Discover your dream Career
For Recruiters

"If you can't write safe C++ code, it's because you can't write C++"

If you're a software developer with an interest in writing fast and efficient code for trading systems, you will probably have come across C++. And if you have an interest in C++, you will probably have noticed this week's provocative Tweet from Mark Russinovich, the CTO of Microsoft Azure. 

Russinovich subsequently moderated his statement by acknowledging that C++ isn't going to disappear for legacy applications. But Rust should be used for "new tools," he said. 

His claims have prompted an outcry among C++ devotees, many of whom work in the financial services industry. "C++ is fine, it’s just that many who use it (and other languages) essentially don’t know how to program," said one. "I freely admit that it takes good developers to write good C++ code, and it might very well be much easier to find developers who write good Rust code. But it is possible to write rock-stable, highly-abstracted, well-maintainable, and fast C++ code," said another.

It's just that not many people can write good C++.

The safety issues with C++ are well-documented. A 2019 Microsoft study found they were mostly the result of memory errors relating to heap out of bounds, use after free, type confusion and uninitialized use. 

However, if you know how to use C++ well, many of these errors can be corrected. 

"We can now achieve guaranteed perfect type and memory safety in ISO C++," Bjarne Stroustrup, creator of C++, told the Register this week. "That is, every object is used according to the type it was defined with. That implies that we eliminate uses of dangling pointers, catch range errors, and eliminate data races."

Stroustrup's defense of his creation follows his recent presentation on C++ at CPPCon. C++ is based on a "coherent philosophy" and not "several fashionable rules," declared Stroustrup. The language can develop, but it also needs to be compatible with the "few billions of lines" of legacy C++ code already in existence, he added. Instead of looking for "silver bullets" that eliminate complexity and render contemporary versions of C++ incompatible with their predecessors, it's therefore necessary to be pragmatic. "The language is just part of our toolbox... I don't suffer from the delusion that all the solutions are in the language, a language is embedded in a world."

With this caveat, and even with this focus on legacy C++ code and backwards compatibility, Stroustrup said that C++ is still safe. "I think that the approach I'm talking about - the static analysis and rule-based for modern styles can deliver complete safety, no leaks, no type violations...and by type safety I mean that every object is used exclusively according to its definition..."

There may be "edge cases" where C++ has safety issues, but they will be just that, added Stroustrup. "The strength of this system is that you can get a gradual evolution... you can actually gradually gain first the complete safety of foundational stuff and then slowly move into the rest..."

Stroustrup also said that Rust isn't as safe as people think: "Note that every 'safe' language, including Rust, has loopholes allowing unsafe code." Rust's detractors point out that the language is too new and untested to be a meaningful C++ replacement. Nor does it have the enormous array of open source libraries that have evolved to support C++.

The presumption is that if you can simply get to grips with C++, you will write safe code. 

Not everyone agrees, though. "About 70–80% of serious security vulnerabilities in software are caused by memory unsafety," said one developer responding to Russinovich's tweet. "These extremely serious bugs can basically only happen in C and C++, and we’ve got a few decades of experience and research showing that just being more careful isn’t enough to reduce that."

Click here to create a profile on eFinancialCareers. Make yourself visible to recruiters hiring for firms that are agnostic about C++ and Rust. 

Have a confidential story, tip, or comment you’d like to share? Contact: in the first instance. Whatsapp/Signal/Telegram also available (Telegram: @SarahButcher)

Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)

Photo by Andrea De Santis on Unsplash

AUTHORSarah Butcher Global Editor
  • sa
    27 October 2022

    This is my first comment

  • pb
    29 September 2022

    The comment about memory safety has been an issue for several decades. In the mid 1970's I was learning BAL - Basic Assembler Language (using it on its own or with COBOL) and it was both fun and challenging. The issue, of course, is that you had to understand clearly how you set up your data, and where you moved data from and to. Compilers of 'modern' languages often don't prevent overwriting data, and perhaps even overwriting code. In BAL, the latter meant that you could, essentially, change your program on the go, because data space and program space were not really segregated.

    I've also used command languages that allowed all sorts of 'shenanigans' on the fly. Whether interpretive or compiled / linked, if you know what you're doing and are careful, you won't have bad surprises; if you are competent and malicious, someone else will have bad surprises.

    As to C or C++, competence is important. And in any language, poor coding practices, not 'documenting' your code, using poor naming conventions, taking short cuts, all of those lead to garbage. When I was still actively coding, I made a point of writing the best, cleanest, well documented code that I could. It was never about what language I was using.

  • Da
    25 September 2022

    Rust is actually really good

Sign up to Morning Coffee!

Coffee mug

The essential daily roundup of news and analysis read by everyone from senior bankers and traders to new recruits.

Boost your career

Find thousands of job opportunities by signing up to eFinancialCareers today.
Recommended Articles
Recommended Jobs
Edgworth Partners
Private Equity Associate - Direct Lending Fund
Edgworth Partners
London, United Kingdom
Selby Jennings
Python Quant Developer FX/Rates- Hedgefund, London
Selby Jennings
London, United Kingdom
Oxford Knight
Commodities Quant Developer- Global Asset Management
Oxford Knight
London, United Kingdom
Edgworth Partners
Real Estate Analyst, London
Edgworth Partners
London, United Kingdom

Sign up to Morning Coffee!

Coffee mug

The essential daily roundup of news and analysis read by everyone from senior bankers and traders to new recruits.