rust/doc/tutorial.md
Patrick Walton 1c9c32782d tutorial: Remove the section on strings
It's already covered in the types section.
2012-09-05 11:07:06 -07:00

80 KiB

% Rust Language Tutorial

Introduction

Scope

This is a tutorial for the Rust programming language. It assumes the reader is familiar with the basic concepts of programming, and has programmed in one or more other languages before. It will often make comparisons to other languages in the C family. The tutorial covers the whole language, though not with the depth and precision of the language reference.

Language overview

Rust is a systems programming language with a focus on type safety, memory safety, concurrency and performance. It is intended for writing large, high-performance applications while preventing several classes of errors commonly found in languages like C++. Rust has a sophisticated memory model that makes possible many of the efficient data structures used in C++, while disallowing invalid memory accesses that would otherwise cause segmentation faults. Like other systems languages, it is statically typed and compiled ahead of time.

As a multi-paradigm language, Rust supports writing code in procedural, functional and object-oriented styles. Some of its nice high-level features include:

  • Pattern matching and algebraic data types (enums). Common in functional languages, pattern matching on ADTs provides a compact and expressive way to encode program logic.
  • Task-based concurrency. Rust uses lightweight tasks that do not share memory.
  • Higher-order functions. Rust functions may take closures as arguments or return closures as return values. Closures in Rust are very powerful and used pervasively.
  • Trait polymorphism. Rust's type system features a unique combination of Java-style interfaces and Haskell-style typeclasses called traits.
  • Parametric polymorphism (generics). Functions and types can be parameterized over type variables with optional type constraints.
  • Type inference. Type annotations on local variable declarations can be omitted.

First impressions

As a curly-brace language in the tradition of C, C++, and JavaScript, Rust looks a lot like other languages you may be familiar with.

fn boring_old_factorial(n: int) -> int {
    let mut result = 1, i = 1;
    while i <= n {
        result *= i;
        i += 1;
    }
    return result;
}

Several differences from C stand out. Types do not come before, but after variable names (preceded by a colon). For local variables (introduced with let), types are optional, and will be inferred when left off. Constructs like while and if do not require parentheses around the condition (though they allow them).

You should, however, not conclude that Rust is simply an evolution of C. As will become clear in the rest of this tutorial, it goes in quite a different direction, with efficient, strongly-typed and memory-safe support for many high-level idioms.

Conventions

Throughout the tutorial, words that indicate language keywords or identifiers defined in the example code are displayed in code font.

Code snippets are indented, and also shown in a monospaced font. Not all snippets constitute whole programs. For brevity, we'll often show fragments of programs that don't compile on their own. To try them out, you might have to wrap them in fn main() { ... }, and make sure they don't contain references to things that aren't actually defined.

Warning: Rust is a language under heavy development. Notes about potential changes to the language, implementation deficiencies, and other caveats appear offset in blockquotes.

Getting started

Installation

The Rust compiler currently must be built from a tarball. We hope to be distributing binary packages for various operating systems in the future.

The Rust compiler is slightly unusual in that it is written in Rust and therefore must be built by a precompiled "snapshot" version of itself (made in an earlier state of development). As such, source builds require that:

  • You are connected to the internet, to fetch snapshots.
  • You can at least execute snapshot binaries of one of the forms we offer them in. Currently we build and test snapshots on:
    • Windows (7, server 2008 r2) x86 only
    • Linux (various distributions) x86 and x86-64
    • OSX 10.6 ("Snow Leopard") or 10.7 ("Lion") x86 and x86-64

You may find other platforms work, but these are our "tier 1" supported build environments that are most likely to work. Further platforms will be added to the list in the future via cross-compilation.

To build from source you will also need the following prerequisite packages:

  • g++ 4.4 or clang++ 3.x
  • python 2.6 or later
  • perl 5.0 or later
  • gnu make 3.81 or later
  • curl

Assuming you're on a relatively modern *nix system and have met the prerequisites, something along these lines should work. Building from source on Windows requires some extra steps: please see the getting started page on the Rust wiki.

$ wget http://dl.rust-lang.org/dist/rust-0.3.tar.gz
$ tar -xzf rust-0.3.tar.gz
$ cd rust-0.3
$ ./configure
$ make && make install

You may need to use sudo make install if you do not normally have permission to modify the destination directory. The install locations can be adjusted by passing a --prefix argument to configure. Various other options are also supported, pass --help for more information on them.

When complete, make install will place the following programs into /usr/local/bin:

  • rustc, the Rust compiler
  • rustdoc, the API-documentation tool
  • cargo, the Rust package manager

Compiling your first program

Rust program files are, by convention, given the extension .rs. Say we have a file hello.rs containing this program:

fn main() {
    io::println("hello world!");
}

If the Rust compiler was installed successfully, running rustc hello.rs will produce a binary called hello (or hello.exe).

If you modify the program to make it invalid (for example, by changing io::println to some nonexistent function), and then compile it, you'll see an error message like this:

hello.rs:2:4: 2:16 error: unresolved name: io::print_it
hello.rs:2     io::print_it("hello world!");
               ^~~~~~~~~~~~

The Rust compiler tries to provide useful information when it runs into an error.

Anatomy of a Rust program

In its simplest form, a Rust program is a .rs file with some types and functions defined in it. If it has a main function, it can be compiled to an executable. Rust does not allow code that's not a declaration to appear at the top level of the file—all statements must live inside a function.

Rust programs can also be compiled as libraries, and included in other programs. The extern mod std directive that appears at the top of a lot of examples imports the standard library. This is described in more detail later on.

Editing Rust code

There are Vim highlighting and indentation scripts in the Rust source distribution under src/etc/vim/, and an emacs mode under src/etc/emacs/. There is a package for Sublime Text 2 at github.com/dbp/sublime-rust, also available through package control.

Other editors are not provided for yet. If you end up writing a Rust mode for your favorite editor, let us know so that we can link to it.

Syntax Basics

Braces

Assuming you've programmed in any C-family language (C++, Java, JavaScript, C#, or PHP), Rust will feel familiar. The main surface difference to be aware of is that the bodies of if statements and of while loops have to be wrapped in brackets. Single-statement, bracket-less bodies are not allowed.

Accounting for these differences, the surface syntax of Rust statements and expressions is C-like. Function calls are written myfunc(arg1, arg2), operators have mostly the same name and precedence that they have in C, comments look the same, and constructs like if and while are available:

# fn it_works() {}
# fn abort() {}
fn main() {
    while true {
        /* Ensure that basic math works. */
        if 2*20 > 30 {
            // Everything is OK.
            it_works();
        } else {
            abort();
        }
        break;
    }
}

Expression syntax

Though it isn't apparent in all code, there is a fundamental difference between Rust's syntax and its predecessors in this family of languages. Many constructs that are statements in C are expressions in Rust. This allows Rust to be more expressive. For example, you might write a piece of code like this:

# let item = "salad";
let price;
if item == "salad" {
    price = 3.50;
} else if item == "muffin" {
    price = 2.25;
} else {
    price = 2.00;
}

But, in Rust, you don't have to repeat the name price:

# let item = "salad";
let price = if item == "salad" { 3.50 }
            else if item == "muffin" { 2.25 }
            else { 2.00 };

Both pieces of code are exactly equivalent—they assign a value to price depending on the condition that holds. Note that the semicolons are omitted from the second snippet. This is important; the lack of a semicolon after the last statement in a braced block gives the whole block the value of that last expression.

Put another way, the semicolon in Rust ignores the value of an expression. Thus, if the branches of the if had looked like { 4; }, the above example would simply assign nil (void) to price. But without the semicolon, each branch has a different value, and price gets the value of the branch that was taken.

This feature also works for function bodies. This function returns a boolean:

fn is_four(x: int) -> bool { x == 4 }

In short, everything that's not a declaration (let for variables, fn for functions, et cetera) is an expression.

If all those things are expressions, you might conclude that you have to add a terminating semicolon after every statement, even ones that are not traditionally terminated with a semicolon in C (like while). That is not the case, though. Expressions that end in a block only need a semicolon if that block contains a trailing expression. while loops do not allow trailing expressions, and if statements tend to only have a trailing expression when you want to use their value for something—in which case you'll have embedded it in a bigger statement, like the let x = ... example above.

