“AI 写的 C++ 代码，客观上比人类更烂”，吴咏炜对话 Adobe 首席科学家 David Sankel｜近匠

Core Viewpoint - C++ remains an irreplaceable language for achieving extreme performance through absolute control over low-level operations, despite facing challenges from emerging languages like Rust and the impact of AI programming paradigms [1]. Group 1: Memory Safety and Code Vulnerabilities - Most memory safety vulnerabilities originate from newly written code rather than legacy systems, primarily due to the "code hardening" process that occurs over time in older codebases [10][11]. - C++ has not fundamentally eliminated memory-related vulnerabilities, as developers can still easily write code that leads to out-of-bounds access, similar to issues seen in C [12][13]. - The adoption of advanced dynamic analysis tools in C++ is limited due to high configuration costs and a lack of awareness among developers [13][14]. - Even with the use of sanitizers, C++ code continues to exhibit a significantly higher number of memory safety vulnerabilities compared to Rust, with Google reporting C++ vulnerabilities being nearly 1000 times more frequent than those in Rust [15][16]. Group 2: C++'s Unique Value Proposition - C++ offers a unique niche by allowing developers to trade off the risks of "undefined behavior" for maximum performance, which is difficult to replicate in languages like Rust [17][18]. - The historical inertia of C++ is significant, as many established libraries and codebases have been optimized over decades, making it impractical to rewrite them in newer languages [20]. - The productivity paradox arises where Rust's safety features may lead to increased code complexity and reduced productivity compared to C++, despite reports of higher productivity for Rust developers in certain domains [21][22]. Group 3: Tooling and Ecosystem Challenges - C++ suffers from a fragmented compiler ecosystem, making it challenging to distribute precompiled libraries and manage dependencies effectively [27][28]. - The lack of a unified package management system in C++ contrasts sharply with Rust's modern package management ecosystem, which significantly enhances developer productivity [27][29]. - The C++ standardization process has focused primarily on language specifications, neglecting the development of a cohesive tooling ecosystem, which has hindered its evolution [29][32]. Group 4: AI in Programming - AI-generated code has been found to be less secure in C++, with developers often overestimating its reliability compared to their own code [39][40]. - In contrast, Rust's strict syntax and features make it more challenging for AI to generate unsafe code, as incorrect code will not compile [41][42]. - The integration of AI tools in programming workflows has shifted the focus from writing code to reviewing AI-generated code, which can be frustrating for developers [38][39]. Group 5: Undefined Behavior and Future Proposals - Ongoing proposals aim to address undefined behavior in C++, with the introduction of the concept of "erroneous behavior" in C++26 being a notable development [44][45]. - There is a concern that some proposals related to undefined behavior may lack practical implementation strategies, potentially diverting attention from more effective solutions [45][46].