According to this chapter in the Rust Book, it is possible to leak memory by creating a cycle of pointers:
Rust’s memory safety guarantees make it difficult, but not impossible, to accidentally create memory that is never cleaned up (known as a memory leak). Preventing memory leaks entirely is not one of Rust’s guarantees in the same way that disallowing data races at compile time is, meaning memory leaks are memory safe in Rust. We can see that Rust allows memory leaks by using
Rc<T>
andRefCell<T>
: it’s possible to create references where items refer to each other in a cycle. This creates memory leaks because the reference count of each item in the cycle will never reach 0, and the values will never be dropped.
There exist alternatives like "weak pointers" that would allow you to create self-referential structures that could still be cleaned up when dropped. In fact, using Weak<T>
is actually suggested later in that chapter.
Why does Rust consider this safe? Why is this an instance where the language does not do anything to prevent 'bad programmer behaviour'?
Memory safety in RustRust ensures memory safety at compile time using its innovative ownership mechanism and the borrow checker built into the compiler. The compiler does not allow memory unsafe code unless it's explicitly marked as unsafe in an unsafe block or function.
Rust's memory safety guarantees make it difficult, but not impossible, to accidentally create memory that is never cleaned up (known as a memory leak). Preventing memory leaks entirely is not one of Rust's guarantees, meaning memory leaks are memory safe in Rust.
Rust does not prevent memory leaks. It encourages RAII, much like good C++, and additionally does have the borrow checker to make sure that references can't outlive the object. But you can still leak with Rc loops or just calling mem::forget .
Memory leak occurs when programmers create a memory in heap and forget to delete it. The consequences of memory leak is that it reduces the performance of the computer by reducing the amount of available memory.
Because it is safe.
unsafe
has a very specific meaning in Rust, it specifically targets classes of programming mistakes which trigger Undefined Behavior. Those are the nastiest mistakes, as they completely subvert your whole understanding of a program, allowing either compiler or hardware to behave in unpredictable ways.
Memory leaks do not trigger Undefined Behavior, and therefore are safe.
You may be interested in what the Nomicon (the Unsafe equivalent of the Rust Book) has to say about Leaking; the example about ScopeGuard
is often referred to as the Leakpocalypse.
It is notable that Garbage Collected languages can easily leak memory, for example. A simple Map
in which key-value pairs are added without ever being removed will eventually lead to heap exhaustion; and the GC will not be able to stop it.
An ever-growing Map
is as undesirable as repeatedly forgetting to free
a pointer, in either case heap exhaustion looms, yet GC'ed languages are considered safe in general.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With