Monorepo

C++ Safety Proposal Abandoned in Favor of Profiles, Says Committee Co-Author

C++ Safety Proposal Abandoned in Favor of Profiles, Says Committee Co-Author
source: gettyimages
September 19, 2025

The C++ standards committee has officially shelved a comprehensive proposal aimed at creating a rigorously safe subset of the language, despite ongoing concerns about memory safety issues. According to Sean Baxter, co-author of the innovative Circle C++ compiler, this decision reflects the committee’s disconnect with the Rust safety model, which remains unpopular among its members.

> "The Rust safety model is unpopular with the committee. Further work on my end won't change that. Profiles won the argument," Baxter stated in June.

The discussion gained renewed attention when developers like Simone Bellavia observed the anniversary of the Safe C++ proposal and noted that a definitive decision had been made to discontinue it. Baxter initially envisioned Safe C++ as a way for developers to achieve Rust-like memory safety without having to adopt a new programming language. The proposal aimed to prevent unsafe code through compile-time checks, such as borrow checking, initialization analysis, and enhanced type safety, all within an incremental migration framework that preserved existing code.

However, clarity on the proposal's status is elusive. Erich Keane, a C++ committee member and co-chair of the C++ Evolution Working Group (EWG), indicated that Baxter’s efforts received mixed responses.

> "Sean is completely welcome to continue the effort, and many in the committee would love to see him make further effort on standardizing it," Keane commented.

Baxter argued that the committee's opposition remains firm, emphasizing that the Rust model's core principles—particularly safe function coloring—are incompatible with the current language evolution principles, which discourage the requirement for safe or pure function annotations.

> "This is an irreconcilable design disagreement. Safe function coloring is the core of the Rust safety model," Baxter explained.

Notably, Bjarne Stroustrup, the creator of C++, expressed support for concept profiles—sets of guarantees that can be enforced—though he lamented that the standards process failed to include this in C++26.

> "I want this set of guarantees and it will then be enforced," Stroustrup said.

Despite support from some industry leaders, profiles remain controversial. Critics argue that profiles lack a clear implementation, do not resemble established solutions, and failed to make it into the official C++26 standard. Baxter also voiced strong skepticism about profiles’ viability, offering numerous examples of their failures documented at [circle-lang.org](https://www.circle-lang.org/draft-profiles.html).

He further criticized the current Standard Library as fundamentally unsafe and tried to propose a safer successor called std2, which was rejected. The ongoing debate about making C++ safer has led many to consider alternative languages, such as Rust or Google's experimental Carbon project, which aims to succeed C++ with plans for a 1.0 release beyond 2028.

Related links

By submitting, I confirm I have the right to share this link and I agree to link back to this article from the submitted page. Duplicate URLs are rejected. Up to 5 links per page.

GraphQL · 141 ms 
query Q($id: Int!, $domain: Int!, $srcId: Int!, $hasSrc: Boolean!, $hasSelf: Boolean!) {
  self: qa_ai(where: {id: {_eq: $id}}, limit: 1) @include(if: $hasSelf) { id title text date }
  linksarticle: qa_ai(where: {domain: {_eq: $domain}, id: {_neq: $id}}, order_by: {id: desc}, limit: 8) { id title }
  linksbottom: qa_ai(where: {domain: {_neq: $domain}, id: {_lt: $id}}, order_by: {id: desc}, limit: 3) { id title domain }
  source: qa_ai(where: {id: {_eq: $srcId}}, limit: 1) @include(if: $hasSrc) { id title }
}
{
  "id": 6644045,
  "domain": 7,
  "srcId": 0,
  "hasSrc": false,
  "hasSelf": true
}