References and Borrowing

The issue with the tuple code in Listing 4-5 is that we have to return the String to the calling function so we can still use the String after the call to calculate_length, because the String was moved into calculate_length. Instead, we can provide a reference to the String value. A reference is like a pointer in that it’s an address we can follow to access the data stored at that address; that data is owned by some other variable. Unlike a pointer, a reference is guaranteed to point to a valid value of a particular type for the life of that reference.

Here is how you would define and use a calculate_length function that has a reference to an object as a parameter instead of taking ownership of the value:

Filename: src/main.rs
  1. fn main() {
  2.     let s1 = String::from(“hello”);
  3.     let len = calculate_length(&s1);
  4.     println!(“The length of ‘{s1}’ is {len}.”);
  5. }
  6. fn calculate_length(s: &String) -> usize {
  7.     s.len()
  8. }

First, notice that all the tuple code in the variable declaration and the function return value is gone. Second, note that we pass &s1 into calculate_length and, in its definition, we take &String rather than String. These ampersands represent references, and they allow you to refer to some value without taking ownership of it. Figure 4-6 depicts this concept.

Three tables: the table for s contains only a pointer to the table
for s1. The table for s1 contains the stack data for s1 and points to the
string data on the heap.

Figure 4-6: A diagram of &String s pointing at String s1

Note: The opposite of referencing by using & is dereferencing, which is accomplished with the dereference operator, *. We’ll see some uses of the dereference operator in Chapter 8 and discuss details of dereferencing in Chapter 15.

Let’s take a closer look at the function call here:

  1. fn main() {
  2.     let s1 = String::from("hello");
  3.     let len = calculate_length(&s1);
  4.     println!("The length of '{s1}' is {len}.");
  5. }
  6. fn calculate_length(s: &String) -> usize {
  7.     s.len()
  8. }

The &s1 syntax lets us create a reference that refers to the value of s1 but does not own it. Because it does not own it, the value it points to will not be dropped when the reference stops being used.

Likewise, the signature of the function uses & to indicate that the type of the parameter s is a reference. Let’s add some explanatory annotations:

  1. fn main() {
  2.     let s1 = String::from("hello");
  3.     let len = calculate_length(&s1);
  4.     println!("The length of '{s1}' is {len}.");
  5. }
  6. fn calculate_length(s: &String) -> usize { // s is a reference to a String
  7.     s.len()
  8. } // Here, s goes out of scope. But because it does not have ownership of what
  9.   // it refers to, it is not dropped.

The scope in which the variable s is valid is the same as any function parameter’s scope, but the value pointed to by the reference is not dropped when s stops being used, because s doesn’t have ownership. When functions have references as parameters instead of the actual values, we won’t need to return the values in order to give back ownership, because we never had ownership.

We call the action of creating a reference borrowing. As in real life, if a person owns something, you can borrow it from them. When you’re done, you have to give it back. You don’t own it.

So, what happens if we try to modify something we’re borrowing? Try the code in Listing 4-6. Spoiler alert: it doesn’t work!

Filename: src/main.rs
  1. fn main() {
  2. let s = String::from(“hello”);
  3. change(&s);
  4. }
  5. fn change(some_string: &String) {
  6. some_string.push_str(“, world”);
  7. }
Listing 4-6: Attempting to modify a borrowed value

Here’s the error:

  1. $ cargo run
  2. Compiling ownership v0.1.0 (file:///projects/ownership)
  3. error[E0596]: cannot borrow `*some_string` as mutable, as it is behind a `&` reference
  4. --> src/main.rs:8:5
  5. |
  6. 8 | some_string.push_str(", world");
  7. | ^^^^^^^^^^^ `some_string` is a `&` reference, so the data it refers to cannot be borrowed as mutable
  8. |
  9. help: consider changing this to be a mutable reference
  10. |
  11. 7 | fn change(some_string: &mut String) {
  12. | +++
  13. For more information about this error, try `rustc --explain E0596`.
  14. error: could not compile `ownership` (bin "ownership") due to 1 previous error

Just as variables are immutable by default, so are references. We’re not allowed to modify something we have a reference to.

