[Ygg2]

> They didn't like C/C++

Riiiight. You do realize they made syntax similar to C/C++ on purpose to ease Mozilla's C/C++ programmers into it.

It's not that they didn't like it; it's that C/C++ is about as disinterested in memory/thread safety as you can get. It's been what, ten years since Rust became 1.0? And the safety needle of C++ hasn't budged a femtometer.

> Quite a bit of idiomatic and safe (yes that does exist) C++

Sure, so does legible Brainfuck. However, it's extremely challenging to write it. It usually takes years and years of effort, chasing down obscure bugs.

> Like converting C++ to C#.

If you can take GC pause and not wince, sure, go for it. Not everyone can take that luxury.

[tialaramex]

> And the safety needle of C++ hasn't budged a femtometer.

That's not fair. C++ 26 gets from the uninitialized primitives by default being a massive footgun to only slightly worse than using Rust's unsafe core::mem::uninitialized function - which was deprecated in 2019.

Now, sure, in a good language this mistake shouldn't even compile, so C++ moved from "Reprehensibly awful, do not use" to "Very bad". But that's more than a femtometer.

[array_key_first]

C++ is much more safe than C and has numerous safety contracts that are impossible to represent in C. Its always weird when C and C++ are thrown together.

Barne has talked about it, but one of the primary reasons he created C++ was to address safety issues in C. And he's talked about this since the early 90s.

Like access modifiers and private by default. Something we take for granted now, but something which is impossible in C.

Or std::vector. Unlike array in C, it won't blow up if you add too much stuff to it. Again, obvious, but at the time, revolutionary.

Or exceptions! We take them for granted to!

No more forgetting to check errno! No, if you don't catch an exception your program terminates, so you have to handle errors.

Or, the biggest one of all: RAII and ownership. Might sound familiar to rust devs!

Point is, C++ is not C. That's why C++ exists. Its not safe, but it's much, much safer.

[Ygg2]

> C++ is much more safe than C

The issue Mozilla faced wasn't that it wasn't safer than C. It's that it was not safe enough for their needs. A chainsaw is safer than a saw blade; you still don't want to trim your beard with it.

And the C++ working group, to this day, hasn't even moved one inch to accommodate those needs. As another commenter noted, they added a feature for C++26 that Rust abandoned circa 2019.

They couldn't multithread the components like compositor and renderer as much as they would have liked, even with all the caveats.

[array_key_first]

> The issue Mozilla faced wasn't that it wasn't safer than C. It's that it was not safe enough for their needs.

I would agree with this for most use cases. My main qualm is lumping together C and C++.

It's like lumping together Rust and JS, because they're both memory safe. But Rust is WAY more safe. JS is, overall, an extremely footgunny language.

In my view, the jump from C to C++ is about the same as the jump from Rust to JS, potentially even bigger.