So when Herb says "And in Rust's case, that's going to need to be built out" if the interview was taking place five years ago that's an important point. But it wasn't five years ago, it was only a few weeks ago.
I'm not clear on how this is even possible. "Conformance" for C++ means adherence to the published ISO/IEC 14882 standard. In the case of Rust, it's "this is what the compiler does this week". Sure, a third party has built out a CI system for Rust and uses it provide evidence that Rust does what Rust does, but that's nothing similar to having evidence any random toolchain conforms to an accepted, published, international standard of what the C++ language does.
When it comes to providing test evidence for functional safety (for example ISO 26262 or IEC 61508) I can point to Perennial or Sold Sands results and say with confidence that my toolchain does what it says on the C++ box. When it comes to Rust, I can point to Ferrous and say "the core Rust language when built using rustc does what the rustc developers claimed it should do last week, excluding any crates or libraries." To which claim are you going to trust the lives of you and your loved ones?
They aren't analogous at all. There is just reams of marketing spin here and eventually it's going to kill someone.
The comment posted by jamesmunns will do much better job in describing the exact details than mine (both comments happened to be posted within 20 seconds, huh), so I'll just add that standards are meaningless by their own. Quite a lot of people criticizing Rust for the lack of formal standards seem to assume that such standards will immediately improve something, but that's never true. Standards are meaningful only when they are maintained and can be enforced; many historical standards failed to catch up and fell into the oblivion for this reason. It doesn't even matter much whether the specification is written in "formal" prose [2]. I feel they are missing the fundamental reason why language standards can be beneficial in principle.
[1] https://spec.ferrocene.dev/
[2] Which is never "formal" in the mathematical sense. (Mathematically formal language specifications are quite rare, examples include SML and WebAssembly.) In fact, such formal writing is slightly better than informal writing only because such writing also aims to be unambiguous, and the formality itself is not that important.
For each release of Ferrocene, this is kept up to date, and the same as C or C++, what is specified and stable can be relied upon, and implementation details are implementation details, the same as it would be if you switched from LLVM w/ SolidSands' SuperTest suite to IAR or GreenHills' toolchains which may have varying impl details but still maintain conformance with the specification.
The majority of safety critical teams will snapshot a single toolchain for the entire development lifecycle (sometimes updating if necessary, very rarely), but Ferrocene is releasing updates that are approaching the full Rust cadence (IIRC they've discussed going to every other release, so once every 12 weeks vs Rust's 6 week cadence), with all of the verification required to ensure the specification is still complete, and all tests are passing.
There's still work to specify and test more/all of the core/alloc/std library components, as well as third party crates, but from a toolchain perspective, it is much closer than you are giving them credit for. Unlike many proprietary C/C++ toolchains or verification suites, the majority of safety justification artifacts are publicly browseable here: https://public-docs.ferrocene.dev/main/index.html.
(I am a former founder of Ferrous Systems, and one of the people that pushed for the Ferrocene project to happen, but haven't worked there for a couple years and have no monetary stake in them anymore - I think they are just still doing the right thing, and doing it well.)
And that's a problem, because what it says is vague and not very helpful for the problem we actually wanted to solve. It's enough by fiat - the people responsible for 26262 wanted to be allowed to write C++, so the bar has to be low enough to be cleared by C++. This problem grows in magnitude as the software in a safety of life critical system grows.
To be clear: I don't think either of these general purpose programming languages is appropriate for use in safety of life applications. I think a provably correct program ought to be table stakes - But, a bar set low enough that you can write C++ is always going to be low enough for Rust to just step over it like it's barely even there.
Go with:
C++, because I used to code in C (for embedded, 8-bit microcontrollers) when I was younger and also for its possible advantage for learning some CUDA (this last thing is mostly for fun)
or
Rust, because I have some trauma for kernel panics with bad memory management back in the days with C, and because I want to build some tooling in a nice, efficient way
Also, you'd probably have found these quickly, but cppreference.com is the nicest C++ reference (!cppref on DuckDuckGo) and doc.rust-lang.org (!rust on DuckDuckGo) has the Rust standard library documentation.
If you already know C and Python, it would be a better and faster choice. I’m more a C++ expert, but I’ve written a few small command line tools in Rust and it looked a bit like the Python equivalents.
I dont want to comment about rust, but personally I just don't like ideological people. Also some people seem to not understand, that the set of all valid computer programs is greater than the set of all programs that can be proved correct. It is a fact and can be proven.
Imo C# is a well designed language and would be the best start to learn more about a modern statically typed language. Swift is also interesting, but its mostly apple and has similiar ideologic problems like rust (e.g. pointers are evil).
What exactly are you afraid of?
In similar vein, just so happens that yesterday I listened to discussion to folks outside of bigtech camp and it was much more insightful and introspective, although it is with creator of Zig and Odin language themselves instead of mere evangelists and methodologist book sellers. "Boundaries of Language Design" with Andrew Kelley & Ginger Bill [1] https://www.youtube.com/watch?v=3K8znjWN_Ig
To be fair, creators are the Jesus Christ in the context of evangelists. There is a strong belief why they created the language.
