Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Rust consider it safe to leak memory?

According to this chapter in the Rust Book, it is possible to leak memory by creating a cycle of pointers:

Rust’s memory safety guarantees make it difficult, but not impossible, to accidentally create memory that is never cleaned up (known as a memory leak). Preventing memory leaks entirely is not one of Rust’s guarantees in the same way that disallowing data races at compile time is, meaning memory leaks are memory safe in Rust. We can see that Rust allows memory leaks by using Rc<T> and RefCell<T>: it’s possible to create references where items refer to each other in a cycle. This creates memory leaks because the reference count of each item in the cycle will never reach 0, and the values will never be dropped.

There exist alternatives like "weak pointers" that would allow you to create self-referential structures that could still be cleaned up when dropped. In fact, using Weak<T> is actually suggested later in that chapter.

Why does Rust consider this safe? Why is this an instance where the language does not do anything to prevent 'bad programmer behaviour'?

like image 993
Qqwy Avatar asked May 13 '19 07:05

Qqwy


People also ask

Why is Rust memory safe?

Memory safety in RustRust ensures memory safety at compile time using its innovative ownership mechanism and the borrow checker built into the compiler. The compiler does not allow memory unsafe code unless it's explicitly marked as unsafe in an unsafe block or function.

Is it possible to leak memory in Rust?

Rust's memory safety guarantees make it difficult, but not impossible, to accidentally create memory that is never cleaned up (known as a memory leak). Preventing memory leaks entirely is not one of Rust's guarantees, meaning memory leaks are memory safe in Rust.

How does Rust prevent memory leaks?

Rust does not prevent memory leaks. It encourages RAII, much like good C++, and additionally does have the borrow checker to make sure that references can't outlive the object. But you can still leak with Rc loops or just calling mem::forget .

Why should memory leaks be avoided?

Memory leak occurs when programmers create a memory in heap and forget to delete it. The consequences of memory leak is that it reduces the performance of the computer by reducing the amount of available memory.


1 Answers

Because it is safe.


unsafe has a very specific meaning in Rust, it specifically targets classes of programming mistakes which trigger Undefined Behavior. Those are the nastiest mistakes, as they completely subvert your whole understanding of a program, allowing either compiler or hardware to behave in unpredictable ways.

Memory leaks do not trigger Undefined Behavior, and therefore are safe.

You may be interested in what the Nomicon (the Unsafe equivalent of the Rust Book) has to say about Leaking; the example about ScopeGuard is often referred to as the Leakpocalypse.


It is notable that Garbage Collected languages can easily leak memory, for example. A simple Map in which key-value pairs are added without ever being removed will eventually lead to heap exhaustion; and the GC will not be able to stop it.

An ever-growing Map is as undesirable as repeatedly forgetting to free a pointer, in either case heap exhaustion looms, yet GC'ed languages are considered safe in general.

like image 84
Matthieu M. Avatar answered Oct 04 '22 14:10

Matthieu M.