Identifiers

Rust identifiers follow the same rules as C; they start with an alphabetic character or an underscore, and after that may contain any sequence of alphabetic characters, numbers, or underscores. The preferred style is to begin function, variable, and module names with a lowercase letter, using underscores where they help readability, while beginning types with a capital letter.

The double-colon (::) is used as a module separator, so io::println means 'the thing named println in the module named io.

Variable declaration

The let keyword, as we've seen, introduces a local variable. Local variables are immutable by default: let mut can be used to introduce a local variable that can be reassigned. Global constants can be defined with const:

const REPEAT: int = 5;
fn main() {
    let hi = "Hi!";
    let mut count = 0;
    while count < REPEAT {
        io::println(hi);
        count += 1;
    }
}

Local variables may shadow earlier declarations, making the earlier variables inaccessible.

let my_favorite_value: float = 57.8;
let my_favorite_value: int = my_favorite_value as int;

Types

The basic types are written like this:

() : Nil, the type that has only a single value.

bool : Boolean type, with values true and false.

int : A machine-pointer-sized integer.

uint : A machine-pointer-sized unsigned integer.

i8, i16, i32, i64 : Signed integers with a specific size (in bits).

u8, u16, u32, u64 : Unsigned integers with a specific size.

float : The largest floating-point type efficiently supported on the target machine.

f32, f64 : Floating-point types with a specific size.

char : A Unicode character (32 bits).

These can be combined in composite types, which will be described in more detail later on (the Ts here stand for any other type):

[T * N] : Vector (like an array in other languages) with N elements.

[mut T * N] : Mutable vector with N elements.

(T1, T2) : Tuple type. Any arity above 1 is supported.

@T, ~T, &T : Pointer types.

Some types can only be manipulated by pointer, never directly. For instance, you cannot refer to a string (str); instead you refer to a pointer to a string (@str, ~str, or &str). These dynamically-sized types consist of:

fn(arg1: T1, arg2: T2) -> T3 : Function types.

str : String type (in UTF-8).

[T] : Vector with unknown size (also called a slice).

[mut T] : Mutable vector with unknown size.

Types can be given names with type declarations:

type MonsterSize = uint;

This will provide a synonym, MonsterSize, for unsigned integers. It will not actually create a new, incompatible type—MonsterSize and uint can be used interchangeably, and using one where the other is expected is not a type error. Read about single-variant enums further on if you need to create a type name that's not just a synonym.

Using types

The -> bool in the is_four example is the way a function's return type is written. For functions that do not return a meaningful value, you can optionally say -> (), but usually the return annotation is simply left off, as in the fn main() { ... } examples we've seen earlier.

Every argument to a function must have its type declared (for example, x: int). Inside the function, type inference will be able to automatically deduce the type of most locals (generic functions, which we'll come back to later, will occasionally need additional annotation). Locals can be written either with or without a type annotation:

// The type of this vector will be inferred based on its use.
let x = [];
# vec::map(x, fn&(&&_y:int) -> int { _y });
// Explicitly say this is a vector of zero integers.
let y: [int * 0] = [];

Numeric literals

Integers can be written in decimal (144), hexadecimal (0x90), and binary (0b10010000) base.

If you write an integer literal without a suffix (3, -500, etc.), the Rust compiler will try to infer its type based on type annotations and function signatures in the surrounding program. In the absence of any type annotations at all, Rust will assume that an unsuffixed integer literal has type int. It's also possible to avoid any type ambiguity by writing integer literals with a suffix. For example:

let x = 50;
log(error, x); // x is an int
let y = 100u;
log(error, y); // y is an uint

Note that, in Rust, no implicit conversion between integer types happens. If you are adding one to a variable of type uint, saying += 1u8 will give you a type error.

Floating point numbers are written 0.0, 1e6, or 2.1e-4. Without a suffix, the literal is assumed to be of type float. Suffixes f (32-bit) and l (64-bit) can be used to create literals of a specific type.

Other literals

The nil literal is written just like the type: (). The keywords true and false produce the boolean literals.

Character literals are written between single quotes, as in 'x'. Just as in C, Rust understands a number of character escapes, using the backslash character, \n, \r, and \t being the most common.

String literals allow the same escape sequences. They are written between double quotes ("hello"). Rust strings may contain newlines.

Operators

Rust's set of operators contains very few surprises. Arithmetic is done with *, /, %, +, and - (multiply, divide, remainder, plus, minus). - is also a unary prefix operator that does negation. As in C, the bit operators >>, <<, &, |, and ^ are also supported.

Note that, if applied to an integer value, ! flips all the bits (like ~ in C).

The comparison operators are the traditional ==, !=, <, >, <=, and >=. Short-circuiting (lazy) boolean operators are written && (and) and || (or).

For type casting, Rust uses the binary as operator. It takes an expression on the left side and a type on the right side and will, if a meaningful conversion exists, convert the result of the expression to the given type.

let x: float = 4.0;
let y: uint = x as uint;
assert y == 4u;

The main difference with C is that ++ and -- are missing, and that the logical bitwise operators have higher precedence — in C, x & 2 > 0 comes out as x & (2 > 0), in Rust, it means (x & 2) > 0, which is more likely to be what you expect (unless you are a C veteran).

Syntax extensions

Syntax extensions are special forms that are not built into the language, but are instead provided by the libraries. To make it clear to the reader when a syntax extension is being used, the names of all syntax extensions end with !. The standard library defines a few syntax extensions, the most useful of which is fmt!, a sprintf-style text formatter that is expanded at compile time.

io::println(fmt!("%s is %d", ~"the answer", 42));

fmt! supports most of the directives that printf supports, but will give you a compile-time error when the types of the directives don't match the types of the arguments.

You can define your own syntax extensions with the macro system, which is out of scope of this tutorial.

Control structures

Conditionals

We've seen if pass by a few times already. To recap, braces are compulsory, an optional else clause can be appended, and multiple if/else constructs can be chained together:

if false {
    io::println(~"that's odd");
} else if true {
    io::println(~"right");
} else {
    io::println(~"neither true nor false");
}

The condition given to an if construct must be of type boolean (no implicit conversion happens). If the arms return a value, this value must be of the same type for every arm in which control reaches the end of the block:

fn signum(x: int) -> int {
    if x < 0 { -1 }
    else if x > 0 { 1 }
    else { return 0 }
}

Pattern matching

Rust's match construct is a generalized, cleaned-up version of C's switch construct. You provide it with a value and a number of arms, each labelled with a pattern, and the code will attempt to match each pattern in order. For the first one that matches, the arm is executed.

# let my_number = 1;
match my_number {
  0     => io::println("zero"),
  1 | 2 => io::println("one or two"),
  3..10 => io::println("three to ten"),
  _     => io::println("something else")
}

There is no 'falling through' between arms, as in C—only one arm is executed, and it doesn't have to explicitly break out of the construct when it is finished.

The part to the left of the arrow => is called the pattern. Literals are valid patterns and will match only their own value. The pipe operator (|) can be used to assign multiple patterns to a single arm. Ranges of numeric literal patterns can be expressed with two dots, as in M..N. The underscore (_) is a wildcard pattern that matches everything.

The patterns in an match arm are followed by a fat arrow, =>, then an expression to evaluate. Each case is separated by commas. It's often convenient to use a block expression for a case, in which case the commas are optional.

# let my_number = 1;
match my_number {
  0 => {
    io::println("zero")
  }
  _ => {
    io::println("something else")
  }
}

match constructs must be exhaustive: they must have an arm covering every possible case. For example, if the arm with the wildcard pattern was left off in the above example, the typechecker would reject it.

A powerful application of pattern matching is destructuring, where you use the matching to get at the contents of data types. Remember that (float, float) is a tuple of two floats:

use float::consts::pi;
fn angle(vector: (float, float)) -> float {
    match vector {
      (0f, y) if y < 0f => 1.5 * pi,
      (0f, y) => 0.5 * pi,
      (x, y) => float::atan(y / x)
    }
}

A variable name in a pattern matches everything, and binds that name to the value of the matched thing inside of the arm block. Thus, (0f, y) matches any tuple whose first element is zero, and binds y to the second element. (x, y) matches any tuple, and binds both elements to a variable.

Any match arm can have a guard clause (written if EXPR), which is an expression of type bool that determines, after the pattern is found to match, whether the arm is taken or not. The variables bound by the pattern are available in this guard expression.

