptical that the language can evolve in this fashion, and that it will take a new language to usurp C++. I'm skeptical of that happening, because D is a better C++ than C++, and it has not won over the hearts-and-minds. Commented Aug 13, 2024 at 11:21
  • Found one, open-std.org/jtc1/sc22/wg21/docs/papers/2023/p2771r0.html, saying "These mechanisms will still be available in regions that are explicitly marked as unsafe (and that are hopefully carefully checked for bugs)." Seems that the unsafe {} idea is nothing new to the people around C++ then; and I guess they have their own reasons not to go for it. For example, cpp2 is not eager to implement unsafe either, github.com/hsutter/cppfront/wiki/Design-note:-Unsafe-code. Commented Aug 13, 2024 at 11:38
  • 2
    Bjarne recently presented Delivering Safe C++, where he advocates profiles. That has a long way to go before it is a WG21 proposal, and then gets approved, and then makes it into the standard. At the moment, it is but a twinkle in the eye. Commented Aug 13, 2024 at 13:18
  • 2
    You mentioned cpp2, but I would note that the argument there isn't against safe default / opt-out to unsafe, but rather that Sutter is opposed to a blanket opt-out and instead prefers for the user to opt out of specific safety rules. It would end up like C# or Rust, just with a different spelling of unsafe depending on exactly which unsafe action you intended to take. Commented Aug 13, 2024 at 13:51
Related questions
3
Java Thrift Client and Binary data
22
Should I use C++0x Features Now?
71
Is there any way to make Visual Studio stop indenting namespaces?
Load 4 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.