C.CodeCompared.To/Rust

println! is a macro (note the !), not a function. No format-string types like %s or %d — Rust uses {} for any type that implements Display. No return 0 required; main returns () implicitly.

cargo run compiles and executes in one step. cargo build --release enables full optimisations (LLVM). The resulting binary is statically linked by default — no runtime shared library dependencies.

Cargo is Rust's integrated build system and package manager. crates.io hosts over 150,000 packages. Versions are pinned in Cargo.lock for reproducible builds — no pkg-config, no manual downloads, no vendoring.

Rust format strings use {} for default, {:?} for debug output, {:.2} for two decimal places, {:>10} for right-aligned width. Since Rust 1.58, {name} captures local variables directly without positional arguments.

In Rust, all variables are immutable by default. You must add mut to allow mutation — the opposite of C where everything is mutable unless marked const. Rust also infers the type when it can be determined from context.

Rust's integer types are explicit about sign and size: i8/u8 through i128/u128, plus isize/usize (pointer-sized, equivalent to ptrdiff_t/size_t). No implicit integer promotions — every numeric operation is on a defined type.

Rust uses the as keyword for all primitive casts. Casts are always explicit — there are no implicit numeric conversions, eliminating an entire class of C bugs (sign extension, silent truncation, signed/unsigned comparison).

The Rust const is evaluated at compile time and inlined — similar to a typed #define. A static has a fixed address like a C global. Mutable statics require unsafe because concurrent access would be a data race, and the 2024 edition goes further: it forbids even taking an ordinary reference to one, so the read goes through the &raw const raw-pointer operator. In real code a mutable global is better expressed as an AtomicI32.

Rust's let creates a new binding even if the name already exists in the same scope. Each shadow can change the type — useful when transforming a value through stages without inventing names like value_str.

Rust's type inference is whole-function: the compiler looks at how a variable is used throughout the function to determine its type. It even infers type parameters — e.g., which integer type fits the operations performed on it.

Rust has two string types: &str (a borrowed slice into existing data — like const char*) and String (owned heap-allocated storage — like a malloc'd buffer that frees itself). Neither uses a null terminator; both store their length.

String grows on the heap as needed — no buffer overflow possible. .len() returns the byte count in O(1) (stored alongside the data). In C, strlen walks to the null terminator every time, making it O(n).

format! is the heap-allocating equivalent of snprintf — it returns a String and can never overflow. .parse() returns a Result, so parse failures are impossible to ignore silently — unlike atoi, which returns 0 for bad input.

A Rust string slice is a fat pointer (address + byte length) into an existing string — equivalent to C pointer arithmetic, but bounds-checked at compile time where possible and at runtime otherwise. Slicing at a non-UTF-8 character boundary panics rather than producing garbage.

In Rust the size is part of the type: [i32; 5] and [i32; 6] are different types. Array access is bounds-checked — an out-of-bounds index panics in both debug and release builds rather than silently reading unrelated memory.

A Rust slice &[i32] is a fat pointer — pointer + length together. There is no way to pass a mismatched count. Functions that accept slices work equally on arrays, Vecs, and sub-slices — no separate *_n variants needed.

Vec is Rust's dynamic array — it owns its heap memory and frees it automatically when it goes out of scope. Internally it is a (pointer, length, capacity) triplet — identical layout to a typical C dynamic array, with the same amortized O(1) push cost.

The for x in &array form iterates by reference. .iter().enumerate() pairs each element with its index. In release builds, the bounds check is hoisted out of the loop by the optimiser — no per-element overhead.

Const generics let a definition be parameterized over a value — here the array length N. Because [i32; N] keeps the length in the type, Rust knows each array's size at compile time and you never pass a separate count, so the entire class of C bugs where length and pointer drift apart simply cannot occur. [i32; 3] and [i32; 5] are distinct types served by one sum, stored inline with no decay to a bare pointer.

Box allocates a single value on the heap and frees it automatically when it goes out of scope. It is equivalent to malloc(sizeof(T)) + free(), but there is no way to forget to call free().

Each heap value in Rust has exactly one owner. Assigning a heap value to another variable moves ownership — the original binding becomes invalid immediately. The compiler enforces this, making use-after-free and double-free impossible in safe code.

&T is an immutable borrow — read-only access, like const T*. Any number of immutable borrows can coexist, but no mutable borrow can coexist with any other borrow. The borrow checker enforces this statically, preventing iterator invalidation and data races.

&mut T is an exclusive mutable borrow. At any given point in the code you may have either one &mut T or any number of &T references — never both simultaneously. This rule, enforced at compile time, eliminates the aliased-mutation bugs common in C.

When a Rust value goes out of scope, its Drop implementation runs — a guaranteed destructor. This is the core mechanism behind Rust's memory safety: no code path, not even a panic, can skip cleanup. It replaces the entire pattern of goto cleanup in C error handling.

