The Two Factions of C++

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
  1. profiles

    site for discussing profiles design (by BjarneStroustrup)

    > Honestly, I am extremely glad that Google is finally leaving the ecosystem, as I generally do not enjoy it when Google engineers try to force their ridiculous use cases down peoples' throats, as they seem to believe they simply know better than everyone else how to develop software.

    Well, you may be celebrating a bit prematurely then. Google still has a ton of C++ and they haven't stopped writing it. It's going to take ~forever until Google has left the C++ ecosystem. What did happen was that Google majorly scaled down their efforts in the committee.

    When it comes to the current schism on how to improve the safety of C++ there are largely two factions:

    * The Bjarne/Herb [1] side that focuses on minimal changes to the code. The idea here is to add different profiles to the language and then [draw the rest of the fucking owl]. The big issue here is that it's entirely unclear on how they will achieve temporal and spatial memory safety.

    * The other side is represented by Sean Baxter and his work on Safe C++. This is basically a whole-sale adoption of Rust's semantics. The big issue here is that it's effectively introducing a new language that isn't C++.

    Google decided to pursue Carbon and isn't a major playing in either of the above efforts. Last time I checked, that language is not not meant to be memory safe.

    [1] https://github.com/BjarneStroustrup/profiles

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. basis

    The robotics development framework that makes deterministic replay testing possible. (by basis-robotics)

    You don't have to actually copypaste. You can use CMake and FetchContent/CPM. You can specify custom build commands or inline declare a project for anything small that you pull in that doesn't use CMake (you can call add_library with a glob on the folder FetchContent pulled in, for example - I've done so here https://github.com/basis-robotics/basis/blob/main/cpp/CMakeL... for a header only lib). For large external dependencies that are either very slow to compile or for some reason aren't CMake, reach for the system package manager or similar. If you want to be really cross platform and are supporting Qt/wxwidgets/etc, vcpkg+CMake+clang is solid combo, if a bit slow and a bit disk space heavy with the build cache.

  4. CPM.cmake

    📦 CMake's missing package manager. A small CMake script for setup-free, cross-platform, reproducible dependency management.

    Have you taken a look at CPM ? https://github.com/cpm-cmake/CPM.cmake . It makes CMake project management easy - no need for separate package manager tool.

  5. carbon-lang

    Carbon Language's main repository: documents, design, implementation, and related tools. (NOTE: Carbon Language is experimental; see README)

    People like to always talk about Carbon like that, yet the team is the first to point out anyone that can use something else, should.

    Carbon is an experiment, that they aren't sure how it is going to work out in first place.

    > "If you can use Rust, ignore Carbon"

    https://github.com/carbon-language/carbon-lang/blob/e09bf82d...

    > "We want to better understand whether we can build a language that meets our successor language criteria, and whether the resulting language can gather a critical mass of interest within the larger C++ industry and communit"

    https://github.com/carbon-language/carbon-lang/blob/e09bf82d...

  6. doctest

    The fastest feature-rich C++11/14/17/20/23 single-header testing framework

    catch2 has become fairly bloated. doctest takes all of the best parts of catch2 without all the bloat and the end result is a test framework that is literally over 10x faster than catch2. It's also like 90% compatible with catch2 so porting your tests to it is pretty easy.

    Especially if you have a build process that always runs your unit tests, it's nice to have a very fast test/compile/debug loop.

    https://github.com/doctest/doctest

  7. RaytracingWeekend-CPP

    Peter Shirley's raytracing One Weekend tutorial updated with C++20 features

  8. openjdk-aarch64

    Microsoft builds of OpenJDK for AArch64 Platforms

  9. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
  10. .NET Runtime

    .NET is a cross-platform runtime for cloud, mobile, desktop, and IoT apps.