Mutable References

We can fix the code from Listing 4-6 to allow us to modify a borrowed value with just a few small tweaks that use, instead, a mutable reference:

Filename: src/main.rs
  1. fn main() {
  2.     let mut s = String::from(“hello”);
  3.     change(&mut s);
  4. }
  5. fn change(some_string: &mut String) {
  6.     some_string.push_str(“, world”);
  7. }

First we change s to be mut. Then we create a mutable reference with &mut s where we call the change function, and update the function signature to accept a mutable reference with some_string: &mut String. This makes it very clear that the change function will mutate the value it borrows.

Mutable references have one big restriction: if you have a mutable reference to a value, you can have no other references to that value. This code that attempts to create two mutable references to s will fail:

Filename: src/main.rs
  1. fn main() {
  2. let mut s = String::from(“hello”);
  3. let r1 = &mut s;
  4. let r2 = &mut s;
  5. println!(“{}, {}”, r1, r2);
  6. }

Here’s the error:

  1. $ cargo run
  2. Compiling ownership v0.1.0 (file:///projects/ownership)
  3. error[E0499]: cannot borrow `s` as mutable more than once at a time
  4. --> src/main.rs:5:14
  5. |
  6. 4 | let r1 = &mut s;
  7. | ------ first mutable borrow occurs here
  8. 5 | let r2 = &mut s;
  9. | ^^^^^^ second mutable borrow occurs here
  10. 6 |
  11. 7 | println!("{}, {}", r1, r2);
  12. | -- first borrow later used here
  13. For more information about this error, try `rustc --explain E0499`.
  14. error: could not compile `ownership` (bin "ownership") due to 1 previous error

This error says that this code is invalid because we cannot borrow s as mutable more than once at a time. The first mutable borrow is in r1 and must last until it’s used in the println!, but between the creation of that mutable reference and its usage, we tried to create another mutable reference in r2 that borrows the same data as r1.

The restriction preventing multiple mutable references to the same data at the same time allows for mutation but in a very controlled fashion. It’s something that new Rustaceans struggle with because most languages let you mutate whenever you’d like. The benefit of having this restriction is that Rust can prevent data races at compile time. A data race is similar to a race condition and happens when these three behaviors occur:

  • Two or more pointers access the same data at the same time.
  • At least one of the pointers is being used to write to the data.
  • There’s no mechanism being used to synchronize access to the data.

Data races cause undefined behavior and can be difficult to diagnose and fix when you’re trying to track them down at runtime; Rust prevents this problem by refusing to compile code with data races!

As always, we can use curly brackets to create a new scope, allowing for multiple mutable references, just not simultaneous ones:

  1. fn main() {
  2.     let mut s = String::from("hello");
  3.     {
  4.         let r1 = &mut s;
  5.     } // r1 goes out of scope here, so we can make a new reference with no problems.
  6.     let r2 = &mut s;
  7. }

Rust enforces a similar rule for combining mutable and immutable references. This code results in an error:

  1. fn main() {
  2. let mut s = String::from("hello");
  3. let r1 = &s; // no problem
  4. let r2 = &s; // no problem
  5. let r3 = &mut s; // BIG PROBLEM
  6. println!("{}, {}, and {}", r1, r2, r3);
  7. }

Here’s the error:

  1. $ cargo run
  2. Compiling ownership v0.1.0 (file:///projects/ownership)
  3. error[E0502]: cannot borrow `s` as mutable because it is also borrowed as immutable
  4. --> src/main.rs:6:14
  5. |
  6. 4 | let r1 = &s; // no problem
  7. | -- immutable borrow occurs here
  8. 5 | let r2 = &s; // no problem
  9. 6 | let r3 = &mut s; // BIG PROBLEM
  10. | ^^^^^^ mutable borrow occurs here
  11. 7 |
  12. 8 | println!("{}, {}, and {}", r1, r2, r3);
  13. | -- immutable borrow later used here
  14. For more information about this error, try `rustc --explain E0502`.
  15. error: could not compile `ownership` (bin "ownership") due to 1 previous error

Whew! We also cannot have a mutable reference while we have an immutable one to the same value.

Users of an immutable reference don’t expect the value to suddenly change out from under them! However, multiple immutable references are allowed because no one who is just reading the data has the ability to affect anyone else’s reading of the data.

