通过例子学习Rust

About the author
Questions and Issues
Edit and Contribute
Introduction
1. 你好世界
2. 格式化输出
3. 字面常量和操作符
4. 变量
- 4.1. 可变性
- 4.2. 作用域和覆盖
- 4.3. 先声明再使用
5. 类型
- 5.1. 转换
- 5.2. 字面常量
- 5.3. 推断
- 5.4. 别名
6. 表达式
7. if和else
8. 循环loop
- 8.1. 嵌套和标签
9. 循环while
10. for和range
11. 函数
- 11.1. 未用到
12. 模块(Modules)
- 12.1. 可见性
- 12.2. 导入
- 12.3. super和self
- 12.4. 文件层次
13. 库(Crates)
- 13.1. 库
- 13.2. `extern crate`
14. 属性(Attributes)
- 14.1. 库
- 14.2. `cfg`
  - 14.2.1. Custom
15. 元组(Tuples)
16. 模式匹配
- 16.1. 解构和解构条件
- 16.2. 解构结构体
17. 结构体
- 17.1. 可见性
18. 泛型
19. Box, 栈和堆
20. RAII
21. 所有权和转移
- 21.1. 可变性
22. 借用
- 22.1. 可变性
- 22.2. 冻结
- 22.3. 别名
- 22.4. ref模式
23. 生命期
- 23.1. 借用检查(borrow checker)
- 23.2. 函数
- 23.3. 结构体
24. 全局常量
25. 方法
26. 枚举
- 26.1. 类C枚举
27. 叛逆`panic!`
28. 可空`Option`
29. 数组和切片(slice)
30. 接口(Traits)
- 30.1. 衍生(deriving)
31. 操作符重载
32. 边界(Bounds)
33. 析构Drop
34. 迭代器
35. 闭包
36. 高阶函数
37. Vectors
38. 字符串
39. 克隆
40. 线程
41. 通道
42. 定时器
43. 套接字
44. `Result`
- 44.1. `try!`
45. 路径
46. 文件I/O
- 46.1. `open`
- 46.2. `create`
47. 子进程
- 47.1. 管道
- 47.2. 等待
48. 文件系统
49. 其他
- 49.1. 性能测试
- 49.2. 外部函数接口FFI
- 49.3. 定义宏`macro_rules!`
- 49.4. 随机数
- 49.5. SIMD
- 49.6. 测试
- 49.7. 不安全操作
- 49.8. 解析JSON
- 49.9. 格式化文本
- 49.10. 哈希表(HashMap)
  - 49.10.1. Alternate/custom key types
  - 49.10.2. 哈希集(HashSet)
50. 待续
- 50.1. 程序参数
- 50.2. `assert!`和`debug_assert!`
- 50.3. 注释
- 50.4. 绿色线程
- 50.5. 日志
- 50.6. 引用计数
- 50.7. 正则表达式
- 50.8. rustdoc
- 50.9. select!
- 50.10. 标准I/O
Generated using GitBook

23.1 借用检查(borrow checker)

Let's see how the compiler prevents the creation of dangling pointers via its borrow checker. To simplify the analysis and explanation, we have two additions:

Lifetimes has been explicitly annotated in the source code.
We have drawn the lifetime "lines", which span from the creation of an object to its destruction. The block scopes have also been drawn.

Note that explicit lifetime annotation on references &'foo T is not allowed by the compiler, so you must remove the lifetime part 'foo to see the "real" compiler error.

// FIXME To see the "real" compiler error, change both `&'b` and `&'e` into `&` fn main() { // `'main` starts ────────────────────────────────────────────┐ let stack_integer: int = 5; // `'a` starts ─────────────────────────┐ │ let boxed_integer = box 4; // `'b` starts ────────────────────────┐ │ │ // │ │ │ // This is a valid operation │ │ │ let ref_to_box: &'b int = &*boxed_integer; // `'c` starts ──────┐ │ │ │ // │ │ │ │ // The compiler forbids this operation, because │ │ │ │ // `ref_to_another_box` would become a dangling pointer │ │ │ │ let ref_to_another_box: &'e int = { // `'let` `'d` start ───┬─┐ │ │ │ │ let another_boxed_integer = box 3; // `'e` starts ────┐ │ │ │ │ │ │ // │ │ │ │ │ │ │ &*another_boxed_integer // │ │ │ │ │ │ │ }; // `'e` `'let` end ────────────────────────────────────┴─┘ │ │ │ │ │ // │ │ │ │ │ let invalid_dereference = *ref_to_another_box; // │ │ │ │ │ } // `'d` `'c` `'b` `'a` `'main` end ─────────────────────────────┴─┴─┴─┴─┘

The "real" compiler error is: "another_boxed_integer does not live long enough". Let's analyze why this happens:

stack_integer has lifetime 'a
boxed_integer has lifetime 'b
ref_to_box has lifetime 'c
ref_to_another_box has lifetime 'd
another_boxed_integer has lifetime 'e
'main and 'let are the scopes of the blocks
When a block scope ends, all the objects declared in it get destroyed
- 'let ends, and so does 'e
- 'main ends, and so does 'a 'b 'c and 'd
ref_to_box is a valid borrow, because
- ref_to_box has lifetime 'c
- ref_to_box points to an object with lifetime 'b
- 'c will never outlive 'b (this is expressed as 'c < 'b)
- therefore ref_to_box will always point to valid data
ref_to_another_box is an invalid borrow, because
- ref_to_another_box has lifetime 'd
- ref_to_another_box points to an object with lifetime 'e
- 'd outlives 'e
- therefore ref_to_another_box can become a dangling pointer (it can point to destroyed data)
  - creation of dangling pointers is forbidden, so this borrow is invalid

The borrow checker will do this job for the programmer behind his/her back, to prevent him/her from (unintentionally) creating dangling pointers. Although, the programmer can be saved by the borrow checker without knowing what is a lifetime.

The programmer doesn't need to explicitly annotate lifetimes (nor understand what are lifetimes), for the borrow checker to do its job in most cases. These are the cases where explicit lifetimes are required: