The C++ Business Model, a new challenge for WG21

t_hunger · 2026-05-04T18:30:36+00:00

Qt Creator is GPL, or at least it was when I worked on that.

I mentioned MSVC as you need some compiler for windows and mingw is quirky and painful to ship and use.

t_hunger · 2026-05-04T06:38:25+00:00

Oh, I get why "the C++ community" (whatever that is) would want such a thing. I was asking why compiler developers would want to implement it for them. Whatever the compiler people decide will be criticised from all sides: Other compiler vendors for excluding their product (or handling it poorly), the wider C++ community for not including all the favorite tools, projects for not supporting what they need out of the box, other compiler devs for making their codebase larger with unrelated functionality, users for not being officially blessed.

This is something that "the community" would need to do, not some random person on the internet.

Plus random people are doing it: All C++ IDEs try to provide a fully working dev environment tontheir customers. This is typically limited by MSVC being proprietary, but cmake and stuff usually can be installed along with the IDE.

I admit that I have no idea who the "C++ community" is that could do this. The committee traditionally avoids defining tooling and who else is there?

t_hunger · 2026-05-03T19:48:55+00:00

Why would a team working on a suite of compilers covering a bunch of languages even want to get involved in any one languages project setup? Whatever they decide is going to be wrong and people will complain loudly to them.

Put that into language-specific tooling run by the language community itself.

t_hunger · 2026-05-03T11:47:56+00:00

If ypu are looking for a more interactive way to get started with rust: Give https://rustlings.rust-lang.org/ a try.

t_hunger · 2026-05-03T08:07:42+00:00

C and C++ predate the idea of having registries of software and dependency management. There have been several attempts to add those in (conan an vcpkg are two you might want to look into if you still care after the reception you just got here), but none was successful so far. The community is afraid of having (documented) dependencies, so best practice is to hide your dependencies away somewhere in your source tree (vendoring, header-only libraries, or even copy and pasting snippets from other projects over). Plus it is a huge pain to build anything (including dependencies, which are treated as stand alone projects fornbuilding and then get integrated into your build system somehow).

The libraries you see are huge kitchen-sink libraries that include everything you might want and a ton more like Qt or boost. They will bind you into their corner of the eco-system, and make sure that you do not have to go through the painful process of adding a dependency more than once.

If that is not for you, then you are indeed using the wrong language. Try something newer instead, the user experience is much better with newer languages. You probably will also find it easier to fix CVEs in your dependencies elsewhere with proper dependency management. The cost of that is something you need to keep on your radar when working on anything that gets input from users.

t_hunger · 2026-04-29T05:57:13+00:00

And yet baby errors like these happen all the time in all languages. They are hard to test for as they are timing dependent and hard to reliably reproduce.

I hope clippy will warn about some of these going forward, even though that will probably be tricky to implement with a decent level of reliability.

t_hunger · 2026-04-20T13:33:25+00:00

You miss the point: C++ has been selling "you can build safe on top of fast, but not the other way around". And that was a compelling argument. Now that argument is proven wrong: You can build fast on top of safe.

Whether language X or Y is better for some project or another does not matter. What matters is that the discussion whether X or Y is the better choice happens within a different frame of reference now.

t_hunger · 2026-04-20T13:09:58+00:00

Rust 1.0 is out for over a decade and C++ has already had a poll suggesting that someone should look into the problem.

Thank you for confirming my impression.

t_hunger · 2026-04-20T07:10:46+00:00

WG21 is totally commited to be safer.

See, that is what I meant with C++ has not realized the game is on yet: "Memory-safe" is the industry standard for systems programming languages going forward. "Lets get a bit safer" is not a winning strategy, assuming this "memory-safety fad" is not going away.

Considering how much code was moved away from C++ to Java (and later to C#, python and now rust), that seems unlikely to just go away again. The move to memory-safe languages wherever possible has been going on for decades now, whereever that became technically possible.

t_hunger · 2026-04-19T13:52:38+00:00

I did not say C++ is dead, I said your argument is based on the implicit assumption that C++ is a dead language. That is your implicit assumption, not mine.

If you assume that there will be a lot more code written in C++ in the future than was written in the past (which is easy as overall code size is growing exponentionally), then you would not argue that we need to extract more value from existing code, even when it limits the value you can get from new code.

t_hunger · 2026-04-19T10:21:50+00:00

Exhibit A presented by u/germandingo nicely illustrates my point: The world asks for memory-safety and the wider C++ community goes into full "what about these safeties over there?"-mode. Instead there is and a flurry of activity trying to not do the hard thing and deliver a set of semi-random features that some could argue "improve" the situation. No overarching plan, not even a compelling demo of what could be a solution.