Let

You've already seen simple let bindings. let is also a little fancier: it is possible to use destructuring patterns in it. For example, you can say this to extract the fields from a tuple:

# fn get_tuple_of_two_ints() -> (int, int) { (1, 1) }
let (a, b) = get_tuple_of_two_ints();

This will introduce two new variables, a and b, bound to the content of the tuple.

You may only use irrefutable patterns—patterns that can never fail to match—in let bindings. Other types of patterns, such as literals, are not allowed.

Loops

while produces a loop that runs as long as its given condition (which must have type bool) evaluates to true. Inside a loop, the keyword break can be used to abort the loop, and again can be used to abort the current iteration and continue with the next.

let mut cake_amount = 8;
while cake_amount > 0 {
    cake_amount -= 1;
}

loop is the preferred way of writing while true:

let mut x = 5;
loop {
    x += x - 3;
    if x % 5 == 0 { break; }
    io::println(int::str(x));
}

This code prints out a weird sequence of numbers and stops as soon as it finds one that can be divided by five.

For more involved iteration, such as going over the elements of a collection, Rust uses higher-order functions. We'll come back to those in a moment.

Functions

Like all other static declarations, such as type, functions can be declared both at the top level and inside other functions (or modules, which we'll come back to later).

We've already seen several function definitions. They are introduced with the fn keyword, the type of arguments are specified following colons and the return type follows the arrow.

fn repeat(string: &str, count: int) -> ~str {
    let mut result = ~"";
    for count.times {
        result += string;
    }
    return result;
}

The return keyword immediately returns from the body of a function. It is optionally followed by an expression to return. A function can also return a value by having its top level block produce an expression.

# const copernicus: int = 0;
fn int_to_str(i: int) -> ~str {
    if i == copernicus {
        return ~"tube sock";
    } else {
        return ~"violin";
    }
}
# const copernicus: int = 0;
fn int_to_str(i: int) -> ~str {
    if i == copernicus { ~"tube sock" }
    else { ~"violin" }
}

Functions that do not return a value are said to return nil, (), and both the return type and the return value may be omitted from the definition. The following two functions are equivalent.

fn do_nothing_the_hard_way() -> () { return (); }

fn do_nothing_the_easy_way() { }

Basic datatypes

The core datatypes of Rust are structs, enums (tagged unions, algebraic data types), and tuples. They are immutable by default.

struct Point { x: float, y: float }

enum Shape {
    Circle(Point, float),
    Rectangle(Point, Point)
}

Structs

Rust struct types must be declared before they are used using the struct syntax: struct Name { field1: T1, field2: T2 [, ...] }, where T1, T2, ... denote types. To construct a struct, use the same syntax, but leave off the struct; for example: Point { x: 1.0, y: 2.0 }.

Structs are quite similar to C structs and are even laid out the same way in memory (so you can read from a Rust struct in C, and vice-versa). The dot operator is used to access struct fields (mypoint.x).

Fields that you want to mutate must be explicitly marked mut.

struct Stack {
    content: ~[int],
    mut head: uint
}

With a value of such a type, you can do mystack.head += 1. If mut were omitted from the type, such an assignment would result in a type error.

Struct patterns

Structs can be destructured in match patterns. The basic syntax is Name {fieldname: pattern, ...}:

# struct Point { x: float, y: float }
# let mypoint = Point { x: 0.0, y: 0.0 };
match mypoint {
    Point { x: 0.0, y: y } => { io::println(y.to_str());                    }
    Point { x: x, y: y }   => { io::println(x.to_str() + " " + y.to_str()); }
}

In general, the field names of a struct do not have to appear in the same order they appear in the type. When you are not interested in all the fields of a struct, a struct pattern may end with , _ (as in Name {field1, _}) to indicate that you're ignoring all other fields.

Enums

Enums are datatypes that have several alternate representations. For example, consider the type shown earlier:

# struct Point { x: float, y: float }
enum Shape {
    Circle(Point, float),
    Rectangle(Point, Point)
}

A value of this type is either a Circle, in which case it contains a point struct and a float, or a Rectangle, in which case it contains two point records. The run-time representation of such a value includes an identifier of the actual form that it holds, much like the 'tagged union' pattern in C, but with better ergonomics.

The above declaration will define a type shape that can be used to refer to such shapes, and two functions, circle and rectangle, which can be used to construct values of the type (taking arguments of the specified types). So circle({x: 0f, y: 0f}, 10f) is the way to create a new circle.

Enum variants need not have type parameters. This, for example, is equivalent to a C enum:

enum direction {
    north,
    east,
    south,
    west
}

This will define north, east, south, and west as constants, all of which have type direction.

When an enum is C-like, that is, when none of the variants have parameters, it is possible to explicitly set the discriminator values to an integer value:

enum color {
  red = 0xff0000,
  green = 0x00ff00,
  blue = 0x0000ff
}

If an explicit discriminator is not specified for a variant, the value defaults to the value of the previous variant plus one. If the first variant does not have a discriminator, it defaults to 0. For example, the value of north is 0, east is 1, etc.

When an enum is C-like the as cast operator can be used to get the discriminator's value.

There is a special case for enums with a single variant. These are used to define new types in such a way that the new name is not just a synonym for an existing type, but its own distinct type. If you say:

enum gizmo_id = int;

That is a shorthand for this:

enum gizmo_id { gizmo_id(int) }

Enum types like this can have their content extracted with the dereference (*) unary operator:

# enum gizmo_id = int;
let my_gizmo_id = gizmo_id(10);
let id_int: int = *my_gizmo_id;

Enum patterns

For enum types with multiple variants, destructuring is the only way to get at their contents. All variant constructors can be used as patterns, as in this definition of area:

# type point = {x: float, y: float};
# enum shape { circle(point, float), rectangle(point, point) }
fn area(sh: shape) -> float {
    match sh {
        circle(_, size) => float::consts::pi * size * size,
        rectangle({x, y}, {x: x2, y: y2}) => (x2 - x) * (y2 - y)
    }
}

Another example, matching nullary enum variants:

# type point = {x: float, y: float};
# enum direction { north, east, south, west }
fn point_from_direction(dir: direction) -> point {
    match dir {
        north => {x:  0f, y:  1f},
        east  => {x:  1f, y:  0f},
        south => {x:  0f, y: -1f},
        west  => {x: -1f, y:  0f}
    }
}

Tuples

Tuples in Rust behave exactly like records, except that their fields do not have names (and can thus not be accessed with dot notation). Tuples can have any arity except for 0 or 1 (though you may consider nil, (), as the empty tuple if you like).

let mytup: (int, int, float) = (10, 20, 30.0);
match mytup {
  (a, b, c) => log(info, a + b + (c as int))
}

The Rust memory model

At this junction let's take a detour to explain the concepts involved in Rust's memory model. Rust has a very particular approach to memory management that plays a significant role in shaping the "feel" of the language. Understanding the memory landscape will illuminate several of Rust's unique features as we encounter them.

Rust has three competing goals that inform its view of memory:

  • Memory safety: memory that is managed by and is accessible to the Rust language must be guaranteed to be valid; under normal circumstances it must be impossible for Rust to trigger a segmentation fault or leak memory
  • Performance: high-performance low-level code must be able to employ a number of allocation strategies; low-performance high-level code must be able to employ a single, garbage-collection-based, heap allocation strategy
  • Concurrency: Rust must maintain memory safety guarantees, even for code running in parallel

How performance considerations influence the memory model

Most languages that offer strong memory safety guarantees rely upon a garbage-collected heap to manage all of the objects. This approach is straightforward both in concept and in implementation, but has significant costs. Languages that take this approach tend to aggressively pursue ways to ameliorate allocation costs (think the Java Virtual Machine). Rust supports this strategy with shared boxes: memory allocated on the heap that may be referred to (shared) by multiple variables.

By comparison, languages like C++ offer very precise control over where objects are allocated. In particular, it is common to put them directly on the stack, avoiding expensive heap allocation. In Rust this is possible as well, and the compiler will use a clever pointer lifetime analysis to ensure that no variable can refer to stack objects after they are destroyed.

How concurrency considerations influence the memory model

Memory safety in a concurrent environment involves avoiding race conditions between two threads of execution accessing the same memory. Even high-level languages often require programmers to correctly employ locking to ensure that a program is free of races.

Rust starts from the position that memory cannot be shared between tasks. Experience in other languages has proven that isolating each task's heap from the others is a reliable strategy and one that is easy for programmers to reason about. Heap isolation has the additional benefit that garbage collection must only be done per-heap. Rust never "stops the world" to garbage-collect memory.