Note that a reference’s scope starts from where it is introduced and continues through the last time that reference is used. For instance, this code will compile because the last usage of the immutable references, the println!, occurs before the mutable reference is introduced:

  1. fn main() {
  2.     let mut s = String::from("hello");
  3.     let r1 = &s; // no problem
  4.     let r2 = &s; // no problem
  5.     println!("{r1} and {r2}");
  6.     // variables r1 and r2 will not be used after this point
  7.     let r3 = &mut s; // no problem
  8.     println!("{r3}");
  9. }

The scopes of the immutable references r1 and r2 end after the println! where they are last used, which is before the mutable reference r3 is created. These scopes don’t overlap, so this code is allowed: the compiler can tell that the reference is no longer being used at a point before the end of the scope.

Even though borrowing errors may be frustrating at times, remember that it’s the Rust compiler pointing out a potential bug early (at compile time rather than at runtime) and showing you exactly where the problem is. Then you don’t have to track down why your data isn’t what you thought it was.

Dangling References

In languages with pointers, it’s easy to erroneously create a dangling pointer—a pointer that references a location in memory that may have been given to someone else—by freeing some memory while preserving a pointer to that memory. In Rust, by contrast, the compiler guarantees that references will never be dangling references: if you have a reference to some data, the compiler will ensure that the data will not go out of scope before the reference to the data does.

Let’s try to create a dangling reference to see how Rust prevents them with a compile-time error:

Filename: src/main.rs
  1. fn main() {
  2. let reference_to_nothing = dangle();
  3. }
  4. fn dangle() -> &String {
  5. let s = String::from(“hello”);
  6. &s
  7. }

Here’s the error:

  1. $ cargo run
  2. Compiling ownership v0.1.0 (file:///projects/ownership)
  3. error[E0106]: missing lifetime specifier
  4. --> src/main.rs:5:16
  5. |
  6. 5 | fn dangle() -> &String {
  7. | ^ expected named lifetime parameter
  8. |
  9. = help: this function's return type contains a borrowed value, but there is no value for it to be borrowed from
  10. help: consider using the `'static` lifetime, but this is uncommon unless you're returning a borrowed value from a `const` or a `static`
  11. |
  12. 5 | fn dangle() -> &'static String {
  13. | +++++++
  14. help: instead, you are more likely to want to return an owned value
  15. |
  16. 5 - fn dangle() -> &String {
  17. 5 + fn dangle() -> String {
  18. |
  19. error[E0515]: cannot return reference to local variable `s`
  20. --> src/main.rs:8:5
  21. |
  22. 8 | &s
  23. | ^^ returns a reference to data owned by the current function
  24. Some errors have detailed explanations: E0106, E0515.
  25. For more information about an error, try `rustc --explain E0106`.
  26. error: could not compile `ownership` (bin "ownership") due to 2 previous errors

This error message refers to a feature we haven’t covered yet: lifetimes. We’ll discuss lifetimes in detail in Chapter 10. But, if you disregard the parts about lifetimes, the message does contain the key to why this code is a problem:

  1. this function's return type contains a borrowed value, but there is no value
  2. for it to be borrowed from

Let’s take a closer look at exactly what’s happening at each stage of our dangle code:

Filename: src/main.rs
  1. fn main() {
  2. let reference_to_nothing = dangle();
  3. }
  4. fn dangle() -> &String { // dangle returns a reference to a String
  5. let s = String::from(“hello”); // s is a new String
  6. &s // we return a reference to the String, s
  7. } // Here, s goes out of scope, and is dropped. Its memory goes away.
  8. // Danger!

Because s is created inside dangle, when the code of dangle is finished, s will be deallocated. But we tried to return a reference to it. That means this reference would be pointing to an invalid String. That’s no good! Rust won’t let us do this.

The solution here is to return the String directly:

  1. fn main() {
  2.     let string = no_dangle();
  3. }
  4. fn no_dangle() -> String {
  5.     let s = String::from("hello");
  6.     s
  7. }

This works without any problems. Ownership is moved out, and nothing is deallocated.

The Rules of References

Let’s recap what we’ve discussed about references:

  • At any given time, you can have either one mutable reference or any number of immutable references.
  • References must always be valid.

Next, we’ll look at a different kind of reference: slices.