Eric Campbell 6 min read Rust

Rust Ownership: Complete Guide to Memory Safety

Rust's ownership system is its defining feature, providing memory safety without garbage collection. Unlike C and C++, where manual memory management leads to segfaults and security vulnerabilities,...

Key Insights

  • Rust’s ownership system eliminates entire classes of bugs at compile time—use-after-free, double-free, and data races are impossible in safe Rust without runtime overhead
  • The borrow checker enforces that you can have either multiple immutable references OR one mutable reference to data, preventing concurrent modification bugs that plague other languages
  • Smart pointers like Box, Rc, and Arc provide escape hatches when strict ownership rules are too restrictive, while maintaining memory safety guarantees

Introduction to Ownership and Memory Safety

Rust’s ownership system is its defining feature, providing memory safety without garbage collection. Unlike C and C++, where manual memory management leads to segfaults and security vulnerabilities, Rust catches these errors at compile time. Unlike Java or Go, where garbage collectors pause your program unpredictably, Rust achieves zero-cost abstractions with deterministic cleanup.

The ownership system rests on three rules:

  1. Each value has exactly one owner
  2. When the owner goes out of scope, the value is dropped
  3. Ownership can be transferred (moved) but not duplicated for heap data

Here’s why this matters:

// C code - compiles but crashes at runtime
char* get_string() {
    char buffer[100] = "Hello";
    return buffer;  // Returns pointer to stack memory
}

int main() {
    char* str = get_string();
    printf("%s", str);  // Undefined behavior - use after free
}

// Rust equivalent - won't compile
fn get_string() -> &str {
    let buffer = String::from("Hello");
    &buffer  // Error: cannot return reference to local variable
}

The Rust compiler prevents the entire category of use-after-free bugs. This isn’t a runtime check—it’s compile-time verification with zero performance cost.

Ownership Fundamentals

Every value in Rust has a single owner. When you assign a value to a new variable or pass it to a function, ownership transfers:

fn main() {
    let s1 = String::from("hello");
    let s2 = s1;  // Ownership moves to s2
    
    // println!("{}", s1);  // Error: s1 no longer valid
    println!("{}", s2);  // Works fine
}

This differs fundamentally from languages with reference semantics. The String data isn’t copied—the pointer, length, and capacity move to s2, and s1 becomes invalid. This prevents double-free bugs where two variables try to free the same memory.

Stack data behaves differently because it implements the Copy trait:

fn main() {
    let x = 5;
    let y = x;  // Copy, not move
    
    println!("{}, {}", x, y);  // Both valid - integers are Copy
}

Types that are cheap to copy (integers, booleans, tuples of Copy types) implement Copy. Heap-allocated types like String and Vec don’t, because copying them would be expensive and often unintended.

Functions take ownership too:

fn take_ownership(s: String) {
    println!("{}", s);
}  // s dropped here

fn main() {
    let s = String::from("hello");
    take_ownership(s);
    // println!("{}", s);  // Error: s was moved
}

Borrowing and References

Transferring ownership for every function call is impractical. Borrowing lets you reference data without taking ownership:

fn calculate_length(s: &String) -> usize {
    s.len()
}  // s goes out of scope, but nothing is dropped

fn main() {
    let s1 = String::from("hello");
    let len = calculate_length(&s1);
    println!("'{}' has length {}", s1, len);  // s1 still valid
}

The & creates an immutable reference. You can have unlimited immutable references:

fn main() {
    let s = String::from("hello");
    let r1 = &s;
    let r2 = &s;
    let r3 = &s;
    println!("{}, {}, {}", r1, r2, r3);  // All valid
}

Mutable references have stricter rules—only one at a time:

fn main() {
    let mut s = String::from("hello");
    let r1 = &mut s;
    // let r2 = &mut s;  // Error: cannot borrow as mutable twice
    
    r1.push_str(", world");
    println!("{}", r1);
}

This prevents data races at compile time. You cannot have a mutable reference while immutable references exist:

fn main() {
    let mut s = String::from("hello");
    
    let r1 = &s;
    let r2 = &s;
    // let r3 = &mut s;  // Error: cannot borrow as mutable
    
    println!("{}, {}", r1, r2);
    
    let r3 = &mut s;  // OK - r1 and r2 no longer used
    r3.push_str("!");
}

The borrow checker tracks reference scopes precisely. References are valid only while they’re used, not until the end of the enclosing block.

