-
Book Overview & Buying
-
Table Of Contents
Rust for C++ Developers
By :
Calling foreign functions requires the use of the unsafe keyword because there is no way the Rust compiler can guarantee that they follow Rust's safety rules. This introduces potential risks such as memory corruption or undefined behavior, which could lead to crashes or other bugs. To manage this, we need a strategy to mitigate the risks and dangers that can be posed by unsafe code while still benefiting from FFI.
Unsafe Rust code allows operations that normally wouldn't be allowed in Rust code, including the ability to dereference raw pointers and access the fields of unions. While these operations can be essential for dealing with foreign code, we often want to hide them behind safe interfaces to ensure that anyone using our bindings is able to benefit from Rust's compile-time checking in their own code.
How do we create a safe interface to an unsafe library? The answer is more art than science, so different solutions will look good...