<!DOCTYPE HTML>
< html lang = "en" class = "sidebar-visible no-js rust" >
< head >
<!-- Book generated using mdBook -->
< meta charset = "UTF-8" >
< title > Accepting Strings - Rust Design Patterns< / title >
<!-- Custom HTML head -->
< meta content = "text/html; charset=utf-8" http-equiv = "Content-Type" >
< meta name = "description" content = "A catalogue of Rust design patterns, anti-patterns and idioms" >
< meta name = "viewport" content = "width=device-width, initial-scale=1" >
< meta name = "theme-color" content = "#ffffff" / >
< link rel = "icon" href = "../../favicon.svg" >
< link rel = "shortcut icon" href = "../../favicon.png" >
< link rel = "stylesheet" href = "../../css/variables.css" >
< link rel = "stylesheet" href = "../../css/general.css" >
< link rel = "stylesheet" href = "../../css/chrome.css" >
< link rel = "stylesheet" href = "../../css/print.css" media = "print" >
<!-- Fonts -->
< link rel = "stylesheet" href = "../../FontAwesome/css/font-awesome.css" >
< link rel = "stylesheet" href = "../../fonts/fonts.css" >
<!-- Highlight.js Stylesheets -->
< link rel = "stylesheet" href = "../../highlight.css" >
< link rel = "stylesheet" href = "../../tomorrow-night.css" >
< link rel = "stylesheet" href = "../../ayu-highlight.css" >
<!-- Custom theme stylesheets -->
< / head >
< body >
<!-- Provide site root to javascript -->
< script type = "text/javascript" >
var path_to_root = "../../";
var default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? "navy" : "rust";
< / script >
<!-- Work around some values being stored in localStorage wrapped in quotes -->
< script type = "text/javascript" >
try {
var theme = localStorage.getItem('mdbook-theme');
var sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') & & theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') & & sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
< / script >
<!-- Set the theme before any content is loaded, prevents flash -->
< script type = "text/javascript" >
var theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
var html = document.querySelector('html');
html.classList.remove('no-js')
html.classList.remove('rust')
html.classList.add(theme);
html.classList.add('js');
< / script >
<!-- Hide / unhide sidebar before it is displayed -->
< script type = "text/javascript" >
var html = document.querySelector('html');
var sidebar = 'hidden';
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
}
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
< / script >
< nav id = "sidebar" class = "sidebar" aria-label = "Table of contents" >
< div class = "sidebar-scrollbox" >
< ol class = "chapter" > < li class = "chapter-item expanded " > < a href = "../../intro.html" > < strong aria-hidden = "true" > 1.< / strong > Introduction< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "../../translations.html" > < strong aria-hidden = "true" > 1.1.< / strong > Translations< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/index.html" > < strong aria-hidden = "true" > 2.< / strong > Idioms< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "../../idioms/coercion-arguments.html" > < strong aria-hidden = "true" > 2.1.< / strong > Use borrowed types for arguments< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/concat-format.html" > < strong aria-hidden = "true" > 2.2.< / strong > Concatenating Strings with format!< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/ctor.html" > < strong aria-hidden = "true" > 2.3.< / strong > Constructor< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/default.html" > < strong aria-hidden = "true" > 2.4.< / strong > The Default Trait< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/deref.html" > < strong aria-hidden = "true" > 2.5.< / strong > Collections Are Smart Pointers< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/dtor-finally.html" > < strong aria-hidden = "true" > 2.6.< / strong > Finalisation in Destructors< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/mem-replace.html" > < strong aria-hidden = "true" > 2.7.< / strong > mem::{take(_), replace(_)}< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/on-stack-dyn-dispatch.html" > < strong aria-hidden = "true" > 2.8.< / strong > On-Stack Dynamic Dispatch< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/ffi/intro.html" > < strong aria-hidden = "true" > 2.9.< / strong > Foreign function interface (FFI)< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "../../idioms/ffi/errors.html" > < strong aria-hidden = "true" > 2.9.1.< / strong > Idiomatic Errors< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/ffi/accepting-strings.html" class = "active" > < strong aria-hidden = "true" > 2.9.2.< / strong > Accepting Strings< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/ffi/passing-strings.html" > < strong aria-hidden = "true" > 2.9.3.< / strong > Passing Strings< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/option-iter.html" > < strong aria-hidden = "true" > 2.10.< / strong > Iterating over an Option< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/pass-var-to-closure.html" > < strong aria-hidden = "true" > 2.11.< / strong > Pass Variables to Closure< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/priv-extend.html" > < strong aria-hidden = "true" > 2.12.< / strong > Privacy For Extensibility< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/rustdoc-init.html" > < strong aria-hidden = "true" > 2.13.< / strong > Easy doc initialization< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../idioms/temporary-mutability.html" > < strong aria-hidden = "true" > 2.14.