Lifetimes

Lifetimes ensure references remain valid. The compiler infers most lifetimes, but sometimes you must annotate them:

fn longest<'a>(x: &'a str, y: &'a str) -> &'a str {
    if x.len() > y.len() { x } else { y }
}

fn main() {
    let string1 = String::from("long string");
    let string2 = String::from("short");
    
    let result = longest(&string1, &string2);
    println!("Longest: {}", result);
}

The 'a lifetime annotation tells Rust that the returned reference lives as long as the shorter of the two input references. This prevents returning dangling references:

fn bad_longest<'a>(x: &'a str, y: &str) -> &'a str {
    let result = String::from("owned");
    &result  // Error: returns reference to local variable
}

Structs holding references need lifetime annotations:

struct Excerpt<'a> {
    part: &'a str,
}

fn main() {
    let novel = String::from("Call me Ishmael. Some years ago...");
    let first_sentence = novel.split('.').next().unwrap();
    
    let excerpt = Excerpt { part: first_sentence };
    println!("{}", excerpt.part);
}

The 'static lifetime means a reference lives for the entire program duration:

let s: &'static str = "I live forever";

String literals have 'static lifetime because they’re embedded in the binary.

Smart Pointers and Interior Mutability

Sometimes ownership rules are too restrictive. Smart pointers provide controlled flexibility:

Box allocates data on the heap:

fn main() {
    let b = Box::new(5);
    println!("b = {}", b);
}  // Box and its data dropped

Use Box for large data, recursive types, or trait objects:

enum List {
    Cons(i32, Box<List>),
    Nil,
}

Rc enables shared ownership through reference counting:

use std::rc::Rc;

fn main() {
    let a = Rc::new(String::from("shared"));
    let b = Rc::clone(&a);
    let c = Rc::clone(&a);
    
    println!("Count: {}", Rc::strong_count(&a));  // 3
}

Rc only works in single-threaded contexts. For thread safety, use Arc:

use std::sync::Arc;
use std::thread;

fn main() {
    let data = Arc::new(vec![1, 2, 3]);
    
    let handles: Vec<_> = (0..3).map(|_| {
        let data = Arc::clone(&data);
        thread::spawn(move || {
            println!("{:?}", data);
        })
    }).collect();
    
    for handle in handles {
        handle.join().unwrap();
    }
}

RefCell provides interior mutability with runtime borrow checking:

use std::cell::RefCell;

fn main() {
    let data = RefCell::new(5);
    
    *data.borrow_mut() += 1;
    println!("{}", data.borrow());  // 6
}

Combine Rc and RefCell for shared mutable data:

use std::rc::Rc;
use std::cell::RefCell;

fn main() {
    let value = Rc::new(RefCell::new(5));
    
    let a = Rc::clone(&value);
    let b = Rc::clone(&value);
    
    *a.borrow_mut() += 10;
    *b.borrow_mut() += 20;
    
    println!("{}", value.borrow());  // 35
}

For thread-safe mutation, combine Arc with Mutex:

use std::sync::{Arc, Mutex};
use std::thread;

fn main() {
    let counter = Arc::new(Mutex::new(0));
    let mut handles = vec![];
    
    for _ in 0..10 {
        let counter = Arc::clone(&counter);
        let handle = thread::spawn(move || {
            let mut num = counter.lock().unwrap();
            *num += 1;
        });
        handles.push(handle);
    }
    
    for handle in handles {
        handle.join().unwrap();
    }
    
    println!("Result: {}", *counter.lock().unwrap());  // 10
}

Common Patterns and Best Practices

Clone when ownership transfer is problematic:

fn process_data(data: &[i32]) -> Vec<i32> {
    data.to_vec()  // Clone to return owned data
}

Use references for read-only access:

struct Config {
    name: String,
    value: i32,
}

impl Config {
    fn display(&self) {  // Borrow, don't take ownership
        println!("{}: {}", self.name, self.value);
    }
}

Builder pattern with ownership:

struct RequestBuilder {
    url: String,
    headers: Vec<String>,
}

impl RequestBuilder {
    fn new(url: String) -> Self {
        RequestBuilder { url, headers: vec![] }
    }
    
    fn header(mut self, header: String) -> Self {
        self.headers.push(header);
        self  // Return ownership for chaining
    }
    
    fn build(self) -> Request {
        Request { url: self.url, headers: self.headers }
    }
}

Error handling preserves ownership:

fn parse_config(path: &str) -> Result<Config, std::io::Error> {
    let contents = std::fs::read_to_string(path)?;
    Ok(Config { name: contents, value: 42 })
}

Conclusion

Rust’s ownership system transforms memory bugs from runtime disasters into compile-time errors. The learning curve is steep, but the payoff is enormous: you write fast, safe code without garbage collection overhead or manual memory management footguns.

Start with ownership fundamentals, embrace the borrow checker’s feedback, and use smart pointers when needed. The compiler is your ally—when it complains, it’s preventing bugs that would be nightmares to debug in other languages. Master ownership, and you’ll write systems code with confidence that entire classes of bugs simply cannot exist in your programs.

Liked this? There's more.

Every week: one practical technique, explained simply, with code you can use immediately.