Google's take on memory safety

[Gregor Mückl]

On Friday, 8 March 2024 at 10:43:39 UTC, Paulo Pinto wrote:
> Just wait until delivering software written in C or C++ 
> requires a biohazard symbol "handle with care" kind of 
> regulation, and insurance companies high premiums on software 
> developed with such languages.

This isn't going to happen in this century.

You're talking about an absolutely *gigantic* amount of software 
- an utterly, unfathomably, big amount. Many thousand lifetimes' 
worth of work.

A quick estimate tells me that my computer is running several 
*hundred* million lines of code just for firmware, OS, drivers, 
shell/GUI, browser etc. so that I can write this message. 
Mandating a rewrite of all of that is both a fool's errand and 
economic suicide for whatever nation that wants to enforce such a 
mandate.

To my knowledge, the last major OS kernel that was started from 
scratch was Linux (I believe that the roots of the current 
MacOS/iOS/visionOS... kernel are actually older and NT certainly 
is). No newer kernel has reached a similar level of maturity. All 
major browsers that are currently in use have their roots in the 
90s or early 2000s. It's quite easy to continue this list with 
all kinds of application software and stuff.

It would be a major miracle if even a single one of these chunks 
of software would get replaced by a rewrite from scratch within 
the next one or two decades. Replacing all of them at once is so 
much effort that it would mean complete industry-wide stagnation 
for decades.

The best that can happen is a glacially slow migration of single 
components to other languages that are (perceived to be) more 
modern. At worst, we end up with a stack that stays the way it is 
and gets another layer of glossy paint poured over it. Given the 
state of our industry, that's the more likely outcome. Any 
attempt to politically enforce anything more radical than that 
will be met with enormous and vicious resistance from companies, 
which I would expect to be successful.