< / strong > Temporary mutability< / a > < / li > < / ol > < / li > < li class = "chapter-item expanded " > < a href = "../../patterns/index.html" > < strong aria-hidden = "true" > 3.< / strong > Design Patterns< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/intro.html" > < strong aria-hidden = "true" > 3.1.< / strong > Behavioural< / a > < / li > < li > < ol class = "section" > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/command.html" > < strong aria-hidden = "true" > 3.1.1.< / strong > Command< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/interpreter.html" > < strong aria-hidden = "true" > 3.1.2.< / strong > Interpreter< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/newtype.html" > < strong aria-hidden = "true" > 3.1.3.< / strong > Newtype< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/RAII.html" > < strong aria-hidden = "true" > 3.1.4.< / strong > RAII Guards< / a > < / li > < li class = "chapter-item expanded " > < a href = "../../patterns/behavioural/strategy.html
< / div >
< div id = "sidebar-resize-handle" class = "sidebar-resize-handle" > < / div >
< / nav >
< div id = "page-wrapper" class = "page-wrapper" >
< div class = "page" >
< div id = "menu-bar-hover-placeholder" > < / div >
< div id = "menu-bar" class = "menu-bar sticky bordered" >
< div class = "left-buttons" >
< button id = "sidebar-toggle" class = "icon-button" type = "button" title = "Toggle Table of Contents" aria-label = "Toggle Table of Contents" aria-controls = "sidebar" >
< i class = "fa fa-bars" > < / i >
< / button >
< button id = "theme-toggle" class = "icon-button" type = "button" title = "Change theme" aria-label = "Change theme" aria-haspopup = "true" aria-expanded = "false" aria-controls = "theme-list" >
< i class = "fa fa-paint-brush" > < / i >
< / button >
< ul id = "theme-list" class = "theme-popup" aria-label = "Themes" role = "menu" >
< li role = "none" > < button role = "menuitem" class = "theme" id = "light" > Light< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "rust" > Rust (default)< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "coal" > Coal< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "navy" > Navy< / button > < / li >
< li role = "none" > < button role = "menuitem" class = "theme" id = "ayu" > Ayu< / button > < / li >
< / ul >
< button id = "search-toggle" class = "icon-button" type = "button" title = "Search. (Shortkey: s)" aria-label = "Toggle Searchbar" aria-expanded = "false" aria-keyshortcuts = "S" aria-controls = "searchbar" >
< i class = "fa fa-search" > < / i >
< / button >
< / div >
< h1 class = "menu-title" > Rust Design Patterns< / h1 >
< div class = "right-buttons" >
< a href = "../../print.html" title = "Print this book" aria-label = "Print this book" >
< i id = "print-button" class = "fa fa-print" > < / i >
< / a >
< a href = "https://github.com/rust-unofficial/patterns" title = "Git repository" aria-label = "Git repository" >
< i id = "git-repository-button" class = "fa fa-github" > < / i >
< / a >
< / div >
< / div >
< div id = "search-wrapper" class = "hidden" >
< form id = "searchbar-outer" class = "searchbar-outer" >
< input type = "search" id = "searchbar" name = "searchbar" placeholder = "Search this book ..." aria-controls = "searchresults-outer" aria-describedby = "searchresults-header" >
< / form >
< div id = "searchresults-outer" class = "searchresults-outer hidden" >
< div id = "searchresults-header" class = "searchresults-header" > < / div >
< ul id = "searchresults" >
< / ul >
< / div >
< / div >
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
< script type = "text/javascript" >
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
< / script >
< div id = "content" class = "content" >
< main >
< h1 id = "accepting-strings" > < a class = "header" href = "#accepting-strings" > Accepting Strings< / a > < / h1 >
< h2 id = "description" > < a class = "header" href = "#description" > Description< / a > < / h2 >
< p > When accepting strings via FFI through pointers, there are two principles that
should be followed:< / p >
< ol >
< li > Keep foreign strings " borrowed" , rather than copying them directly.< / li >
< li > Minimize the amount of complexity and < code > unsafe< / code > code involved in converting
from a C-style string to native Rust strings.< / li >
< / ol >
< h2 id = "motivation" > < a class = "header" href = "#motivation" > Motivation< / a > < / h2 >
< p > The strings used in C have different behaviours to those used in Rust, namely:< / p >
< ul >
< li > C strings are null-terminated while Rust strings store their length< / li >
< li > C strings can contain any arbitrary non-zero byte while Rust strings must be
UTF-8< / li >
< li > C strings are accessed and manipulated using < code > unsafe< / code > pointer operations
while interactions with Rust strings go through safe methods< / li >
< / ul >
< p > The Rust standard library comes with C equivalents of Rust's < code > String< / code > and < code > & str< / code >
called < code > CString< / code > and < code > & CStr< / code > , that allow us to avoid a lot of the complexity
and < code > unsafe< / code > code involved in converting between C strings and Rust strings.< / p >
< p > The < code > & CStr< / code > type also allows us to work with borrowed data, meaning passing
strings between Rust and C is a zero-cost operation.< / p >
< h2 id = "code-example" > < a class = "header" href = "#code-example" > Code Example< / a > < / h2 >
< pre > < code class = "language-rust ignore" > pub mod unsafe_module {
// other module content
/// Log a message at the specified level.
