From Wikipedia, the free encyclopedia
sponsored by
Research, which describes it as a "safe, , practical language", supporting
paradigms. Rust is
similar to , but its designers intend it to provide better
whilst maintaining performance.
Rust is an
programming language. Its designers have refined the language through the experiences of writing the
and the Rust compiler. A large portion of current
to the project are from community members.
Rust won first place for "most loved programming language" in the
Developer Survey in 2016 and 2017; it is referenced in
as "oxidised metal".
A presentation from
that explains the key concepts necessary for successful Rust programming.
The goal of Rust is to be a language for highly concurrent and highly safe , and "programming in the large", that is, creating and maintaining boundaries that preserve large-system integrity. This has led to a feature set with an emphasis on safety, control of , and . Performance of idiomatic Rust is comparable to the performance of idiomatic C++.
The concrete
of Rust is similar to
and , with blocks of code delimited by , and
keywords such as , else, while, and for. Not all C or C++ keywords are implemented, however, while some Rust functionality (such as keyword
for pattern matching) will be less familiar to programmers coming from these languages. Despite the superficial resemblance to C and C++, the syntax of Rust in a deeper sense is closer to that of the
of languages. Nearly every part of a function body is an expression, even control flow operators. For example, the ordinary if expression also takes the place of . A function does not need to end with a return the last expression in the function is used as the return value.
This program prints the string "" to
and exits.
fn main() {
println!("Hello, world!");
The system is designed to be , and it does not permit , , or
in safe code. Data values can only be initialized through a fixed set of forms, all of which require their inputs to be already initialized. To replicate the functionality in other languages of pointers being either valid or NULL, such as in linked list or binary tree data structures, the Rust core library provides an , which can be used to test if a pointer has Some value or None. Rust also introduces additional syntax to manage , and the compiler reasons about these through its borrow checker.
Rust does not use an
system like those used by ,
or . Instead, memory and other resources are managed through
(RAII), with optional reference counting. Rust provides deterministic management of resources, with very low overhead.[] Rust also favors
of values and does not perform implicit .
There is also a concept of references (using the & symbol), which do not involve run-time reference counting. The safety of using such pointers is verified at compile time by the borrow checker, preventing
and other forms of .
supports a mechanism similar to , called "", inspired directly by the . This is a facility for , achieved by adding constraints to type variable declarations. Other features from Haskell, such as , are not yet supported.
Rust features , for variables declared with the let keyword. Such variables do not require a value to be initially assigned to determine their type. A
error results if any branch of code fails to assign a value to the variable. Variables assigned multiple times must be marked with the mut keyword.
Functions can be given generic , which usually require the generic type to implement a certain trait or traits. Within such a function, the generic value can only be used through those traits. This means that a generic function can be type-checked as soon as it is defined. This is in contrast to , which are fundamentally
and cannot be checked until instantiated with concrete types.
However, the implementation of Rust generics is similar to the typical implementation of C++ templates: a separate copy of the code is generated for each instantiation. This is called monomorphization and contrasts with the
scheme typically used in Java and Haskell. The benefit of monomorphization is optimized code for ea the drawback is increased compile time and size of the resulting binaries.
The object system within Rust is based around implementations,
and . Implementations fulfill a role similar to that of
within other languages, and are defined with the impl keyword.
ar they allow
to be defined and
to implementations. Structured types are used to define fields. Implementations and traits cannot define fields themselves, and only traits can provide inheritance. Among other benefits, this prevents the
of , as in C++. In other words, Rust supports interface inheritance, but replaces implementation inheritance with , see .
The language grew out of a personal project started in 2006 by Mozilla employee , who stated that the project was possibly named after the . Mozilla began sponsoring the project in 2009 and announced it in 2010. The same year, work shifted from the initial
(written in ) to the
written in Rust. Known as rustc, it successfully
in 2011. rustc uses
The first numbered
of the Rust compiler occurred in January 2012. Rust 1.0, the first stable release, was released on May 15, 2015. Following 1.0, stable point releases are delivered every six weeks, while features are developed in nightly Rust and then tested with alpha and beta releases that last six weeks.
In addition to conventional , before version 0.4, Rust also supported . The typestate system modeled assertions before and after program statements, through use of a special check statement. Discrepancies could be discovered at compile time, rather than when a program was running, as might be the case with
in C or C++ code. The typestate concept was not unique to Rust, as it was first introduced in the language . Typestates were removed because in practice they found little use, though the same functionality can still be achieved with .
