When is this practical?

Designing Rust services, fixing borrow errors, sketching FFI contracts, and writing concurrent code with Send/Sync guarantees.

C++ vs Rust and smart pointers help contrast manual ownership with compiler-enforced rules.

The Rust Book, Rustonomicon (unsafe), Rust by Example.

[2026] Rust Memory Safety: Ownership, Borrowing, Lifetimes, unsafe [#47-3]

2026년 3월 12일 · 35분 읽기 · 수정 2026년 4월 7일 Intermediate Concept

이 글의 핵심

How Rust prevents use-after-free and data races at compile time: move semantics, borrow checker rules, lifetime annotations, and safe unsafe boundaries.

Introduction: “Why fewer memory bugs in Rust?”

C++ often surfaces UAF, dangling pointers, and data races only at runtime. Rust’s ownership, borrow checker, and lifetimes reject many of these programs at compile time. Topics:

Ownership and move
Shared (&T) vs mutable (&mut T) borrows—no aliasing xor mutation
Lifetimes to tie references to valid data
unsafe for FFI and verified invariants
Send / Sync, Arc, Mutex, channels See also: C++ vs Rust, memory model comparison.

Key insight: Rust’s borrow checker enforces memory safety at compile time, eliminating data races and use-after-free bugs that C++ catches only at runtime (if at all). This makes Rust ideal for systems where crashes are unacceptable.

Scenarios

Moved value used again — prevented; no “valid but unspecified” footgun from using moved-from C++ objects incorrectly in the same way.
Returning reference to local — caught by lifetimes.
Rc across threads — Rc is not Send; use Arc.

Ownership & move

Each value has one owner; assignment moves by default for non-Copy types.
Drop runs exactly once at end of scope.

Borrow checker

Unlimited immutable borrows or one mutable borrow—not both.
Prevents iterator invalidation classes of bugs when rules are respected.

Lifetimes

Tie references to valid storage; often elided, sometimes explicit ‘a on structs and functions.

`unsafe`

Small, reviewed blocks for FFI, intrinsics, or data structures with manual invariants.
Unsafe does not disable borrow checking on safe Rust around it—local invariants must hold.

Concurrency

Send: safe to move to another thread.
Sync: safe to share references across threads (via &T).
Arc<Mutex> patterns for shared mutable state (runtime locking).

Summary

Rust trades compile-time fighting for runtime memory UB classes. Master moves, borrows, and lifetimes; treat unsafe and FFI as typed contracts with tests and reviews.