A Rust reference is guaranteed non-null, properly aligned, and pointing to initialized data of the correct type. It cannot be NULL, cannot dangle, and cannot alias a mutable reference. The borrow checker enforces all three at compile time.

Option replaces null pointers. The compiler forces every caller to handle both Some(value) and None — there is no way to accidentally dereference an absent value. This eliminates the single most common cause of crashes in C programs.

Safe Rust replaces pointer arithmetic with indexed access and slices, both of which are bounds-checked. Raw pointer arithmetic exists for low-level code (allocators, FFI wrappers) but requires an unsafe block — a clear signal to reviewers that manual verification is needed.

Raw pointers (*const T and *mut T) behave like C pointers: they can be null, can dangle, and can alias. They bypass the borrow checker. Dereferencing them requires unsafe, scoping the dangerous operations so reviewers know exactly where to focus.

Lifetime analysis in Rust's borrow checker catches dangling references at compile time. Any attempt to return a reference to a local variable is a compile error. There is no way to create a use-after-free in safe Rust.

No typedef needed — the struct name is the type name. Fields are named and the compiler catches missing or extra fields at the call site. Fields are private by default within modules; add pub to export them.

impl blocks attach methods to a struct. &self is an immutable borrow (like const Point*), &mut self is a mutable borrow (like Point*), and self consumes the value. Methods are called with dot syntax just like C++ or Objective-C.

The Rust convention is to add a new associated function (no self parameter) that acts as a constructor. Self is an alias for the struct's own type. No separate free function needed — Drop handles cleanup automatically.

#[derive(...)] auto-generates common trait implementations. Debug enables {:?} printing, Clone enables .clone(), and PartialEq enables ==. In C all of these require hand-written functions. Other useful derives include Hash, Copy, and Default.

Rust enums are algebraic data types — each variant carries its own data. They replace C's enum + union + tag-field pattern with a single, safe type. The compiler knows which variant is active, so reading the wrong union member is impossible.

match is exhaustive — the compiler requires every possible value to be handled. There is no fallthrough between arms. If you add a new enum variant later, every match on that type becomes a compile error until updated. Wildcard _ is the explicit opt-out.

Pattern matching works in let bindings, function parameters, match arms, and if let — anywhere a value is bound. Destructuring a struct extracts its fields into named locals. Tuples are anonymous structs and destructure the same way.

if let Some(x) = opt is shorthand for a match that handles only the Some case. Option replaces sentinel values (-1, NULL, 0) with a type-safe wrapper that forces callers to acknowledge the absent case.

while let loops as long as the pattern matches. Vec::pop() returns Option — Some(value) when non-empty, None when empty. There is no index or sentinel to manage manually.

Stabilised in the 2024 edition, let chains let a let pattern and ordinary boolean tests be joined with && inside one if — the safe counterpart to C's configured != NULL && *configured > 10. The Some(..) pattern both confirms the key is present and binds its value, so there is no raw pointer to dereference and no way to forget the presence check. Before 2024 this needed a nested if let { if value > 10 { ... } }.

Result bundles the return value and the error into one type. The compiler forces callers to check the result — there is no equivalent of ignoring errno or forgetting to check for a NULL return. Rust's #[must_use] makes it a warning to discard a Result without inspecting it.

The ? operator means "if this is an error, return it immediately." It replaces the repetitive if (ret != OK) return ret; pattern from C, making error-propagating code concise without hiding the fact that errors are being propagated.

panic! is Rust's equivalent of abort() — it prints a message and unwinds (or aborts) the process. Use it for programming errors (violated invariants), not recoverable errors. Result is for errors callers should handle; panic is for bugs.

Rust error types are enums that carry structured information — not just an error code. Implementing Display provides human-readable messages; Debug (derivable) provides developer output. The thiserror crate on crates.io reduces this boilerplate to a few derive attributes.

A let ... else binding is Rust's structured form of the C "check the result, bail out on failure" pattern. It pattern-matches on success and binds number in the surrounding scope; if the match fails it runs the else block, which must diverge (return, break, continue, or panic!). Where C leaves it to you to remember the *end != '\0' check, Rust's parse returns a Result the compiler forces you to handle, and let-else keeps the happy path flat.

Rust closures can capture local variables from the enclosing scope — unlike C function pointers, which cannot. A closure passed to sort_by can reference any local variable without a void* context parameter, eliminating the entire qsort_r / pthread_create callback pattern.

Rust iterators are lazy — no intermediate allocations. .filter().map().sum() compiles to the same machine code as a single combined loop. There is zero runtime overhead for the functional style: the optimiser sees through the abstractions completely.

.collect() materializes a lazy iterator into a collection. The type annotation (Vec) tells Rust which collection to build — it can also collect into String, HashMap, HashSet, and many others using the same method.