The style of the object system changed considerably within versions 0.2, 0.3 and 0.4 of Rust. Version 0.2 introduced classes for the first time, with version 0.3 adding a number of features including destructors and polymorphism through the use of interfaces. In Rust 0.4, traits were added as a means to interfaces were unified with traits and removed as a separate feature. Classes were also removed, replaced by a combination of implementations and structured types.[]
Starting in Rust 0.9 and ending in Rust 0.11, Rust had two built-in pointer types, ~ and @, simplifying the core memory model. It reimplemented those pointer types in the standard library as Box and (the now removed) Gc.
In January 2014, the editor-in-chief of , Andrew Binstock, commented on Rust's chances to become a competitor to C++, as well as to the other upcoming languages ,
(then Nimrod): according to Binstock, while Rust was "widely viewed as a remarkably elegant language", adoption slowed because it repeatedly changed between versions.
Rust was the third most loved programming language in the 2015 Stack Overflow annual survey, and took first place in 2016 and 2017.
This section relies too much on
to . Please improve this section by adding . (October 2017) ()
It has been suggested that this section be
out into another article. () (October 2016)
itself is written in Rust.
Other projects developed in Rust include:
Web browser oriented:
– Mozilla's new
developed in collaboration with
– a project, composed of several sub-projects, to improve the
of , developed by Mozilla
Build tool oriented:
Cargo – Rust's
Habitat – a build and deployment tool from
Operating system oriented:
Magic Pocket – 's
that powers their Diskotech
storage machines
Stratis - a file system planned for Fedora 28
- an embedded operating system
Railcar – a
Other projects:
Exonum - an extensible open-source framework for building secure permissioned
applications
CITA - a fast and scalable permissioned
for production
– used in two of its components
Piston – a
Amethyst – a ,
OnePush – a notification delivery system developed by OneSignal
REmacs – a port of
MAIDsafe – a
Internet project currently being developed by a team in
Lucidscape Mesh – a distributed real-time simulation engine for virtual reality
– an anonymity network – is actively porting to Rust away from C for its security features.
Pijul – a
system inspired by
Rustation - a
Parity - a
and wallet management application
'Spellbound' - an unnamed
TiKV - a distributed
for TiDB, a distributed
Xi - a free modern
Grin - Grin is an open source
software project that implements a
. blog.rust-lang.org. .
. . . Archived from
. Rust compiler source repository.
2017. Rust is not a particularly original language, with design elements coming from a wide range of sources. Some of these are listed below (including elements that have since been removed): SML, OCaml [...] C++ [...] ML Kit, Cyclone [...] Haskell [...] Newsqueak, Alef, Limbo [...] Erlang [...] Swift [...] Scheme [...] C# [...] Ruby [...] NIL, Hermes
. . I just added the outline of a Result library that lets you use richer error messages. It's like Either except the names are more helpful. The names are inspired by Rust's Result library.
. . Archived from
on December 25, 2014. They are inspired by linear types, Uniqueness Types in the Clean programming language, and ownership types and borrowed pointers in the Rust programming language.
. Rust-lang.org.
Noel (). . Lambda the Ultimate.
. Rust-lang.org 2016.
Peter Bright (). . Arstechnica.com.
. Github.com.
. Stack Overflow.
. Stack Overflow.
Walton, Patrick (). . It's impossible to be 'as fast as C' in all cases while remaining safe ... C++ allows all sorts of low-level tricks, mostly involving circumventing the type system, that offer practically unlimited avenues for optimization. In practice, though, C++ programmers restrict themselves to a few tools for the vast majority of the code they write, including stack-allocated variables owned by one function and passed by alias, uniquely owned objects (often used with auto_ptr or the C++0x unique_ptr), and reference counting via shared_ptr or COM. One of the goals of Rust's type system is to support these patterns exactly as C++ does, but to enforce their safe usage. In this way, the goal is to be competitive with the vast majority of idiomatic C++ in performance, while remaining memory-safe ...
. The Rust Programming Language FAQ 2016.
Rosenblatt, Seth (). . [Brendan Eich] noted that every year browsers fall victim to hacking in the annual Pwn2Own contest at the CanSecWest conference. "There's no free memory reads" in Rust, he said, but there are in C++. Those problems "lead to a lot of browser vulnerabilities" and would be solved by Rust, which is a self-compiling language.
Brown, Neil (). . ... Other more complex data structures could clearly be implemented to allow greater levels of sharing, while making sure the interface is composed only of owned and managed references, and thus is safe from unplanned concurrent access and from dangling pointer errors.