Complete isolation of heaps between tasks implies that any data transferred between tasks must be copied. While this is a fine and useful way to implement communication between tasks, it is also very inefficient for large data structures. Because of this, Rust also employs a global exchange heap. Objects allocated in the exchange heap have ownership semantics, meaning that there is only a single variable that refers to them. For this reason, they are referred to as unique boxes. All tasks may allocate objects on the exchange heap, then transfer ownership of those objects to other tasks, avoiding expensive copies.

What to be aware of

Rust has three "realms" in which objects can be allocated: the stack, the local heap, and the exchange heap. These realms have corresponding pointer types: the borrowed pointer (&T), the shared box (@T), and the unique box (~T). These three sigils will appear repeatedly as we explore the language. Learning the appropriate role of each is key to using Rust effectively.

Boxes and pointers

In contrast to a lot of modern languages, aggregate types like records and enums are not represented as pointers to allocated memory in Rust. They are, as in C and C++, represented directly. This means that if you let x = {x: 1f, y: 1f};, you are creating a record on the stack. If you then copy it into a data structure, the whole record is copied, not just a pointer.

For small records like point, this is usually more efficient than allocating memory and going through a pointer. But for big records, or records with mutable fields, it can be useful to have a single copy on the heap, and refer to that through a pointer.

Rust supports several types of pointers. The safe pointer types are @T for shared boxes allocated on the local heap, ~T, for uniquely-owned boxes allocated on the exchange heap, and &T, for borrowed pointers, which may point to any memory, and whose lifetimes are governed by the call stack.

Rust also has an unsafe pointer, written *T, which is a completely unchecked pointer type only used in unsafe code (and thus, in typical Rust code, very rarely).

All pointer types can be dereferenced with the * unary operator.

Shared boxes

Shared boxes are pointers to heap-allocated, garbage collected memory. Creating a shared box is done by simply applying the unary @ operator to an expression. The result of the expression will be boxed, resulting in a box of the right type. Copying a shared box, as happens during assignment, only copies a pointer, never the contents of the box.

let x: @int = @10; // New box, refcount of 1
let y = x; // Copy the pointer, increase refcount
// When x and y go out of scope, refcount goes to 0, box is freed

Shared boxes never cross task boundaries.

Note: shared boxes are currently reclaimed through reference counting and cycle collection, but we will switch to a tracing garbage collector.

Unique boxes

In contrast to shared boxes, unique boxes have a single owner and thus two unique boxes may not refer to the same memory. All unique boxes across all tasks are allocated on a single exchange heap, where their uniquely owned nature allows them to be passed between tasks.

Because unique boxes are uniquely owned, copying them involves allocating a new unique box and duplicating the contents. Copying unique boxes is expensive so the compiler will complain if you do.

let x = ~10;
let y = x; // error: copying a non-implicitly copyable type

If you really want to copy a unique box you must say so explicitly.

let x = ~10;
let y = copy x;

This is where the 'move' (<-) operator comes in. It is similar to =, but it de-initializes its source. Thus, the unique box can move from x to y, without violating the constraint that it only has a single owner (if you used assignment instead of the move operator, the box would, in principle, be copied).

let x = ~10;
let y <- x;

Note: this discussion of copying vs moving does not account for the "last use" rules that automatically promote copy operations to moves. This is an evolving area of the language that will continue to change.

Unique boxes, when they do not contain any shared boxes, can be sent to other tasks. The sending task will give up ownership of the box, and won't be able to access it afterwards. The receiving task will become the sole owner of the box.

Borrowed pointers

Rust borrowed pointers are a general purpose reference/pointer type, similar to the C++ reference type, but guaranteed to point to valid memory. In contrast to unique pointers, where the holder of a unique pointer is the owner of the pointed-to memory, borrowed pointers never imply ownership. Pointers may be borrowed from any type, in which case the pointer is guaranteed not to outlive the value it points to.

# fn work_with_foo_by_pointer(f: &~str) { }
let foo = ~"foo";
work_with_foo_by_pointer(&foo);

The following shows an example of what is not possible with borrowed pointers. If you were able to write this then the pointer to foo would outlive foo itself.

let foo_ptr;
{
    let foo = ~"foo";
    foo_ptr = &foo;
}

Note: borrowed pointers are a new addition to the language. They are not used extensively yet but are expected to become the pointer type used in many common situations, in particular for by-reference argument passing. Rust's current solution for passing arguments by reference is argument modes.

Mutability

All pointer types have a mutable variant, written @mut T or ~mut T. Given such a pointer, you can write to its contents by combining the dereference operator with a mutating action.

fn increase_contents(pt: @mut int) {
    *pt += 1;
}

Vectors

Vectors are a contiguous section of memory containing zero or more values of the same type. Like other types in Rust, vectors can be stored on the stack, the local heap, or the exchange heap.

enum crayon {
    almond, antique_brass, apricot,
    aquamarine, asparagus, atomic_tangerine,
    banana_mania, beaver, bittersweet
}

// A stack vector of crayons
let stack_crayons: &[crayon] = &[almond, antique_brass, apricot];
// A local heap (shared) vector of crayons
let local_crayons: @[crayon] = @[aquamarine, asparagus, atomic_tangerine];
// An exchange heap (unique) vector of crayons
let exchange_crayons: ~[crayon] = ~[banana_mania, beaver, bittersweet];

Note: Until recently Rust only had unique vectors, using the unadorned [] syntax for literals. This syntax is still supported but is deprecated. In the future it will probably represent some "reasonable default" vector type.

Unique vectors are the currently-recommended vector type for general use as they are the most tested and well-supported by existing libraries. There will be a gradual shift toward using more stack and local vectors in the coming releases.

Vector literals are enclosed in square brackets and dereferencing is also done with square brackets (zero-based):

# enum crayon { almond, antique_brass, apricot,
#               aquamarine, asparagus, atomic_tangerine,
#               banana_mania, beaver, bittersweet };
# fn draw_scene(c: crayon) { }

let crayons = ~[banana_mania, beaver, bittersweet];
match crayons[0] {
	   bittersweet => draw_scene(crayons[0]),
       _ => ()
}

By default, vectors are immutable—you can not replace their elements. The type written as ~[mut T] is a vector with mutable elements. Mutable vector literals are written ~[mut] (empty) or ~[mut 1, 2, 3] (with elements).

# enum crayon { almond, antique_brass, apricot,
#               aquamarine, asparagus, atomic_tangerine,
#               banana_mania, beaver, bittersweet };

let crayons = ~[mut banana_mania, beaver, bittersweet];
crayons[0] = atomic_tangerine;

The + operator means concatenation when applied to vector types.

# enum crayon { almond, antique_brass, apricot,
#               aquamarine, asparagus, atomic_tangerine,
#               banana_mania, beaver, bittersweet };

let my_crayons = ~[almond, antique_brass, apricot];
let your_crayons = ~[banana_mania, beaver, bittersweet];

let our_crayons = my_crayons + your_crayons;

The += operator also works as expected, provided the assignee lives in a mutable slot.

# enum crayon { almond, antique_brass, apricot,
#               aquamarine, asparagus, atomic_tangerine,
#               banana_mania, beaver, bittersweet };

let mut my_crayons = ~[almond, antique_brass, apricot];
let your_crayons = ~[banana_mania, beaver, bittersweet];

my_crayons += your_crayons;

Vector and string methods

Both vectors and strings support a number of useful methods. While we haven't covered methods yet, most vector functionality is provided by methods, so let's have a brief look at a few common ones.

# import io::println;
# enum crayon {
#     almond, antique_brass, apricot,
#     aquamarine, asparagus, atomic_tangerine,
#     banana_mania, beaver, bittersweet
# }
# fn unwrap_crayon(c: crayon) -> int { 0 }
# fn eat_crayon_wax(i: int) { }
# fn store_crayon_in_nasal_cavity(i: uint, c: crayon) { }
# fn crayon_to_str(c: crayon) -> ~str { ~"" }

let crayons = ~[almond, antique_brass, apricot];

// Check the length of the vector
assert crayons.len() == 3;
assert !crayons.is_empty();

// Iterate over a vector
for crayons.each |crayon| {
    let delicious_crayon_wax = unwrap_crayon(crayon);
    eat_crayon_wax(delicious_crayon_wax);
}

// Map vector elements
let crayon_names = crayons.map(crayon_to_str);
let favorite_crayon_name = crayon_names[0];

// Remove whitespace from before and after the string
let new_favorite_crayon_name = favorite_crayon_name.trim();

if favorite_crayon_name.len() > 5 {
   // Create a substring
   println(favorite_crayon_name.substr(0, 5));
}

Closures

Named functions, like those we've seen so far, may not refer to local variables declared outside the function - they do not "close over their environment". For example, you couldn't write the following:

let foo = 10;

fn bar() -> int {
   return foo; // `bar` cannot refer to `foo`
}

Rust also supports closures, functions that can access variables in the enclosing scope.

