C++

Improper pointer arithmetic and buffer bound checking lead to buffer overflows, memory corruption, and security vulnerabilities. Developers must carefully validate array bounds and sanitize user input to prevent these issues.

Out-of-range access on containers like vectors is not checked at runtime by default, unlike Java. Without explicit `.at()` calls, array access bugs silently corrupt memory.

Legacy C++ code using custom memory management exhibits undefined behavior after compiler upgrades (e.g., g++4 to g++11), manifesting as memory leaks and crashes. Modern solutions like `std::unique_ptr` are not always viable for existing codebases.

C++ is extremely unsafe, supporting all undefined behaviors from C (buffer overflows, pointer misuse) plus new undefined behavior from templates (invisible specializations). Iterator invalidation creates dangerous undefined behavior, and complexity makes it difficult for developers to understand what code actually does or prove correctness, increasing defect rates.

Providing C++ interfaces to software components is impossible in practice due to lack of compile-time and runtime interoperability. When versions are upgraded, code becomes inconsistent and fails in unpredictable ways. This forces vendors to expose only C interfaces instead, limiting expressiveness.

Dangling pointers—pointers to deallocated or invalid memory—cause undefined behavior and program crashes. They occur when pointers are not updated after the memory they reference is deallocated, resulting in data corruption or crashes.

C++ requires private class members to be written in header files, making them effectively part of the public interface. Any change to private members forces recompilation of all code using the class, defeating encapsulation benefits and severely impacting development velocity.

C++ inherent complexity—including manual memory management and multiple inheritance—overwhelms developers. 46% cite programming complexity as a major challenge, leading to longer development times, increased debugging efforts, and higher bug risk.

C++ lacks a standard dependency manager like Rust's Cargo or Python's pip. Solutions like Conan and vcpkg are difficult to use; CPM is more promising but not standard.

Simplistic header inclusion via preprocessor leads to circular dependencies and fragile link orders. The linker processes libraries sequentially and ignores previously seen symbols if needed later, causing debugging nightmares.

Templates in C++ are compiled slowly, adding significant overhead to build times, especially problematic when templates must be defined in headers.

32-52.6% of C++ developers encounter compatibility and portability issues across platforms, operating systems, and compilers. Code adjustments for different systems can be time-consuming, especially with legacy code, resulting in platform-specific bugs and increased maintenance costs.

Build time remains a significant pain point for C++ developers, with 43% reporting it as a major issue. Multiple systemic reasons contribute to slow builds, though there is a slight downward trend indicating some ecosystem improvement.

Coroutines in C++ are complex to understand and use in practice, with poor documentation and limited adoption despite being standardized.

54% of C++ developers struggle with performance optimization. Achieving optimal performance requires careful memory management, algorithm optimization, and platform-specific considerations, impacting execution speed and user experience.

Refactoring operations (rename, extract method, code cleanup) are the top pain points in C++ IDEs, indicating widespread lack of automated refactoring tooling.

Popular compiler implementations like Apple Clang lag years behind standard releases. As of July 2024, Apple Clang lacks std::expected, std::jthread, and std::stop_token, forcing developers to work around missing features.

When using strict compiler warning settings, third-party libraries often generate warnings that are hard to suppress across all platforms. Transitive header inclusions make it nearly impossible to silence warnings in external code.

Configuring development toolchains and integrated development environments presents a significant barrier for C++ developers.

Runtime Type Information (RTTI) introduces performance overhead and increases binary size, which is critical in embedded systems. Some developers avoid RTTI due to security concerns like aiding reverse engineering, creating tension between pragmatic use and performance requirements.

Approximately 31% of C++ developers report setting up continuous integration pipelines as a major or minor pain point. The challenge involves automated builds, tests, and deployment—with persistent difficulty despite slight improvements.

Core standard library components like std::vector, std::regex, and language features like contracts and modules are broken or half-baked with no clear improvement path.

It's difficult to determine if a third-party library will work across all target platforms (Windows, macOS, Linux, Android, iOS). Libraries rarely provide guarantees due to ecosystem volatility.

C++ compiler messages are unhelpful when template code is incorrect, making debugging difficult. C++20 concepts help but require significant effort to understand.

C++ lacks standard types for basic data structures like strings, arrays, and lists, or has multiple competing standards and non-standard implementations. Each interface works with different string/container variants, making code reuse difficult and forcing runtime type conversions, reducing performance and maintainability.

There is no standardized way to structure multithreaded code in C++, leaving developers to create bespoke solutions.

The condition variable implementation in the standard library is plagued by spurious wake-ups and has unnecessarily complicated syntax compared to other languages.

STL implementations excessively inline code and ignore custom allocator type members, limiting optimization opportunities and making memory management customization ineffective in performance-critical scenarios.

String manipulation in C++ is cumbersome and lacks convenience functions. UTF-8 support is only now emerging in the standard library after years of using workarounds.

Pointer tagging—packing additional data into unused pointer bits—lacks universal portability across systems. Developers struggle to verify whether certain pointer bits are actually unused on a given target system, limiting practical application despite hardware design opportunities.

Opening files and loading large C++ projects is slow, and navigation between header and source files is cumbersome, causing delays during development.

Macros are powerful but extremely tempting to misuse, especially for newcomers. They remain widely used throughout codebases despite their difficulty and propensity to introduce hard-to-find bugs.

C++ iostream library uses static constructors causing unavoidable overhead even when unused. Default synchronization with stdio.h causes performance problems in I/O intensive applications. Misuse of std::endl (which flushes) instead of newlines is a common performance trap. Large standard library usage forces header inclusion overhead.

C++ RTTI provides only the type name without full type information, and type naming is not standardized across compilers, limiting reflection capabilities and making type-based dispatch unreliable across platforms.

Aligning code to project coding standards and automatically enforcing style conventions is a pain point in C++ development workflows.

C++ lacks variable-length arrays (VLAs) from C99, forcing developers to use heap allocation or fixed-size arrays as workarounds, adding complexity and runtime overhead for stack-based dynamic sizing.

Developers struggle with updating SQLite in C++ projects. Modifying third-party dependencies makes updates difficult, and developers often resort to compiling SQLite from source with custom defaults baked in rather than modifying framework dependencies.

STL iterators and algorithm calls are verbose and cumbersome. Common operations like finding elements in `std::set` lack template-based convenience methods, forcing developers to use verbose iterator-based approaches.

The `auto` keyword for type inference outside templates is a weakly-typed feature that removes helpful type information for readers while increasing reliance on compiler correctness, similar to implicit type casting issues.

C++ operator overloading rules are arbitrary, irregular, and clumsy. Examples include asymmetric pre/postincrement operator definitions and inconsistent nothrow-new behavior, making the feature unpredictable and error-prone.