. static.rust-lang.org. 2015. Archived from
Walton, Patrick (). .
. Reddit.com. .
. . At Mozilla Summit 2010, we launched Rust, a new programming language motivated by safety and concurrency for parallel hardware, the “manycore” future which is upon us.
Hoare, Graydon (7 July 2010).
(pdf). Mozilla Annual Summit 2010. Whistler, Canada 2017.
Hoare, Graydon (). . Archived from
Hoare, Graydon (). . After that last change fixing the logging scope context bug, looks like stage1/rustc builds. Just shy of midnight :)
catamorphism (). .
The Rust Core Team (May 15, 2015). .
Strom, Robert E.; Yemini, Shaula (1986).
(PDF). IEEE Transactions on Software Engineering.  .
Walton, Patrick (). . Pcwalton.github.com.
Binstock, Andrew. . Dr Dobb's.
. Stackoverflow.com.
. Stack Overflow.
. Stack Overflow.
Herman, Dave (). . Hacks.mozilla.org.
Serdar Yegulalp (3 April 2015). . InfoWorld.
Frederic Lardinois (3 April 2015). . TechCrunch.
Bryant, David. . Medium 2016.
. Wired.com. .
Yegulalp, Serdar. . infoworld 2016.
. Marksei, Weekly sysadmin pills.
. Tock Embedded Operating System.
. 29 June . Why Rust? (…) Rust sits at a perfect intersection of [C and Go]: it has memory safety and higher-level primitives, but doesn't sacrifice low level control over threading and therefore can handle namespaces properly.
Balbaert, Ivo. . Packt Publishing. p. 6.   2016.
Frank, Denis. . OpenDNS Security Labs 2016.
Denis, Frank. . OpenDNS Security Labs 2016.
. Piston.rs.
. Amethyst.rs.
. OneSignal. .
Larabel, Michael (). . phoronix.com.
. MaidSafe.net.
. Lucidscape.com.
Hahn, Sebastian (). .
n/a, ans (). . Tor Blog.
S?nsteb?, David (). .
. pijul.org 2017.
Find more aboutRust (programming language)at Wikipedia's
from Wikimedia Commons
from Wikiversity
 – electronic mailing list
on  – primary source code repository and bug tracker
on  – implementations of common algorithms and solutions
 – web book
 – active dev community language development and support
 – interactive comparison
: Hidden categories:内存所有权
和生命周期
作者:Nicholas Matsakis
linux.conf.au 2014
译者:Liigo (根据现场视频整理)
RUST是开源项目
我们很荣幸拥有一个活跃而富有激情的社区,并从中受益。
译者Liigo注:
https://github.com/mozilla/rust/
https://github.com/mozilla/rust/wiki
https://mail.mozilla.org/listinfo/rust-dev
http://chat.mibbit.com/?server=irc.mozilla.org&channel=%23rust
http://reddit.com/r/rust
https://plus.google.com/communities//
(Rust中文圈@Google+)
使命:发展并守护开放的互联网SERVo:浏览器引擎
用什么语言开发?C++?
数百万行C++代码
可以达到所需性能
却没有任何安全保证
为什么用Rust?
C/C++有很强的控制性、很弱的安全性
Haskell有很强的安全性、很弱的控制性
Java、Python/Ruby 介于两者之间,控制性和安全性都较弱
Rust同时拥有很强的控制性和很强的安全性
C++是一把双刃剑
map&int, Record&
m[i] = ...
