e027: Trust Me; I Promise!

November 30, 2018 21:27 20.66 MB Downloads: 0

An intro to unsafe Rust and Rust’s idea of safety.

Show Notes

Errata

A quick correction: on the show I said that a trait needed to be unsafe when it had an unsafe fn method. This isn’t correct: safe traits can have unsafe methods, and unsafe traits can exist without any methods at all (as implied by my reference to Send and Sync). You can see this in practice in the following example, which compiles just fine!

trait ASafeTrait {
    unsafe fn unsafe_method() {}
}

unsafe AnUnsafeTrait {}

The idea of an unsafe trait is that it has some conditions which you must uphold to safely implement it – again, just as with Send and Sync. In the case of most traits, this will be because some trait method has invariants it needs to hold else it would cause undefined behavior. For another example of this, see the (unstable as of the time of recording) trait std::iter::TrustedLen.

Thanks to Rust language team member @centril for noting this to me after listening when I was recording the show live!

Links

Examples

Borrow-checked code in unsafe

let mut f = String::from("foo");

unsafe {
    let borrowed = &mut f;
    let borrow_again = &f;

    println!("{}", borrowed);

    // This would be unsafe and throw an error:
    // println!("{}", borrow_again);
}

(See it in a playground)

Safely mutating a raw pointer
let f = Box::new(12);
let mut g = Box::into_raw(f);
g = &mut (g + 10);

(See it in a playground)

Sponsors

Thanks to Parity for sponsoring the show again. Go check out their Rust jobs!

Patreon Sponsors

(Thanks to the couple people donating who opted out of the reward tier, as well. You know who you are!)

Become a sponsor

Contact