# import println = io::println;
fn call_closure_with_ten(b: fn(int)) { b(10); }

let captured_var = 20;
let closure = |arg| println(fmt!("captured_var=%d, arg=%d", captured_var, arg));

call_closure_with_ten(closure);

Closures begin with the argument list between bars and are followed by a single expression. The types of the arguments are generally omitted, as is the return type, because the compiler can almost always infer them. In the rare case where the compiler needs assistance though, the arguments and return types may be annotated.

# type mygoodness = fn(~str) -> ~str; type what_the = int;
let bloop = |well, oh: mygoodness| -> what_the { fail oh(well) };

There are several forms of closure, each with its own role. The most common, called a stack closure, has type fn& and can directly access local variables in the enclosing scope.

let mut max = 0;
(~[1, 2, 3]).map(|x| if x > max { max = x });

Stack closures are very efficient because their environment is allocated on the call stack and refers by pointer to captured locals. To ensure that stack closures never outlive the local variables to which they refer, they can only be used in argument position and cannot be stored in structures nor returned from functions. Despite the limitations stack closures are used pervasively in Rust code.

Shared closures

When you need to store a closure in a data structure, a stack closure will not do, since the compiler will refuse to let you store it. For this purpose, Rust provides a type of closure that has an arbitrary lifetime, written fn@ (boxed closure, analogous to the @ pointer type described earlier).

A boxed closure does not directly access its environment, but merely copies out the values that it closes over into a private data structure. This means that it can not assign to these variables, and will not 'see' updates to them.

This code creates a closure that adds a given string to its argument, returns it from a function, and then calls it:

use std;

fn mk_appender(suffix: ~str) -> fn@(~str) -> ~str {
    return fn@(s: ~str) -> ~str { s + suffix };
}

fn main() {
    let shout = mk_appender(~"!");
    io::println(shout(~"hey ho, let's go"));
}

This example uses the long closure syntax, fn@(s: ~str) ..., making the fact that we are declaring a box closure explicit. In practice boxed closures are usually defined with the short closure syntax introduced earlier, in which case the compiler will infer the type of closure. Thus our boxed closure example could also be written:

fn mk_appender(suffix: ~str) -> fn@(~str) -> ~str {
    return |s| s + suffix;
}

Unique closures

Unique closures, written fn~ in analogy to the ~ pointer type, hold on to things that can safely be sent between processes. They copy the values they close over, much like boxed closures, but they also 'own' them—meaning no other code can access them. Unique closures are used in concurrent code, particularly for spawning tasks.

Closure compatibility

A nice property of Rust closures is that you can pass any kind of closure (as long as the arguments and return types match) to functions that expect a fn(). Thus, when writing a higher-order function that wants to do nothing with its function argument beyond calling it, you should almost always specify the type of that argument as fn(), so that callers have the flexibility to pass whatever they want.

fn call_twice(f: fn()) { f(); f(); }
call_twice(|| { ~"I am an inferred stack closure"; } );
call_twice(fn&() { ~"I am also a stack closure"; } );
call_twice(fn@() { ~"I am a boxed closure"; });
call_twice(fn~() { ~"I am a unique closure"; });
fn bare_function() { ~"I am a plain function"; }
call_twice(bare_function);

Do syntax

Closures in Rust are frequently used in combination with higher-order functions to simulate control structures like if and loop. Consider this function that iterates over a vector of integers, applying an operator to each:

fn each(v: ~[int], op: fn(int)) {
   let mut n = 0;
   while n < v.len() {
       op(v[n]);
       n += 1;
   }
}

As a caller, if we use a closure to provide the final operator argument, we can write it in a way that has a pleasant, block-like structure.

# fn each(v: ~[int], op: fn(int)) {}
# fn do_some_work(i: int) { }
each(~[1, 2, 3], |n| {
    debug!("%i", n);
    do_some_work(n);
});

This is such a useful pattern that Rust has a special form of function call that can be written more like a built-in control structure:

# fn each(v: ~[int], op: fn(int)) {}
# fn do_some_work(i: int) { }
do each(~[1, 2, 3]) |n| {
    debug!("%i", n);
    do_some_work(n);
}

The call is prefixed with the keyword do and, instead of writing the final closure inside the argument list it is moved outside of the parenthesis where it looks visually more like a typical block of code. The do expression is purely syntactic sugar for a call that takes a final closure argument.

do is often used for task spawning.

import task::spawn;

do spawn() || {
    debug!("I'm a task, whatever");
}

That's nice, but look at all those bars and parentheses - that's two empty argument lists back to back. Wouldn't it be great if they weren't there?

# import task::spawn;
do spawn {
   debug!("Kablam!");
}

Empty argument lists can be omitted from do expressions.

For loops

Most iteration in Rust is done with for loops. Like do, for is a nice syntax for doing control flow with closures. Additionally, within a for loop, break, again, and return work just as they do with while and loop.

Consider again our each function, this time improved to break early when the iteratee returns false:

fn each(v: ~[int], op: fn(int) -> bool) {
   let mut n = 0;
   while n < v.len() {
       if !op(v[n]) {
           break;
       }
       n += 1;
   }
}

And using this function to iterate over a vector:

# import each = vec::each;
# import println = io::println;
each(~[2, 4, 8, 5, 16], |n| {
    if n % 2 != 0 {
        println(~"found odd number!");
        false
    } else { true }
});

With for, functions like each can be treated more like builtin looping structures. When calling each in a for loop, instead of returning false to break out of the loop, you just write break. To skip ahead to the next iteration, write again.

# import each = vec::each;
# import println = io::println;
for each(~[2, 4, 8, 5, 16]) |n| {
    if n % 2 != 0 {
        println(~"found odd number!");
        break;
    }
}

As an added bonus, you can use the return keyword, which is not normally allowed in closures, in a block that appears as the body of a for loop — this will cause a return to happen from the outer function, not just the loop body.

# import each = vec::each;
fn contains(v: ~[int], elt: int) -> bool {
    for each(v) |x| {
        if (x == elt) { return true; }
    }
    false
}

for syntax only works with stack closures.

Generics

Generic functions

Throughout this tutorial, we've been defining functions that act only on single data types. It's a burden to define such functions again and again for every type they apply to. Thus, Rust allows functions and datatypes to have type parameters.

fn map<T, U>(vector: &[T], function: fn(T) -> U) -> ~[U] {
    let mut accumulator = ~[];
    for vector.each |element| {
        vec::push(accumulator, function(element));
    }
    return accumulator;
}

When defined with type parameters, this function can be applied to any type of vector, as long as the type of function's argument and the type of the vector's content agree with each other.

Inside a generic function, the names of the type parameters (capitalized by convention) stand for opaque types. You can't look inside them, but you can pass them around.

Generic datatypes

Generic type, struct, and enum declarations follow the same pattern:

struct Stack<T> {
    elements: ~[mut T]
}

enum Maybe<T> {
    Just(T),
    Nothing
}

These declarations produce valid types like Stack<u8> and Maybe<int>.

Kinds

Perhaps surprisingly, the 'copy' (duplicate) operation is not defined for all Rust types. Resource types (classes with destructors) cannot be copied, and neither can any type whose copying would require copying a resource (such as records or unique boxes containing a resource).

This complicates handling of generic functions. If you have a type parameter T, can you copy values of that type? In Rust, you can't, unless you explicitly declare that type parameter to have copyable 'kind'. A kind is a type of type.

// This does not compile
fn head_bad<T>(v: ~[T]) -> T { v[0] }
// This does
fn head<T: copy>(v: ~[T]) -> T { v[0] }

When instantiating a generic function, you can only instantiate it with types that fit its kinds. So you could not apply head to a resource type. Rust has several kinds that can be used as type bounds:

  • copy - Copyable types. All types are copyable unless they are classes with destructors or otherwise contain classes with destructors.
  • send - Sendable types. All types are sendable unless they contain shared boxes, closures, or other local-heap-allocated types.
  • const - Constant types. These are types that do not contain mutable fields nor shared boxes.