    If you're interested, here's the overview of planned compiler work for .NET 10: https://github.com/dotnet/runtime/issues/108988

    Autovectorization is usually very fragile and in areas where you care about it hand-written implementations always provides much better results that will not randomly break on minor changes to compiler version or the code, that must be carefully guarded against.

    It would be still nice to have it eventually, and I was told that JIT team actively discusses this but there are just many more lower hanging fruits that will light up in disproportionately more instances of user code.

  11. ziti

    The parent project for OpenZiti. Here you will find the executables for a fully zero trust, application embedded, programmable network @OpenZiti

    I may be off base, but as the world moves to zero-trust networking, we can always embed a zero-trust network into our C++ app so that it can be distributed across the network while having no listening ports on the underlay network - i.e., my memory safety exploit cannot just be exploited by anyone on the WAN, LAN, or host OS network. My C++ app unattackable via conventional IP-based tooling, all conventional network threats are immediately useless.

    This capability exists in completely open source, such as OpenZiti - https://openziti.io/.

  12. protozero

    Minimalist protocol buffer decoder and encoder in C++

    Protobuf depending on Abseil (which has ongoing macOS build issues) is clinically insane. I tend to use protozero now which trades half a day’s boilerplate for two days’ build heartache.

    https://github.com/mapbox/protozero

  13. ziti-tunnel-sdk-c

    https://github.com/openziti/ziti-tunnel-sdk-c/blob/9993f61e6...

    That's why this topic is such a big deal. Even people who really should know better like the OpenZiti authors aren't able to reliably write safe code.

  14. zfw

    An EBPF based IPv4/IPv6 firewall with integrations for OpenZiti Zero-Trust Framework edge-routers and tunnellers

    - know how to negotiate the end to end encrypted tunnel to the 'far' identity

    So yes, if they can do all that, then they'd definitely be able to attack that remote service. But I said "remote service", not "remote services". All that work and compromises and they only have access to 1 single service among hundreds, thousands, or potentially millions of services. Lateral movement is almost impossible. So the attacker would have to repeat each of the 5 steps for every service possible. Also, they don't know which company sits behind which OpenZiti fabric, so its pot luck if its even against the target they want to try and exploit.

    Finally, we have developed a stateful firewall called 'ZitiFW' - https://github.com/netfoundry/zfw - which uses eBPF to look at the IP information of any incoming connections/packets to an Edge Router (Ziti's Policy Enforcement Point), if a connection/packet is received from an IP address which is not correlated to a known, bootstrapped endpoint to the overlay, the packet can be blackholed.

  15. cppwinrt

    C++/WinRT

    Cppwinrt is in maintenance mode[1]. Cppwin32 is abandoned (with windows.h as the official alternative). It is now possible to deploy WinUI 3 apps as single files in C#[2] but not in C++. From experience, the entire C++ side of WinUI 3 documentation is underbaked to the extent that the easiest road is to read the C# documentation and attempt to guess the cppwinrt equivalent (as docs for cppwinrt are not really... there).

    I don’t know if they’ve really abandoned C++ entirely—the compiler team certainly hasn’t, that’s true. But the above doesn’t feel like first-class support.

    [1] https://github.com/microsoft/cppwinrt/issues/1289#issuecomme...

    [2] https://learn.microsoft.com/en-us/dotnet/core/deploying/sing...

  16. Iteration has been improved since, and now we’re beating Abseil on iteration plus erasure:

    https://github.com/boostorg/boost_unordered_benchmarks/tree/...

  17. Google Test

    GoogleTest - Google Testing and Mocking Framework

    > Googletest ... declares a direct dependency on an older LTS release of absl

    Looking at the build configuration code:

    https://github.com/google/googletest/blob/main/CMakeLists.tx...

    it seems like the dependence on Abseil is optional. i.e. you can use googltest on its own. I wouldn't recommend it (I kinda like doctest), but still.

  18. SaaSHub

    SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

    SaaSHub logo
NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

Did you know that C++ is
the 7th most popular programming language
based on number of references?