A closure captures variables from the enclosing scope automatically. This eliminates the void* context parameter that C APIs like qsort_r, pthread_create, and many callback-based libraries require to carry state into a function pointer.

Traits are Rust's interfaces. Box uses dynamic dispatch — Rust generates a vtable automatically, exactly like the manual C approach above. The difference is that Rust's vtable is type-safe, and the compiler catches missing implementations at the impl site.

T: Display is a trait bound — the function works for any type that implements Display. This is monomorphised (like C++ templates): Rust generates separate machine code for each concrete type used, with zero dynamic dispatch overhead. No void* casts, no runtime type confusion.

Implementing Display lets a type plug into Rust's format machinery ({} in println!, format!, etc.). Debug (derived with #[derive(Debug)]) enables {:?}. In C every type needs a unique print function with no standard interface.

thread::spawn takes a closure. The move keyword transfers ownership of captured variables into the thread — the compiler ensures nothing non-thread-safe is shared. No pthread_attr_t, no void* casting, and no way to accidentally share a non-Send type.

Arc> is Rust's equivalent of a mutex-protected global. Arc (atomic reference count) allows shared ownership across threads; Mutex provides exclusive access. You cannot access the data without going through the lock — forgetting to lock is a compile error, not a runtime bug.

The Rust type system prevents data races at compile time. Types that are not safe to share across threads do not implement Send/Sync, and the compiler rejects programs that would cause a data race. This is unique among systems languages — data races in Rust are a compile error, not a runtime bug.

mpsc::channel() (multiple-producer, single-consumer) provides safe message passing. Channels transfer ownership of the sent value — no shared memory, no concurrent access. The receiver iterator produces values until all senders are dropped.

An async fn returns a Future — a state machine that does nothing until polled, which .await drives forward. This is how Rust expresses what C programmers write by hand as callbacks or explicit state machines, but the compiler generates the state machine for you and checks it. Rust's std ships no executor, so a real future needs a runtime such as tokio; the small block_on here polls one future to completion on the current thread. Unlike an OS thread, an async task carries no separate stack, so millions can coexist.

unsafe is a clearly delimited zone where the programmer takes responsibility for memory safety. Code reviewers know to scrutinize unsafe blocks carefully. In a typical Rust codebase, unsafe is rare and isolated — all surrounding code retains full static guarantees.

An extern "C" block declares foreign functions using the C ABI. Since the 2024 edition the block itself is written unsafe extern "C", and each call still needs its own unsafe because Rust cannot verify what the C function does. The libc crate on crates.io provides pre-declared, ready-to-use bindings for the entire C standard library.

The #[unsafe(no_mangle)] attribute prevents Rust from mangling the function name (Rust mangles names like C++); the 2024 edition requires the unsafe(...) wrapper because an unmangled symbol can collide with another at link time. extern "C" selects the C calling convention. The resulting symbol is callable from any language that supports C FFI — Python's ctypes, Ruby's Fiddle, Java's JNI, etc.

The Rust pattern is to isolate unsafe code (or fallible logic) in a small, carefully verified module and expose a safe public API. Library users get safety guarantees automatically — the library author takes responsibility for the unsafe interior, and callers cannot bypass it.

Cargo enforces a standard layout and provides a unified command for building, testing, documenting, and publishing. crates.io is the central package registry — cargo add serde is equivalent to pip install or npm install.

Rust modules control visibility with pub. By default everything is private. There are no header files — the module system replaces both the header guard pattern and the public/private declaration split. Modules can be defined inline or split across files.

Rust's test framework is built into the language. cargo test compiles and runs all #[test] functions, reporting exactly which tests passed or failed with descriptive output. The #[cfg(test)] module is excluded from production builds automatically.

In debug builds Rust panics on integer overflow instead of silently producing wrong results. In release builds it wraps, like C unsigned overflow. Use .wrapping_add(), .saturating_add(), or .checked_add() when overflow behavior matters.

Rust has no implicit numeric conversions. Every type change requires an explicit as cast. This eliminates an entire class of C bugs: silent integer promotion, signed-to-unsigned comparisons, and truncation on assignment.

Types that are cheap to copy (integers, floats, booleans) implement the Copy trait and are duplicated on assignment, just like C. Heap-owning types (String, Vec, Box) are moved. Use .clone() for an explicit deep copy.

Rust strings are guaranteed UTF-8. Direct byte indexing is available via .as_bytes(), but character indexing is not supported directly because characters vary in width (1–4 bytes). Use .chars() for Unicode-correct iteration. This prevents the silent multibyte-character bugs common in C string handling.

Rust's definite-initialisation analysis is a compile-time check — reading an uninitialised variable is always a compile error, not a warning. Every variable must be assigned before it is read. MaybeUninit exists for performance-critical cases where you need to control initialisation precisely.