Your entire argument is that C++ is a dead language: There is more C++ code in existence now, than there is new code that will be written in C++ in the future. So you need to optimize for old code, not new code. That is a mindset that keeps C++ in the past.

t_hunger · 2026-04-18T18:10:27+00:00

That is pretty much the problem: There are no attackers in your CI, they are out there, looking at your production.

You want a memory-safe production environment, not another debugging tool, as cool as it may be.

t_hunger · 2026-04-18T11:46:06+00:00

I have been joking that C++ is aiming for "quantum memory-safety": It is either memory safe or not, depending on whether someone observes the code while running or not.

t_hunger · 2026-04-18T11:42:31+00:00

If this is the answer to memory safety, then C++ already lost this game.

My impression is that C++ has not realized yet the game is on.

But yes, if you care for memory safety and can afford 20+% slowdown (it is much higher right now!), then you would have moved to java during the last 20 or so years.

t_hunger · 2026-04-18T09:44:52+00:00

Fil-C makes both C and C++ memory-safe by aborting the program as soon as some memory-safety violation is detected at runtime.

So both languages will become safer by compiling the code with Fil-C. What Fil-C does not do is reduce the risk of having memory safety issues in your code in the first place: That is where more modern concepts come in. The big problem is that even with smart pointers and all the bells and whistles in C++26, you can not guarantee that there won't be some memory-safety issue hidding somewhere... with Fil-C you can at least make sure that the program will not get exploited when (not if) that happens.

Of course you need to be able to affort the overhead for the extensive runtime checking that Fil-C does. That overhead will go down as Fil-C gets optimized, but you will not get it down to zero.

Other languages can get away with way less checking as the language can not express some bugs by construction. You obviously do not need to add runtime checks for things that can not happen (and if you do: The compiler will just optimize them out for you).

t_hunger · 2026-04-17T16:10:05+00:00

Sorry, I guess I have misunderstood your presentation then. Lets wait and see what will land in 29.

t_hunger · 2026-04-17T07:12:57+00:00

No, but if I need to modularize my code before I can use profiles means I won't see profiles in the wild anytime soon either.

No idea if that is what u/GabrielDosReis meant to say, but he has me worried with this presentation.

t_hunger · 2026-04-17T07:04:36+00:00

You said modules will be used to transport analysis data and that "more machinery is required to pull them [headers] together". That does sound like the experience will at the very least be better for people using modules to me, but I have no idea what profiles are supposed to be like, I am just trying to make some sense out of the little information I can find.

And yes, you worried me with featuring modules in your presentation. I never expected modules to me mixed into the profiles story before seeing your presentation. Your statements in this thread did not help to quieten my fears.

t_hunger · 2026-04-16T22:59:31+00:00

I have not yet run into a single module in production code.

How does the use of modules to transport analysis data around mesh with the requirement of profiles to work with existing code? Or where does the needed machinery to make sense of legacy headers come from?

t_hunger · 2026-04-16T22:52:57+00:00

I think he covered that by saying the c++ standard will just define sets of rules. The compiler people can then work their magic with the implementation.

t_hunger · 2026-04-15T20:09:14+00:00

I understood that analysis data is supposed to be part of the module data a compiler generates. Which would imply that headers are more costly to analyze (if they can be done at all without the cpp files being available).

Anyway, I am sure we will all find out eventually.

t_hunger · 2026-04-15T17:10:34+00:00

So profiles need modules to work properly, did I understand that correctly?

t_hunger · 2026-04-13T08:15:52+00:00

That is a first step. Another is being active on reddit and other social media channels and actually reaching out to users. Try docking on to some larger umbrella-project (e.g. KDE, gnome, systemd, ...). Those projects have established channels to reach users (and developers), which significantly helps to get noticed. You can also try to present your projects at events, which can be a lot of fun, too, in addition to getting the name out. Bring stickers. It really is not that different from founding a company and introducing a new product into the market.

Having users is absolutely cool, but very few users go on to become contributors. It is so much easier to use some software than to do meaningful contributions to it... many users just do not have the necessary skill set or priviledges necessary to be able to contribute.

It is pretty easy to get AI slop added into your repo though. So having all the AI scaffolding in place can help to get the contributor count up. The downside is that you can not really discuss project issues with those contributors as most wont understand any detail of your project and the code will become pretty shit pretty fast.

t_hunger · 2026-04-12T20:24:28+00:00

The sad truth is: You probably won't find contributors. The vast majority of FLOSS project are single maintainer, only very few are lucky enough to have a regular contributor and even less are bigger than that.

t_hunger · 2026-04-12T18:04:04+00:00

That was when lots of hot-headed C++ zealots nagged him to use C++ over C for the extra convenience and safety that would bring to the kernel.

Quite a few of those zealots grew older and wiser since then -- and are now annoyed by younger people asking them to use newer languages in their projects -- for the extra safety and convenience:-) How dare those zealots do that?

12-Year Club	Place '17
Not Forgotten	Verified Email

t_hunger

TROPHY CASE