Closed zmitchell closed 4 years ago
Yes, your understanding is correct, for the most part! The key thing to know is that Rust doesn't free memory when a ref type goes out of scope, only when an owned type does.
We take a String
convert it into a Box<str>
and then call Box::leak
on it which returns a &'static mut str
without freeing the Box's memory. We now have a ref type that's pointing into memory that isn't owned by anyone so it'll never be freed so it's technically a memory leak. If the ref type goes out of scope Rust will not free its memory. We can kinda salvage this situation using Box::from_raw
like so:
use rand;
fn rand_str_generator() -> &'static str {
let rand_string = rand::random::<u64>().to_string();
// release ownership of memory without freeing it
Box::leak(rand_string.into_boxed_str())
}
fn main() {
let rand_str = rand_str_generator();
let owned_str;
unsafe {
// reclaim ownership of memory
owned_str = Box::from_raw((rand_str as *const str) as *mut str);
}
// now owned_str will be dropped & freed
}
However Box::from_raw
is an unsafe
function because you can use it to generate multiple owners for the same piece of memory that will result in a double free later:
use rand;
fn rand_str_generator() -> &'static str {
let rand_string = rand::random::<u64>().to_string();
// release ownership of memory without freeing it
Box::leak(rand_string.into_boxed_str())
}
fn main() {
let rand_str = rand_str_generator();
unsafe {
let mut_str_ptr = (rand_str as *const str) as *mut str;
// uh oh, multiple owners!
(0..10).map(|_| Box::from_raw(mut_str_ptr)).collect::<Vec<_>>();
}
}
If you try to run the above program on the Rust playground it'll report:
double free or corruption (fasttop)
Let me know if that answers your question.
I'm gonna assume your question was answered and close this issue.
Yes, sorry. That was very helpful!
I'm trying to understand how leaking works in one of the
&'static
examples.Part of my confusion comes from the
Box::leak
method. The documentation says that it returns a reference to the boxed value. If a reference is returned, that means the data is still there and the program hasn't "forgotten" about it. Maybe I'm misunderstanding what it means to "leak" memory. Can you help me understand?