“AI 写的 C++ 代码，客观上比人类更烂”，吴咏炜对话 Adobe 首席科学家 David Sankel

Core Insights - C++ remains irreplaceable for achieving absolute control over performance, despite facing challenges from languages like Rust and the rise of AI programming [1] - The discussion highlights the complexities and vulnerabilities associated with modern coding practices, particularly in C++ [2] Group 1: Memory Safety and Vulnerabilities - Most memory safety vulnerabilities originate from newly written code rather than legacy systems, primarily due to the "code hardening" process that old code undergoes under security scrutiny [4][5] - New code lacks the maturity and scrutiny that older code has faced, leading to a higher incidence of vulnerabilities [6] - C++ still inherits many unsafe characteristics from C, making it difficult to eliminate memory-related vulnerabilities entirely [7][11] Group 2: Tools and Ecosystem - Despite the availability of advanced dynamic analysis tools, their adoption in the C++ ecosystem is limited due to high configuration costs and a lack of awareness among developers [8][9] - Even with the best practices enforced, significant memory vulnerabilities persist in C++ code, as evidenced by Google's findings [10][12] Group 3: Performance vs. Safety - C++ offers unmatched performance by allowing developers to take risks with undefined behavior, which is crucial in high-performance applications like high-frequency trading and gaming [13][15] - The historical inertia of C++ and the vast amount of legacy code contribute to its continued dominance in certain sectors, despite the emergence of safer languages [16][18] Group 4: AI in Programming - AI-generated code poses risks, particularly in C++, where it tends to produce less secure code compared to human-written code [35] - The reliance on AI tools necessitates careful review by developers, as AI-generated outputs can introduce significant errors [33][34] Group 5: Undefined Behavior and Future Proposals - Ongoing proposals aim to address undefined behavior in C++, with the introduction of concepts like "erroneous behavior" in future standards [38] - The evolution of CPU architectures allows for more efficient safety checks, suggesting a shift in how undefined behavior is perceived in the context of performance [40][42]