• Don’t overestimate Rust, I’ve dealt with plenty of segfaults using it. Hell, I’ve had a situation where the Rust compiler generated some kind of instruction that wasn’t compatible with my CPU, that sure was fun to debug!

    Rust has issues with interoperability with system libraries. It solves this (sort of) through static linking, but static linking is why we’re still receiving daily updates for programs that open WebP files over a week since the library has been fixed on every single platform. Plus, there’s no good way to make a Rust UI that doesn’t look like it came out of a video game. Then there’s the whole async deal, which is great until you need to send anything more complex than an integer between threads.

    C++ isn’t exactly resistant to segfaults, but with C++11 things have become orders of magnitude better. C++ versions up to C++23 have improved things even more. If only people actually used those features…

    I think a good C++ dev using modern tooling can probably write code that’s just as stable as and even more compatible than Rust code, but many programmers are stuck in their old ways, or on old compilers, or think they don’t need Valgrind because they’re rockstars.

    Take a look at SerenityOS if you haven’t already. It’s an OS designed from the ground up, written in modern C++ (as in, the standard build script will compile a compiler because most distros don’t have compilers modern enough to run it). It includes everything from a kernel to a web browser and a Javascript engine. That project kind of redeemed C++ in my eyes.

          • Last time I set up such a system was for a course several years ago, I don’t know what linters are popular these days. Flint used to be pretty good but it’s no longer maintained. Back then I set up a combination of cppcheck, clang with almost every optional warning, and clang-tidy for formatting. clang-analyze and cppcheck will compliment each other nicely but you do need to play around with their configuration to make informed decisions about conflicting advice every now and then.

            Microsoft’s compiler does have warnings about certain risky uses of raw pointers, so using MSVC may be a good idea for safe programming until clang and g++ catch up. On the other hand, MSVC++ is behind on certain other C++ features, so you’ll have to weigh your options here.

            There isn’t much documentation I can find on the topic of setting up a linter to enforce modern memory management. Most people asking for information about it seem to get responses from C++ experts telling them raw pointers are fine for and that you shouldn’t be scared of them, but I disagree.

            Sadly, no tooling I know of has sufficient detection of pointer footguns (such as smart pointers made out of smart pointers leading to double frees).