Record &r = m[i];
m是在栈上创建的,函数返回后被销毁
而函数返回值 r 却引用了m内的成员
此后必然导致悬空指针的错误
(后面的配图形象地解释了上述结果,略)
十分形象的网络漫画
(配图:两个动物拿砖砌墙,相互争吵拆台,最后打在一起,墙也倒塌了。用以形容C++开发过程的混乱。)
C++有许多未被严格执行的安全规则:
所有申请的内存都必须释放,且只能释放一次
避免悬空指针和(多线程下的)数据竞争(data race)
常规解决方案
部署垃圾回收器(GC):
有运行时开销、不可预测的停顿
很难与C语言 和/或 其他虚拟机集成
Rust的解决方案
编译器负责检查执行安全规则
不要求有运行时(Runtime)
信任值得信任的:
Rust从C、C++、Cyclone、Haskell、Erlang借鉴了许多。
Rust支持高效模式:
“指向栈和数据结构”的指针
“拥有共享内存”的多线程
阻止糟糕的Bug产生:
没有悬空指针,没有内存泄漏
没有数据竞争(data race)
可选的运行时(runtime)(运行时不是必须的):
适用于编写操作系统内核、嵌入式代码
易于跟其他语言和项目集成
本次演讲内容
“没有崩溃”的指针
“没有数据竞争”的多线程
例外(Breaking the rules)
未涉及的内容
模式匹配 (pattern matching)
特征(Trait)(类型分类)
可选的垃圾回收器(GC)
“没有崩溃”的指针
(配图提到了多种编程语言的内存管理,或者有很强的控制性(malloc)、很弱的安全性,或者有很弱的控制性(GC)、很高的安全性,均有至少某一方面的欠缺。)
Rust语言却通过管理内存的
所有权(ownership)和租借(borrowing)
同时做到了很强的控制性和很高的安全性所有权(Ownership)
(一块内存,或对象)同一时刻只有一个所有者(Owner)
只有所有者具有读写该内存的权限(除非所有权被租借)
一旦所有者被释放,它拥有的内存也被自动释放
译者Liigo注:
通俗的说,所有权是指:“指针持有内存”、“变量持有对象”
在Rust语言中,如果存在一个指针变量指向对象内存首地址
同一时刻就不可能有另一个指针变量指向该对象内存首地址
这一约束由Rust编译器在编译期间给予强力保证
这意味着对象不可能在别处被修改
用C/C++的话说,Rust不可能有悬空指针(raw指针例外)
所有权的转移(transfer)
所有权可以被转移
所有权被转移给新任所有者之后
前任所有者自动失去所有权
译者Liigo注:
失去所有权 之后,就不可能访问那块内存了,
从而杜绝了悬空指针产生的可能性
所有权的租借(borrowing)
租借不改变内存的所有者
在租借期内,租借者可以读写这块内存
在租借期内,所有者不再被允许读写这块内存
在租借期内,内存所有者保证不会释放/转移/租借这块内存
租借期满后,内存所有者收回读写权限
不允许租借者把内存引用带到租借期以外
(租借期通常就是租借者变量的生命周期?)
译者Liigo注:以上种种约束的实现机制
是Rust类型安全系统和内存安全系统的一部分
是由Rust编译器在编译期间给予静态保证的小结
所有权(Ownership):
同一时刻只能有一个所有者
所有者可以释放(free)和移动(move)内存
一旦被moved,原所有者就不能读写了
租借(Borrowing):
引用(租借)不得超出所有者的生存周期
租借期内,内存不能被转移(transferred)
译者Liigo:术语move 和 transfer 的区别?
没有数据竞争的多线程
数据竞争:
多个线程同时读写同一块内存(shared memory)
通常,多线程:
可控性越强(共享内存),安全性越低
可控性越弱(采用actors,没有共享内存),安全性越高
而Rust只采用安全的机制在多个线程间共享数据
(sharing only via safe mechanisms)
(可控性强,安全性高)Rust里的多线程
默认情况下,没有共享内存
通过消息传递(Messaging)转移数据
(Messaging allows data to be transferred)
启动一个线程:
let m = HashMap::new();
spawn(proc {
use(m); // m被移动(move)到子线程
译者Liigo注:这里隐含了内存所有权的转移消息传递:Channel & Port
let (port, chan) = Chan::new();
chan.send(data);
let data = port.recv();
通过管道传递消息(内存所有权转移)
译者Liigo注:
通过转移内存所有权传递消息
避免了内存共享和内存拷贝
既安全,又高效不可变的共享内存
共享的内存必须是不可变的(immutable)或者锁保护的
把要共享的数据放到ARC对象里:
ARC是该数据的所有者
ARC只提供“不可变引用”的接口(保证数据不被修改)
译者Liigo注:
std::sync::Arc 是标准库内定义的数据结构
An atomically reference counted wrapper for shared state.
默认没有共享内存
创建线程和传递消息时,转移内存
以库的形式提供对共享内存的支持
但仅限于只读的共享内存
或者锁保护的共享内存例外(breaking the rules)
允许编写不安全代码块
要求编译器信任程序员
程序员获得最大的控制权,同时也丧失了一定的安全性
应尽量避免编写unsafe代码
除非追求性能,或实现特殊需求(tasks,arc)小结
Rust坚持强制性的安全约束,而不需要强制性的runtime
通过所有权和租借,达成内存安全
通过proc、消息传递、ARC,达成多线程安全
通过unsafe代码,打开应急舱口
(Rust Logo)
rust-lang.org
irc.mozilla.org #rust
reddit.com/r/rust
