What attempts have been made to bring memory safety to C++?

C++ is a powerful and widely used programming language known for its flexibility and performance. However, one of its historical drawbacks has been the lack of built-in memory safety features, which can lead to various types of memory-related bugs such as buffer overflows, dangling pointers, and memory leaks.

This is a known issue that has persisted for decades, and numerous attempts have been made to find a solution. Unfortunately, none have succeeded.

What has been done in the past to enhance memory safety within the language?

Garbage Collector

A Garbage Collector (GC) is a mechanism used in programming languages and runtime environments to automatically reclaim memory that is no longer in use by the program. Its primary purpose is to manage memory allocation and deallocation, relieving developers from the burden of manual memory management and helping to prevent common memory-related errors such as memory leaks and dangling pointers.

For C++, in 2008 a minimal support for garbage collection and reachability-based leak detection was added to C++0x. And since then, many propositions have been suggested. Unfortunately, none of them have resolved all cases, and the garbage collector was definitively removed in C++23

Borrow Chekers

The borrow checker is a key feature of the Rust programming language that enforces memory safety and prevents data races by statically analyzing the ownership and borrowing of references in a program at compile time. It is one of Rust’s core innovations and a fundamental aspect of its ownership model.

So the question is: Why not bring this mechanism to C++?

In 2021, a google chromium team tried to answer this question, and in its conclusion paper, they conclude

It would seem at first glance that we have successfully written C++ borrow checking, with the types defined above. Unfortunately, we have not.

Indeed, many unresolved challenges remain as described in their paper, and the borrow checkers ultimately could not be added to C++.

Runtime Checkers

C++ runtime checks refer to various mechanisms and techniques used to validate program behavior and detect errors during program execution. In C++ there are called sanitizers. They are part of the Clang and GCC compilers and provide runtime instrumentation to catch errors during program execution. These sanitizers are generally used during development and testing phases to identify and fix issues. However, there are not used in production, and unfortunately many cases in production can’t be handled in development phase.

And even in development phase the sanitizers are not very popular and therefore not widely used.

What next?

Currently Stroustrup try to find finally a good solution to this safety problem, it’s called C++ profiles(That is, a set of rules which, when followed, achieve specific safety guarantees.) They’d be defined by the ISO C++ standard, addressing common safety issues like pointers and array ranges.

He’s created a GitHub repository, where people can put suggestions, and where he will put his drafts , so that we can create a community working on getting this kind of stuff done in a reasonable time.

Conclusion:

C++ continues to resist to any attempt to enhance memory safety within the language. However, finding a definitive solution to this significant issue has become increasingly urgent. Perhaps we should consider adding this problem to the Millennium Prize problems 🙂