Note: Rust type kinds are syntactically very similar to traits when used as type bounds, and can be conveniently thought of as built-in traits. In the future type kinds will actually be traits that the compiler has special knowledge about.

Modules and crates

The Rust namespace is divided into modules. Each source file starts with its own module.

Local modules

The mod keyword can be used to open a new, local module. In the example below, chicken lives in the module farm, so, unless you explicitly import it, you must refer to it by its long name, farm::chicken.

mod farm {
    fn chicken() -> ~str { ~"cluck cluck" }
    fn cow() -> ~str { ~"mooo" }
}
fn main() {
    io::println(farm::chicken());
}

Modules can be nested to arbitrary depth.

Crates

The unit of independent compilation in Rust is the crate. Libraries tend to be packaged as crates, and your own programs may consist of one or more crates.

When compiling a single .rs file, the file acts as the whole crate. You can compile it with the --lib compiler switch to create a shared library, or without, provided that your file contains a fn main somewhere, to create an executable.

It is also possible to include multiple files in a crate. For this purpose, you create a .rc crate file, which references any number of .rs code files. A crate file could look like this:

#[link(name = "farm", vers = "2.5", author = "mjh")];
#[crate_type = "lib"];
mod cow;
mod chicken;
mod horse;

Compiling this file will cause rustc to look for files named cow.rs, chicken.rs, horse.rs in the same directory as the .rc file, compile them all together, and, depending on the presence of the crate_type = "lib" attribute, output a shared library or an executable. (If the line #[crate_type = "lib"]; was omitted, rustc would create an executable.)

The #[link(...)] part provides meta information about the module, which other crates can use to load the right module. More about that later.

To have a nested directory structure for your source files, you can nest mods in your .rc file:

mod poultry {
    mod chicken;
    mod turkey;
}

The compiler will now look for poultry/chicken.rs and poultry/turkey.rs, and export their content in poultry::chicken and poultry::turkey. You can also provide a poultry.rs to add content to the poultry module itself.

Using other crates

Having compiled a crate that contains the #[crate_type = "lib"] attribute, you can use it in another crate with a use directive. We've already seen use std in several of the examples, which loads in the standard library.

use directives can appear in a crate file, or at the top level of a single-file .rs crate. They will cause the compiler to search its library search path (which you can extend with -L switch) for a Rust crate library with the right name.

It is possible to provide more specific information when using an external crate.

use myfarm (name = "farm", vers = "2.7");

When a comma-separated list of name/value pairs is given after use, these are matched against the attributes provided in the link attribute of the crate file, and a crate is only used when the two match. A name value can be given to override the name used to search for the crate. So the above would import the farm crate under the local name myfarm.

Our example crate declared this set of link attributes:

#[link(name = "farm", vers = "2.5", author = "mjh")];

The version does not match the one provided in the use directive, so unless the compiler can find another crate with the right version somewhere, it will complain that no matching crate was found.

The core library

A set of basic library routines, mostly related to built-in datatypes and the task system, are always implicitly linked and included in any Rust program.

This library is documented here.

A minimal example

Now for something that you can actually compile yourself. We have these two files:

// mylib.rs
#[link(name = "mylib", vers = "1.0")];
fn world() -> ~str { ~"world" }
// main.rs
use std;
use mylib;
fn main() { io::println(~"hello " + mylib::world()); }

Now compile and run like this (adjust to your platform if necessary):

> rustc --lib mylib.rs
> rustc main.rs -L .
> ./main
"hello world"

Importing

When using identifiers from other modules, it can get tiresome to qualify them with the full module path every time (especially when that path is several modules deep). Rust allows you to import identifiers at the top of a file, module, or block.

use std;
import io::println;
fn main() {
    println(~"that was easy");
}

It is also possible to import just the name of a module (import std::list;, then use list::find), to import all identifiers exported by a given module (import io::*), or to import a specific set of identifiers (import math::{min, max, pi}).

You can rename an identifier when importing using the = operator:

import prnt = io::println;

Exporting

By default, a module exports everything that it defines. This can be restricted with export directives at the top of the module or file.

mod enc {
    export encrypt, decrypt;
    const super_secret_number: int = 10;
    fn encrypt(n: int) -> int { n + super_secret_number }
    fn decrypt(n: int) -> int { n - super_secret_number }
}

This defines a rock-solid encryption algorithm. Code outside of the module can refer to the enc::encrypt and enc::decrypt identifiers just fine, but it does not have access to enc::super_secret_number.

Namespaces

Rust uses three different namespaces: one for modules, one for types, and one for values. This means that this code is valid:

mod buffalo {
    type buffalo = int;
    fn buffalo<buffalo: copy>(buffalo: buffalo) -> buffalo { buffalo }
}
fn main() {
    let buffalo: buffalo::buffalo = 1;
    buffalo::buffalo::<buffalo::buffalo>(buffalo::buffalo(buffalo));
}

You don't want to write things like that, but it is very practical to not have to worry about name clashes between types, values, and modules. This allows us to have a module core::str, for example, even though str is a built-in type name.

Resolution

The resolution process in Rust simply goes up the chain of contexts, looking for the name in each context. Nested functions and modules create new contexts inside their parent function or module. A file that's part of a bigger crate will have that crate's context as its parent context.

Identifiers can shadow each other. In this program, x is of type int:

type t = ~str;
fn main() {
    type t = int;
    let x: t;
}

An import directive will only import into the namespaces for which identifiers are actually found. Consider this example:

type bar = uint;
mod foo { fn bar() {} }
mod baz {
    import foo::bar;
    const x: bar = 20u;
}

When resolving the type name bar in the const definition, the resolver will first look at the module context for baz. This has an import named bar, but that's a function, not a type, So it continues to the top level and finds a type named bar defined there.

Normally, multiple definitions of the same identifier in a scope are disallowed. Local variables defined with let are an exception to this—multiple let directives can redefine the same variable in a single scope. When resolving the name of such a variable, the most recent definition is used.

fn main() {
    let x = 10;
    let x = x + 10;
    assert x == 20;
}

This makes it possible to rebind a variable without actually mutating it, which is mostly useful for destructuring (which can rebind, but not assign).

Traits

Traits are Rust's take on value polymorphism—the thing that object-oriented languages tend to solve with methods and inheritance. For example, writing a function that can operate on multiple types of collections.

Note: This feature is very new, and will need a few extensions to be applicable to more advanced use cases.

Declaration

A trait consists of a set of methods. A method is a function that can be applied to a self value and a number of arguments, using the dot notation: self.foo(arg1, arg2).

For example, we could declare the trait to_str for things that can be converted to a string, with a single method of the same name:

trait to_str {
    fn to_str() -> ~str;
}

Implementation

To actually implement a trait for a given type, the impl form is used. This defines implementations of to_str for the int and ~str types.

# trait to_str { fn to_str() -> ~str; }
impl int: to_str {
    fn to_str() -> ~str { int::to_str(self, 10u) }
}
impl ~str: to_str {
    fn to_str() -> ~str { self }
}

Given these, we may call 1.to_str() to get ~"1", or (~"foo").to_str() to get ~"foo" again. This is basically a form of static overloading—when the Rust compiler sees the to_str method call, it looks for an implementation that matches the type with a method that matches the name, and simply calls that.

Bounded type parameters

The useful thing about value polymorphism is that it does not have to be static. If object-oriented languages only let you call a method on an object when they knew exactly which sub-type it had, that would not get you very far. To be able to call methods on types that aren't known at compile time, it is possible to specify 'bounds' for type parameters.

# trait to_str { fn to_str() -> ~str; }
fn comma_sep<T: to_str>(elts: ~[T]) -> ~str {
    let mut result = ~"", first = true;
    for elts.each |elt| {
        if first { first = false; }
        else { result += ~", "; }
        result += elt.to_str();
    }
    return result;
}

The syntax for this is similar to the syntax for specifying that a parameter type has to be copyable (which is, in principle, another kind of bound). By declaring T as conforming to the to_str trait, it becomes possible to call methods from that trait on values of that type inside the function. It will also cause a compile-time error when anyone tries to call comma_sep on an array whose element type does not have a to_str implementation in scope.

