| # Meet Safe and Unsafe |
| |
|  |
| |
| It would be great to not have to worry about low-level implementation details. |
| Who could possibly care how much space the empty tuple occupies? Sadly, it |
| sometimes matters and we need to worry about it. The most common reason |
| developers start to care about implementation details is performance, but more |
| importantly, these details can become a matter of correctness when interfacing |
| directly with hardware, operating systems, or other languages. |
| |
| When implementation details start to matter in a safe programming language, |
| programmers usually have three options: |
| |
| * fiddle with the code to encourage the compiler/runtime to perform an optimization |
| * adopt a more unidiomatic or cumbersome design to get the desired implementation |
| * rewrite the implementation in a language that lets you deal with those details |
| |
| For that last option, the language programmers tend to use is *C*. This is often |
| necessary to interface with systems that only declare a C interface. |
| |
| Unfortunately, C is incredibly unsafe to use (sometimes for good reason), |
| and this unsafety is magnified when trying to interoperate with another |
| language. Care must be taken to ensure C and the other language agree on |
| what's happening, and that they don't step on each other's toes. |
| |
| So what does this have to do with Rust? |
| |
| Well, unlike C, Rust is a safe programming language. |
| |
| But, like C, Rust is an unsafe programming language. |
| |
| More accurately, Rust *contains* both a safe and unsafe programming language. |
| |
| Rust can be thought of as a combination of two programming languages: *Safe |
| Rust* and *Unsafe Rust*. Conveniently, these names mean exactly what they say: |
| Safe Rust is Safe. Unsafe Rust is, well, not. In fact, Unsafe Rust lets us |
| do some *really* unsafe things. Things the Rust authors will implore you not to |
| do, but we'll do anyway. |
| |
| Safe Rust is the *true* Rust programming language. If all you do is write Safe |
| Rust, you will never have to worry about type-safety or memory-safety. You will |
| never endure a dangling pointer, a use-after-free, or any other kind of |
| Undefined Behavior (a.k.a. UB). |
| |
| The standard library also gives you enough utilities out of the box that you'll |
| be able to write high-performance applications and libraries in pure idiomatic |
| Safe Rust. |
| |
| But maybe you want to talk to another language. Maybe you're writing a |
| low-level abstraction not exposed by the standard library. Maybe you're |
| *writing* the standard library (which is written entirely in Rust). Maybe you |
| need to do something the type-system doesn't understand and just *frob some dang |
| bits*. Maybe you need Unsafe Rust. |
| |
| Unsafe Rust is exactly like Safe Rust with all the same rules and semantics. |
| It just lets you do some *extra* things that are Definitely Not Safe |
| (which we will define in the next section). |
| |
| The value of this separation is that we gain the benefits of using an unsafe |
| language like C — low level control over implementation details — without most |
| of the problems that come with trying to integrate it with a completely |
| different safe language. |
| |
| There are still some problems — most notably, we must become aware of properties |
| that the type system assumes and audit them in any code that interacts with |
| Unsafe Rust. That's the purpose of this book: to teach you about these assumptions |
| and how to manage them. |
