Rust is a multi-paradigm systems programming language focused on safety, especially safe concurrency. Rust is syntactically similar to C++, but is designed to provide better memory safety while maintaining high performance.
This talk covers the following: principles of design, features, and applications. There are many successful projects used Rust, including browsers, operation systems, and database management systems, which will be also discussed in the talk.
2. Acknowledgment
Lots of contents in the following slides use contents from following sources.
Great thanks to the authors!
• http://pages.di.unipi.it/corradini/Didattica/AP-18/DOCS/HaozhongZhang-
IntroToRUST.pptx
• https://nikomatsakis.github.io/rust-latam-2019/
• http://www-verimag.imag.fr/~mounier/Enseignement/Software_Security/
19RustVsC.pdf
• https://fr.slideshare.net/yann_s/introduction-to-rust-a-lowlevel-language-with-
highlevel-abstractions
• https://www.slideshare.net/jaejukim9/rust-programming-language
• https://www.slideshare.net/rodolfoeduardofinochietti/introduction-to-rust-
language-programming
!2
3. About
• Liu, An-Chi 劉劉安⿑齊
• ID:微中⼦子、@tigercosmos
• BIME, National Taiwan University
• Rust Taiwan Community
• ONNC team @ Skymizer
• Tennis, Animations, Coding
3
4. What is Rust?
From the official website (http://rust-lang.org):
“Rust is a systems programming
language that runs blazingly fast,
prevents nearly all segmentation faults,
and guarantees thread safety. ”
!4
5. A brief history
Pre-2009
Graydone Hoare
terrible memory leakages/bugs in Firefox
2009
Mozilla
Corp.
Experimental web browser layout
engine: Servo
2013
Samsung Corp.
Joined
2015
v1.0 Stable Released!
2019
v1.34
2018 edition
!5
13. In the real world …
•Rust is the coating closest to the bare metal.
13
14. As a programming language …
•Rust is a system programming language barely on
the hardware.
• No runtime requirement (eg. GC/Dynamic Type/…)
• More control (over memory allocation/destruction/…)
• Zero-cost abstractions
• Anywhere you use C, you can use Rust
fn main() {
println!(“Hello, world!”);
}
14
15. More than that …
C/C++
more control,
less safety
Haskell/Python
less control,
more safety
more control,
more safety
Rust
15
30. What is safety?
typedef struct Dummy { int a; int b; } Dummy;
void foo(void) {
Dummy *ptr = (Dummy *) malloc(sizeof(struct Dummy));
Dummy *alias = ptr;
free(ptr);
int a = alias.a;
free(alias);
}
ptr
alias
.a
.b
Stack Heap
Dangling Pointer
Use after free
Double free
Aliasing Mutation
18
31. Rust’s Solution: Ownership &
Borrowing
Compiler enforces:
•Every resource has a unique owner.
•Others can borrow the resource from its owner.
•Owner cannot free or mutate its resource while it
is borrowed.
Aliasing Mutation
No need for runtime Memory safety Data-race freedom
19
37. Ownership
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
}
res
Stack Heap
owns
20
38. Ownership
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
}
res
Stack Heap
owns
res is out of scope and its resource is freed automatica
20
46. Ownership: Unique Owner
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
take(res);
println!(“res.a = {}”, res.a);
}
fn take(arg: Box<Dummy>) {
}
Ownership is moved from res to arg
Aliasing Mutation
22
47. Ownership: Unique Owner
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
take(res);
println!(“res.a = {}”, res.a);
}
fn take(arg: Box<Dummy>) {
}
Ownership is moved from res to arg
Aliasing Mutation
22
48. Ownership: Unique Owner
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
take(res);
println!(“res.a = {}”, res.a);
}
fn take(arg: Box<Dummy>) {
}
Ownership is moved from res to arg
arg is out of scope and the resource is freed automatically
Aliasing Mutation
22
49. Ownership: Unique Owner
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {
a: 0,
b: 0
});
take(res);
println!(“res.a = {}”, res.a);
}
fn take(arg: Box<Dummy>) {
}
Ownership is moved from res to arg
arg is out of scope and the resource is freed automatically
Compiling Error!