Polymorphic traits

Traits may contain type parameters. This defines a trait for generalized sequence types:

trait seq<T> {
    fn len() -> uint;
    fn iter(fn(T));
}
impl<T> ~[T]: seq<T> {
    fn len() -> uint { vec::len(self) }
    fn iter(b: fn(T)) {
        for self.each |elt| { b(elt); }
    }
}

Note that the implementation has to explicitly declare the type parameter that it binds, T, before using it to specify its trait type. This is needed because it could also, for example, specify an implementation of seq<int>—the of clause refers to a type, rather than defining one.

The type parameters bound by a trait are in scope in each of the method declarations. So, re-declaring the type parameter T as an explicit type parameter for len -- in either the trait or the impl -- would be a compile-time error.

The self type in traits

In a trait, self is a special type that you can think of as a type parameter. An implementation of the trait for any given type T replaces the self type parameter with T. The following trait describes types that support an equality operation:

trait eq {
  fn equals(&&other: self) -> bool;
}

impl int: eq {
  fn equals(&&other: int) -> bool { other == self }
}

Notice that equals takes an int argument, rather than a self argument, in an implementation for type int.

Casting to a trait type

The above allows us to define functions that polymorphically act on values of an unknown type that conforms to a given trait. However, consider this function:

# type circle = int; type rectangle = int;
# trait drawable { fn draw(); }
# impl int: drawable { fn draw() {} }
# fn new_circle() -> int { 1 }
fn draw_all<T: drawable>(shapes: ~[T]) {
    for shapes.each |shape| { shape.draw(); }
}
# let c: circle = new_circle();
# draw_all(~[c]);

You can call that on an array of circles, or an array of squares (assuming those have suitable drawable traits defined), but not on an array containing both circles and squares.

When this is needed, a trait name can be used as a type, causing the function to be written simply like this:

# trait drawable { fn draw(); }
fn draw_all(shapes: ~[drawable]) {
    for shapes.each |shape| { shape.draw(); }
}

There is no type parameter anymore (since there isn't a single type that we're calling the function on). Instead, the drawable type is used to refer to a type that is a reference-counted box containing a value for which a drawable implementation exists, combined with information on where to find the methods for this implementation. This is very similar to the 'vtables' used in most object-oriented languages.

To construct such a value, you use the as operator to cast a value to a trait type:

# type circle = int; type rectangle = int;
# trait drawable { fn draw(); }
# impl int: drawable { fn draw() {} }
# fn new_circle() -> int { 1 }
# fn new_rectangle() -> int { 2 }
# fn draw_all(shapes: ~[drawable]) {}
let c: circle = new_circle();
let r: rectangle = new_rectangle();
draw_all(~[c as drawable, r as drawable]);

This will store the value into a box, along with information about the implementation (which is looked up in the scope of the cast). The drawable type simply refers to such boxes, and calling methods on it always works, no matter what implementations are in scope.

Note that the allocation of a box is somewhat more expensive than simply using a type parameter and passing in the value as-is, and much more expensive than statically resolved method calls.

Trait-less implementations

If you only intend to use an implementation for static overloading, and there is no trait available that it conforms to, you are free to leave off the of clause. However, this is only possible when you are defining an implementation in the same module as the receiver type, and the receiver type is a named type (i.e., an enum or a class); single-variant enums are a common choice.

Interacting with foreign code

One of Rust's aims, as a system programming language, is to interoperate well with C code.

We'll start with an example. It's a bit bigger than usual, and contains a number of new concepts. We'll go over it one piece at a time.

This is a program that uses OpenSSL's SHA1 function to compute the hash of its first command-line argument, which it then converts to a hexadecimal string and prints to standard output. If you have the OpenSSL libraries installed, it should 'just work'.

use std;
import libc::c_uint;

extern mod crypto {
    fn SHA1(src: *u8, sz: c_uint, out: *u8) -> *u8;
}

fn as_hex(data: ~[u8]) -> ~str {
    let mut acc = ~"";
    for data.each |byte| { acc += fmt!("%02x", byte as uint); }
    return acc;
}

fn sha1(data: ~str) -> ~str unsafe {
    let bytes = str::to_bytes(data);
    let hash = crypto::SHA1(vec::unsafe::to_ptr(bytes),
                            vec::len(bytes) as c_uint, ptr::null());
    return as_hex(vec::unsafe::from_buf(hash, 20u));
}

fn main(args: ~[~str]) {
    io::println(sha1(args[1]));
}

Foreign modules

Before we can call SHA1, we have to declare it. That is what this part of the program is responsible for:

extern mod crypto {
    fn SHA1(src: *u8, sz: uint, out: *u8) -> *u8;
}

An extern module declaration containing function signatures introduces the functions listed as foreign functions, that are implemented in some other language (usually C) and accessed through Rust's foreign function interface (FFI). An extern module like this is called a foreign module, and implicitly tells the compiler to link with a library with the same name as the module, and that it will find the foreign functions in that library.

In this case, it'll change the name crypto to a shared library name in a platform-specific way (libcrypto.so on Linux, for example), and link that in. If you want the module to have a different name from the actual library, you can use the "link_name" attribute, like:

#[link_name = "crypto"]
extern mod something {
    fn SHA1(src: *u8, sz: uint, out: *u8) -> *u8;
}

Foreign calling conventions

Most foreign code will be C code, which usually uses the cdecl calling convention, so that is what Rust uses by default when calling foreign functions. Some foreign functions, most notably the Windows API, use other calling conventions, so Rust provides a way to hint to the compiler which is expected by using the "abi" attribute:

#[cfg(target_os = "win32")]
#[abi = "stdcall"]
extern mod kernel32 {
    fn SetEnvironmentVariableA(n: *u8, v: *u8) -> int;
}

The "abi" attribute applies to a foreign module (it can not be applied to a single function within a module), and must be either "cdecl" or "stdcall". Other conventions may be defined in the future.

Unsafe pointers

The foreign SHA1 function is declared to take three arguments, and return a pointer.

# extern mod crypto {
fn SHA1(src: *u8, sz: libc::c_uint, out: *u8) -> *u8;
# }

When declaring the argument types to a foreign function, the Rust compiler has no way to check whether your declaration is correct, so you have to be careful. If you get the number or types of the arguments wrong, you're likely to get a segmentation fault. Or, probably even worse, your code will work on one platform, but break on another.

In this case, SHA1 is defined as taking two unsigned char* arguments and one unsigned long. The rust equivalents are *u8 unsafe pointers and an uint (which, like unsigned long, is a machine-word-sized type).

Unsafe pointers can be created through various functions in the standard lib, usually with unsafe somewhere in their name. You can dereference an unsafe pointer with * operator, but use caution—unlike Rust's other pointer types, unsafe pointers are completely unmanaged, so they might point at invalid memory, or be null pointers.

Unsafe blocks

The sha1 function is the most obscure part of the program.

# mod crypto { fn SHA1(src: *u8, sz: uint, out: *u8) -> *u8 { out } }
# fn as_hex(data: ~[u8]) -> ~str { ~"hi" }
fn sha1(data: ~str) -> ~str {
    unsafe {
        let bytes = str::to_bytes(data);
        let hash = crypto::SHA1(vec::unsafe::to_ptr(bytes),
                                vec::len(bytes), ptr::null());
        return as_hex(vec::unsafe::from_buf(hash, 20u));
    }
}

Firstly, what does the unsafe keyword at the top of the function mean? unsafe is a block modifier—it declares the block following it to be known to be unsafe.

Some operations, like dereferencing unsafe pointers or calling functions that have been marked unsafe, are only allowed inside unsafe blocks. With the unsafe keyword, you're telling the compiler 'I know what I'm doing'. The main motivation for such an annotation is that when you have a memory error (and you will, if you're using unsafe constructs), you have some idea where to look—it will most likely be caused by some unsafe code.

Unsafe blocks isolate unsafety. Unsafe functions, on the other hand, advertise it to the world. An unsafe function is written like this:

unsafe fn kaboom() { ~"I'm harmless!"; }

This function can only be called from an unsafe block or another unsafe function.

Pointer fiddling

The standard library defines a number of helper functions for dealing with unsafe data, casting between types, and generally subverting Rust's safety mechanisms.

Let's look at our sha1 function again.

