
The Dark Arts of Advanced and Unsafe Rust Programming - ngaut
https://doc.rust-lang.org/nomicon/
======
swolchok
IMO title should at least contain "The Rustonomicon"; "The Dark Arts of
Advanced and Unsafe Rust Programming" is the subtitle. I wouldn't have clicked
through if I had known that the link was to this document.

------
gwbas1c
I recently had to write a lot of unsafe code in C# to interoperate with a
driver.

As advanced as modern languages are, the excellent memory models only work
within the language. Interoperability requires that you can work with memory
directly when needed. (And only when needed.) I don't have a lot of Rust
experience, but C# has plenty of tricks to avoid unsafe code but get close
enough to working with real memory.

One thing that would help is if there was some kind of a tool that could take
C header files, figure out how the structs and functions compile, and generate
the Rust / C# structs and fuction signatures. This is such a time consuming
task to do manually in C#, and novices screw it up all the time.

(I wish I had the time to do more work in Rust. It's a great concept!)

~~~
swgillespie
There are a couple of projects that do this for Rust, depending on what your
inputs and outputs are:

* [https://github.com/rust-lang-nursery/rust-bindgen](https://github.com/rust-lang-nursery/rust-bindgen) \- Inputs are C/C++ headers, outputs are Rust type definitions and extern functions to interoperate with the type and functions in the headers

* [https://github.com/immunant/c2rust](https://github.com/immunant/c2rust) \- Inputs are C headers and source, outputs Rust code that is semantically equivalent to the C (modulo bugs, etc.)

* [https://github.com/eqrion/cbindgen/](https://github.com/eqrion/cbindgen/) \- Inputs are Rust source, outputs C/C++ headers that can be used to interoperate with the types and functions exposed by Rust

~~~
Immortalin
None of these are able to handle dynamic header templating properly, e.g. try
embedding Guile Scheme in a non-C/C++ language through FFI alone.

------
jake_the_third
This is not meant as criticism of this book as it is of my own reading and
comprehension abilities (English is not my mother tongue), but when I
attempted to read the book, I found the writing style employed very off-
putting and distracting. In contrast, I usually find documentation written in
a formal technical style like standards and references to be clear and
concise; I don't have to exert mental effort trying to decipher
inconsequential verbiage, idioms, and cultural references beyond what I need
to understand the material at hand.

Is there a resource like The Rustonomicon, but written in a concise and formal
style?

~~~
gameswithgo
Best bet is probably the API docs? For instance: [https://doc.rust-
lang.org/std/mem/fn.transmute.html](https://doc.rust-
lang.org/std/mem/fn.transmute.html)

Not sure how to search to get a collection of the unsafe related functions
though.

------
habitue
It's a shame they didn't ever resume work on this. Apparently the guy who
wrote it can't work on it any more

~~~
pcwalton
Thankfully, Gankro is now a colleague of mine and can work on it as much as
they want again :)

~~~
oconnor663
omg does that mean Learning Rust With Entirely Too Many Linked Lists is going
to get finished up at some point?

------
exitcode00
Ada does, and has better and more clear conventions for "unsafe" programming
(pointer arithmetic, conversions, etc) but does it naturally without special
keywords and esoteric conventions through its package system. Too bad no one
will ever give it a chance due to is syntax :(

Rust is nothing but a slapdash C style copy of its semantics.

~~~
habitue
> Rust is nothing but a slapdash C style copy of its semantics.

Rust is a copy of Ada's semantics for dealing with memory unsafe code? Could
you provide an example of what you mean?

> Ada does, and has better and more clear conventions for "unsafe" programming
> (pointer arithmetic, conversions, etc)

Can you give some examples here of what you mean? I found
Interfaces.C.Pointers, but I don't know enough about the language to know if
that's what you were talking about

~~~
exitcode00
I meant Rust is a copy of Ada in general - it does not deal with unsafe
programming in the same way. Instead, you do things like instantiate generic
packages/procedure like Ada.Unchecked_Deallocation and
Ada.Unchecked_Conversion with the specific conversion or heap deallocation
procedure you need. So you are forced to be explicit about every unsafe
operation by including such procedures and calling such things - but you are
not prone to accidents because you got in the habit of wrapping things in
perverse "unsafe" blocks every time you meet a well-thought-out restriction of
the language.

~~~
Tuna-Fish
> I meant Rust is a copy of Ada in general

Have you ever actually looked at rust? The headline feature of Rust is linear
types with checked borrowing, something that Ada does not provide.

~~~
hunt
Plus Ada has a complicated runtime system that Rust doesn't.

~~~
exitcode00
Example?

