Skip Navigation
C & C++ @lemmy.ml Jure Repinc @lemmy.ml

Why Safety Profiles Failed

Safety Profiles were introduced in 2015 with the promise to detect all lifetime safety defects in existing C++ code. It was a bold claim. But after a decade of effort, Profiles failed to produce a specification, reliable implementation or any tangible benefit for C++ safety. The cause of this failure involves a number of mistaken premises at the core of its design:

  1. “Zero annotation is required by default, because existing C++ source code already contains sufficient information”
  2. “We should not require a safe function annotation”
  3. “Do not add a feature that requires viral annotation”
  4. “Do not add a feature that requires heavy annotation”

The parameters of the problem make success impossible. This paper examines the contradictions in these premises, explains why the design didn’t improve safety in the past and why it won’t improve safety in the future.

1