# mod crypto { fn SHA1(src: *u8, sz: uint, out: *u8) -> *u8 { out } }
# fn as_hex(data: ~[u8]) -> ~str { ~"hi" }
# fn x(data: ~str) -> ~str {
# unsafe {
let bytes = str::to_bytes(data);
let hash = crypto::SHA1(vec::unsafe::to_ptr(bytes),
                        vec::len(bytes), ptr::null());
return as_hex(vec::unsafe::from_buf(hash, 20u));
# }
# }

The str::to_bytes function is perfectly safe: it converts a string to a [u8]. This byte array is then fed to vec::unsafe::to_ptr, which returns an unsafe pointer to its contents.

This pointer will become invalid as soon as the vector it points into is cleaned up, so you should be very careful how you use it. In this case, the local variable bytes outlives the pointer, so we're good.

Passing a null pointer as the third argument to SHA1 makes it use a static buffer, and thus save us the effort of allocating memory ourselves. ptr::null is a generic function that will return an unsafe null pointer of the correct type (Rust generics are awesome like that—they can take the right form depending on the type that they are expected to return).

Finally, vec::unsafe::from_buf builds up a new [u8] from the unsafe pointer that was returned by SHA1. SHA1 digests are always twenty bytes long, so we can pass 20u for the length of the new vector.

Passing structures

C functions often take pointers to structs as arguments. Since Rust records are binary-compatible with C structs, Rust programs can call such functions directly.

This program uses the POSIX function gettimeofday to get a microsecond-resolution timer.

use std;
import libc::c_ulonglong;

type timeval = {mut tv_sec: c_ulonglong,
                mut tv_usec: c_ulonglong};
#[nolink]
extern mod lib_c {
    fn gettimeofday(tv: *timeval, tz: *()) -> i32;
}
fn unix_time_in_microseconds() -> u64 unsafe {
    let x = {mut tv_sec: 0 as c_ulonglong, mut tv_usec: 0 as c_ulonglong};
    lib_c::gettimeofday(ptr::addr_of(x), ptr::null());
    return (x.tv_sec as u64) * 1000_000_u64 + (x.tv_usec as u64);
}

# fn main() { assert fmt!("%?", unix_time_in_microseconds()) != ~""; }

The #[nolink] attribute indicates that there's no foreign library to link in. The standard C library is already linked with Rust programs.

A timeval, in C, is a struct with two 32-bit integers. Thus, we define a record type with the same contents, and declare gettimeofday to take a pointer to such a record.

The second argument to gettimeofday (the time zone) is not used by this program, so it simply declares it to be a pointer to the nil type. Since all null pointers have the same representation regardless of their referent type, this is safe.

Tasks

Rust supports a system of lightweight tasks, similar to what is found in Erlang or other actor systems. Rust tasks communicate via messages and do not share data. However, it is possible to send data without copying it by making use of the exchange heap, which allow the sending task to release ownership of a value, so that the receiving task can keep on using it.

Note: As Rust evolves, we expect the task API to grow and change somewhat. The tutorial documents the API as it exists today.

Spawning a task

Spawning a task is done using the various spawn functions in the module task. Let's begin with the simplest one, task::spawn():

import task::spawn;
import io::println;

let some_value = 22;

do spawn {
    println(~"This executes in the child task.");
    println(fmt!("%d", some_value));
}

The argument to task::spawn() is a unique closure of type fn~(), meaning that it takes no arguments and generates no return value. The effect of task::spawn() is to fire up a child task that will execute the closure in parallel with the creator.

Communication

Now that we have spawned a child task, it would be nice if we could communicate with it. This is done using pipes. Pipes are simply a pair of endpoints, with one for sending messages and another for receiving messages. The easiest way to create a pipe is to use pipes::stream. Imagine we wish to perform two expensive computations in parallel. We might write something like:

import task::spawn;
import pipes::{stream, Port, Chan};

let (chan, port) = stream();

do spawn {
    let result = some_expensive_computation();
    chan.send(result);
}

some_other_expensive_computation();
let result = port.recv();

# fn some_expensive_computation() -> int { 42 }
# fn some_other_expensive_computation() {}

Let's walk through this code line-by-line. The first line creates a stream for sending and receiving integers:

# import pipes::stream;
let (chan, port) = stream();

This port is where we will receive the message from the child task once it is complete. The channel will be used by the child to send a message to the port. The next statement actually spawns the child:

# import task::{spawn};
# import comm::{Port, Chan};
# fn some_expensive_computation() -> int { 42 }
# let port = Port();
# let chan = port.chan();
do spawn {
    let result = some_expensive_computation();
    chan.send(result);
}

This child will perform the expensive computation send the result over the channel. (Under the hood, chan was captured by the closure that forms the body of the child task. This capture is allowed because channels are sendable.)

Finally, the parent continues by performing some other expensive computation and then waiting for the child's result to arrive on the port:

# import pipes::{stream, Port, Chan};
# fn some_other_expensive_computation() {}
# let (chan, port) = stream::<int>();
# chan.send(0);
some_other_expensive_computation();
let result = port.recv();

Creating a task with a bi-directional communication path

A very common thing to do is to spawn a child task where the parent and child both need to exchange messages with each other. The function std::comm::DuplexStream() supports this pattern. We'll look briefly at how it is used.

To see how spawn_conversation() works, we will create a child task that receives uint messages, converts them to a string, and sends the string in response. The child terminates when 0 is received. Here is the function that implements the child task:

# import std::comm::DuplexStream;
# import pipes::{Port, Chan};
fn stringifier(channel: DuplexStream<~str, uint>) {
    let mut value: uint;
    loop {
        value = channel.recv();
        channel.send(uint::to_str(value, 10u));
        if value == 0u { break; }
    }
}

The implementation of DuplexStream supports both sending and receiving. The stringifier function takes a DuplexStream that can send strings (the first type parameter) and receive uint messages (the second type parameter). The body itself simply loops, reading from the channel and then sending its response back. The actual response itself is simply the strified version of the received value, uint::to_str(value).

Here is the code for the parent task:

# import std::comm::DuplexStream;
# import pipes::{Port, Chan};
# import task::spawn;
# fn stringifier(channel: DuplexStream<~str, uint>) {
#     let mut value: uint;
#     loop {
#         value = channel.recv();
#         channel.send(uint::to_str(value, 10u));
#         if value == 0u { break; }
#     }
# }
# fn main() {

let (from_child, to_child) = DuplexStream();

do spawn || {
    stringifier(to_child);
};

from_child.send(22u);
assert from_child.recv() == ~"22";

from_child.send(23u);
from_child.send(0u);

assert from_child.recv() == ~"23";
assert from_child.recv() == ~"0";

# }

The parent task first calls DuplexStream to create a pair of bidirectional endpoints. It then uses task::spawn to create the child task, which captures one end of the communication channel. As a result, both parent and child can send and receive data to and from the other.

Testing

The Rust language has a facility for testing built into the language. Tests can be interspersed with other code, and annotated with the #[test] attribute.

# // FIXME: xfailed because test_twice is a #[test] function it's not
# // getting compiled
use std;

fn twice(x: int) -> int { x + x }

#[test]
fn test_twice() {
    let mut i = -100;
    while i < 100 {
        assert twice(i) == 2 * i;
        i += 1;
    }
}

When you compile the program normally, the test_twice function will not be included. To compile and run such tests, compile with the --test flag, and then run the result:

> rustc --test twice.rs
> ./twice
running 1 tests
test test_twice ... ok
result: ok. 1 passed; 0 failed; 0 ignored

Or, if we change the file to fail, for example by replacing x + x with x + 1:

running 1 tests
test test_twice ... FAILED
failures:
    test_twice
result: FAILED. 0 passed; 1 failed; 0 ignored

You can pass a command-line argument to a program compiled with --test to run only the tests whose name matches the given string. If we had, for example, test functions test_twice, test_once_1, and test_once_2, running our program with ./twice test_once would run the latter two, and running it with ./twice test_once_2 would run only the last.

To indicate that a test is supposed to fail instead of pass, you can give it a #[should_fail] attribute.

use std;

fn divide(a: float, b: float) -> float {
    if b == 0f { fail; }
    a / b
}

#[test]
#[should_fail]
fn divide_by_zero() { divide(1f, 0f); }

# fn main() { }

To disable a test completely, add an #[ignore] attribute. Running a test runner (the program compiled with --test) with an --ignored command-line flag will cause it to also run the tests labelled as ignored.

A program compiled as a test runner will have the configuration flag test defined, so that you can add code that won't be included in a normal compile with the #[cfg(test)] attribute (see conditional compilation).