Aliasing Mutation
22
67. Mutability
•Every resource in Rust is immutable by default.
•mut is used to declare a resource as mutable.
struct Dummy { a: i32, b: i32 }
fn foo() {
let res = Box::new(Dummy{a: 0, b: 0});
res.a = 2048;
let borrower = &mut res;
}
Error: Resource is immutable
27
68. Mutability
•Every resource in Rust is immutable by default.
•mut is used to declare a resource as mutable.
struct Dummy { a: i32, b: i32 }
fn foo() {
let res = Box::new(Dummy{a: 0, b: 0});
res.a = 2048;
let borrower = &mut res;
}
Error: Resource is immutable
Error: Cannot get a mutable borrowing
of an immutable resource
27
71. Concurrency & Data-race Freedom
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {a: 0, b: 0});
std::thread::spawn(move || {
let borrower = &mut res;
borrower.a += 1;
});
res.a += 1;
}
Spawn a new thread
28
72. Concurrency & Data-race Freedom
struct Dummy { a: i32, b: i32 }
fn foo() {
let mut res = Box::new(Dummy {a: 0, b: 0});
std::thread::spawn(move || {
let borrower = &mut res;
borrower.a += 1;
});
res.a += 1;
}
Error: res is being mutably borrowed
res is mutably borrowed
Spawn a new thread
28
73. Type Error
!29
int main() {
unsigned int a = 4294967295;
int b = -1;
if (a == b)
printf("%u == %dn",a,b);
}
C
fn main() {
let a = 4294967295u32;
let b = -1i32;
if a == b {
┆ println!("{} == {}", a, b);
}
}
Rust
tiger@tiger:~$ rustc test.rs
error[E0308]: mismatched types
--> test.rs:4:13
|
4 | if a == b {
| ^ expected u32, found i32
error: aborting due to previous error
$ ./a.out
4294967295 == -1
74. No NULL
!30
enum Option {
Some(T),
None,
}
The inventor of NULL Tony Hoare apologized for inventing it at a
software conference called QCon London in 2009. He called it a
billion-dollar mistake.
• No null value struct Foo {
bar: Option<i32>,
}
fn main() {
let foo1 = Foo { bar: Some(3) };
let foo2 = Foo { bar: None };
}
76. Raw Pointers
•Raw Pointers are inevitable in the real world.
•Compiler does NOT check the memory safety of most
operations wrt. raw pointers.
•Most operations wrt. raw pointers should be encapsulated in
a unsafe {} syntactic structure.
32
77. Raw Pointers
let a = 3u32;
unsafe {
let b = &a as *const u32 as *mut u32;
*b = 4;
}
println!(“a = {}”, a);
I know what I’m doing
Print “a = 4”
33
But not recommended!
More: https://doc.rust-lang.org/nomicon/meet-safe-and-unsafe.html
84. Pattern Match
let x = 5;
match x {
1 => println!(“one”),
2 => println!(“two”),
3|4 => println!(“three or four”),
5 ... 10 => println!(“five to ten”),
e @ 11 ... 20 => println!(“{}”, e);
_ => println!(“others”),
}
Compiler enforces the matching is complete
40
85. Pattern Match
let x = Dummy{ a: 2048, b: 4096 };
match x {
Dummy{ a: va, b: vb } => va + vb,
}
match x {
Dummy{ a: va, .. } => println!(“a={}”, va),
}
41
104. Rust is Open
• Open-source
• Thousands of contributors
• Open-governance
• Owned by the people who build it, not any company
• Open-minded
• Find the best answer, not win the argument
!60
105. Ideas from People
• adopting the borrow checker (ownership and
borrowing)
• adopting the trait system
• adopting RFCs for decision making
• removing the runtime and garbage collector
• adopting cargo
• nightly, beta, and stable, and the 6-week releases
• introducing the Poll trait
!61
Each introduced by different people.
Each seems obvious now.
None were obvious at the time .