///
/// # Safety
///
/// It is the caller's guarantee to ensure `msg`:
///
/// - is not a null pointer
/// - points to valid, initialized data
/// - points to memory ending in a null byte
/// - won't be mutated for the duration of this function call
#[no_mangle]
pub unsafe extern " C" fn mylib_log(
msg: *const libc::c_char,
level: libc::c_int
) {
let level: crate::LogLevel = match level { /* ... */ };
// SAFETY: The caller has already guaranteed this is okay (see the
// `# Safety` section of the doc-comment).
let msg_str: & str = match std::ffi::CStr::from_ptr(msg).to_str() {
Ok(s) => s,
Err(e) => {
crate::log_error(" FFI string conversion failed" );
return;
}
};
crate::log(msg_str, level);
}
}
< / code > < / pre >
< h2 id = "advantages" > < a class = "header" href = "#advantages" > Advantages< / a > < / h2 >
< p > The example is is written to ensure that:< / p >
< ol >
< li > The < code > unsafe< / code > block is as small as possible.< / li >
< li > The pointer with an " untracked" lifetime becomes a " tracked" shared
reference< / li >
< / ol >
< p > Consider an alternative, where the string is actually copied:< / p >
< pre > < code class = "language-rust ignore" > pub mod unsafe_module {
// other module content
pub extern " C" fn mylib_log(msg: *const libc::c_char, level: libc::c_int) {
// DO NOT USE THIS CODE.
// IT IS UGLY, VERBOSE, AND CONTAINS A SUBTLE BUG.
let level: crate::LogLevel = match level { /* ... */ };
let msg_len = unsafe { /* SAFETY: strlen is what it is, I guess? */
libc::strlen(msg)
};
let mut msg_data = Vec::with_capacity(msg_len + 1);
let msg_cstr: std::ffi::CString = unsafe {
// SAFETY: copying from a foreign pointer expected to live
// for the entire stack frame into owned memory
std::ptr::copy_nonoverlapping(msg, msg_data.as_mut(), msg_len);
msg_data.set_len(msg_len + 1);
std::ffi::CString::from_vec_with_nul(msg_data).unwrap()
}
let msg_str: String = unsafe {
match msg_cstr.into_string() {
Ok(s) => s,
Err(e) => {
crate::log_error(" FFI string conversion failed" );
return;
}
}
};
crate::log(& msg_str, level);
}
}
< / code > < / pre >
< p > This code in inferior to the original in two respects:< / p >
< ol >
< li > There is much more < code > unsafe< / code > code, and more importantly, more invariants it
must uphold.< / li >
< li > Due to the extensive arithmetic required, there is a bug in this version
that cases Rust < code > undefined behaviour< / code > .< / li >
< / ol >
< p > The bug here is a simple mistake in pointer arithmetic: the string was copied,
all < code > msg_len< / code > bytes of it. However, the < code > NUL< / code > terminator at the end was not.< / p >
< p > The Vector then had its size < em > set< / em > to the length of the < em > zero padded string< / em > --
rather than < em > resized< / em > to it, which could have added a zero at the end.
As a result, the last byte in the Vector is uninitialized memory.
When the < code > CString< / code > is created at the bottom of the block, its read of the
Vector will cause < code > undefined behaviour< / code > !< / p >
< p > Like many such issues, this would be difficult issue to track down.
Sometimes it would panic because the string was not < code > UTF-8< / code > , sometimes it would
put a weird character at the end of the string, sometimes it would just
completely crash.< / p >
< h2 id = "disadvantages" > < a class = "header" href = "#disadvantages" > Disadvantages< / a > < / h2 >
< p > None?< / p >
< / main >
< nav class = "nav-wrapper" aria-label = "Page navigation" >
<!-- Mobile navigation buttons -->
< a rel = "prev" href = "../../idioms/ffi/errors.html" class = "mobile-nav-chapters previous" title = "Previous chapter" aria-label = "Previous chapter" aria-keyshortcuts = "Left" >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a rel = "next" href = "../../idioms/ffi/passing-strings.html" class = "mobile-nav-chapters next" title = "Next chapter" aria-label = "Next chapter" aria-keyshortcuts = "Right" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< div style = "clear: both" > < / div >
< / nav >
< / div >
< / div >
< nav class = "nav-wide-wrapper" aria-label = "Page navigation" >
< a rel = "prev" href = "../../idioms/ffi/errors.html" class = "nav-chapters previous" title = "Previous chapter" aria-label = "Previous chapter" aria-keyshortcuts = "Left" >
< i class = "fa fa-angle-left" > < / i >
< / a >
< a rel = "next" href = "../../idioms/ffi/passing-strings.html" class = "nav-chapters next" title = "Next chapter" aria-label = "Next chapter" aria-keyshortcuts = "Right" >
< i class = "fa fa-angle-right" > < / i >
< / a >
< / nav >
< / div >
< script type = "text/javascript" >
window.playground_copyable = true;
< / script >
< script src = "../../elasticlunr.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "../../mark.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "../../searcher.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "../../clipboard.min.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "../../highlight.js" type = "text/javascript" charset = "utf-8" > < / script >
< script src = "../../book.js" type = "text/javascript" charset = "utf-8" > < / script >
<!-- Custom JS scripts -->
< / body >
< / html >