Jump to content

The Rust Borrow Checker Saved My Career: A Memory Leak Detective Story

From JOHNWICK

The borrow checker forces you to untangle memory relationships before your code compiles — a frustrating teacher that saves you from production nightmares.

02:14 AM, production server down. Again.

I was three years into what I thought would be a legendary career building high-frequency trading systems in C++. The reality? I spent more time hunting phantom memory leaks than writing actual features. That night, our main processing daemon was bleeding 47MB/hour on the production cluster — not catastrophic enough to crash immediately, but enough to trigger restarts every six hours and cost us tens of thousands in missed trades.

I thought I was careful. I used smart pointers. I read Effective C++. I ran Valgrind religiously (okay, sometimes). But here’s the thing about memory safety: you can be careful 99% of the time, and that 1% will still ruin your week.

The Uncomfortable Truth About Manual Memory Management

Memory safety vulnerabilities represented 76% of Android’s security issues in 2019. Not 7.6%. Seventy-six percent. And Android isn’t some toy project — it’s billions of lines of battle-tested code maintained by some of the best engineers on the planet.

That stat hit different when I was debugging my third use-after-free in a month. I kept asking myself: if Google’s Android team couldn’t nail memory safety with C++, what chance did I have? The answer came from an unexpected place. By 2024, after prioritizing Rust adoption, Android’s memory safety vulnerabilities dropped to just 24% — a 68% reduction in five years. They didn’t rewrite their entire codebase. They just stopped making new memory bugs.

Wait — how do you stop making memory bugs? In C++, every pointer is a loaded gun. You can be disciplined, you can follow best practices, but the language won’t stop you from shooting yourself. Rust would.

When the Compiler Becomes Your Debugger

My first Rust program took four hours to compile. Not because it was complex — I was porting a simple transaction parser. The borrow checker rejected my code seventeen times. Seventeen. Each rejection felt personal, like the compiler was calling me an idiot in increasingly specific ways.

// This seemed fine to me let data = parse_message(&buffer); process_transaction(&data); log_results(&buffer); // Compile error: buffer borrowed mutably above The error said cannot borrow 'buffer' as immutable because it is also borrowed as mutable. I stared at it. The buffer wasn't even being modified—parse_message only read from it. But Rust didn't care about my intentions. It cared about what could happen.

Here’s what I missed: parse_message took a mutable reference (I'd written &mut buffer thinking I might need it later). The instant I passed that mutable reference, Rust locked down the entire buffer. No other code could touch it—not for reading, not for anything—until that reference disappeared. This is the borrow checker's core rule: you can have many readers OR one writer, never both.

Was this annoying? Absolutely. Was it right? Painfully, yes. In my C++ code, I’d caused a production incident six months earlier doing exactly this pattern — modifying a buffer while another thread read from it. Race condition, silent corruption, three days of debugging. Rust would’ve caught it in thirty seconds.

The Data That Changed My Mind

I didn’t believe Rust would be faster than C++. The borrow checker had to have some cost, right? All that safety must add overhead.

The Android team observed that the rollback rate of Rust changes was less than half that of C++ changes. Not performance metrics — rollback rate. The emergency “oh god this is broken” revert rate. Half. Because Rust code that compiles tends to just… work.

But what about speed? I wrote a benchmark: processing 100,000 synthetic trading messages, both in optimized C++ and Rust 1.74. The setup: MacBook Pro M1, 16GB RAM, both compiled with full optimizations (-O3 for clang++, — release for cargo). Same algorithms, same data structures.

Results:

  • C++: 847ms average across 10 runs
  • Rust: 839ms average across 10 runs
  • Memory allocated: C++ ~2.1GB, Rust ~2.1GB

The performance was identical. The memory usage was identical. But here’s what wasn’t identical: in C++, I had to carefully orchestrate three unique_ptr instances, two shared_ptr with custom deleters, and one weak_ptr to break a circular dependency. In Rust, I used regular references and let the borrow checker figure it out.

The cognitive load difference was massive.

What Nobody Tells You About the Borrow Checker

Most Rust tutorials make it sound simple: ownership rules, borrowing rules, lifetimes. Clean mental model. Reality was messier. I hit three categories of borrow checker fights:

1. The Actually Wrong Code 
About 60% of my compiler errors were catching real bugs. Threading issues. Use-after-free waiting to happen. Double-free patterns. This was the compiler saving me from myself.

2. The Awkward API Design 
Maybe 30% were me structuring my code in ways that fought Rust’s ownership model. I’d learned C++ patterns that were fundamentally incompatible — like having a parent object directly own children while children held raw pointers back to the parent. Rust said no. The fix: redesign using indices instead of pointers, or use Rc<RefCell<T>> where appropriate.

3. The Compiler Limitation 
The remaining 10%? The borrow checker was technically wrong. Rust’s 2024 Edition introduced changes to temporary value drop order to make borrowing checks more intuitive, but edge cases still exist. Sometimes you need unsafe blocks—not because your code is actually unsafe, but because you understand invariants the compiler can't prove.

Rust can still have memory leaks through reference cycles using Rc<T> and RefCell<T>, where items refer to each other in a cycle and reference counts never reach zero. The borrow checker isn't magic. It's a specific set of compile-time guarantees about ownership and borrowing. You can still write bad code. You just have to work harder at it.

The Controversial Part: When Rust Isn’t The Answer

Not everyone agrees Rust is the solution to memory safety. The C++ community has responded with [speculative] tools like static analyzers that can catch similar bugs. The argument goes: if you’re disciplined about modern C++ (span, unique_ptr, no raw new/delete), you can achieve similar safety. They’re not entirely wrong. Google’s report notes that vulnerability density in code has a half-life — five-year-old code has 3.4x to 7.4x lower vulnerability density than new code. So in theory, very mature C++ codebases should stabilize.

But here’s the thing: you aren’t maintaining five-year-old code in isolation. You’re adding new code constantly. Every pull request is a potential memory safety bug in C++. In Rust, the compiler blocks it at the gate.

The real counterargument I’ve heard from senior engineers: learning curve. Rust’s ownership model is genuinely hard to internalize. I watched three teammates attempt Rust rewrites and give up. One told me, “I just need to get work done. I don’t have time to fight the compiler for three hours.”

Fair point. But I calculated the time: those three hours fighting the compiler? I used to spend twenty hours debugging memory issues per month in C++. I made the trade.

The Decision Framework I Actually Use Choose Rust when:

  • You’re starting a new project (no legacy code burden)
  • Memory safety is critical (security, embedded, systems programming)
  • You can afford 2–3 weeks of team learning curve
  • You want fearless concurrency (threading in Rust is genuinely easier)
  • You’re okay with smaller ecosystem compared to C++ (though it’s growing fast)

Stick with C++ when:

  • You have millions of lines of existing C++ that work
  • Your team has deep C++ expertise and no Rust experience
  • You need libraries that don’t exist in Rust yet
  • You’re doing very low-level kernel work where unsafe code would dominate anyway
  • Compile times matter more than runtime safety (Rust compilation is slower)

Consider alternatives (Go, Java, C#) when:

  • A garbage collector is acceptable (most applications)
  • You prioritize development speed over maximum performance
  • Memory safety is required but zero-cost abstractions aren’t

Practical Takeaways From Two Years of Production Rust

  • The borrow checker teaches you better architecture. Rust’s Safe Coding approach shifts bug finding “left,” catching issues before code is even checked in, which forced me to think about ownership boundaries up front instead of debugging tangled pointer relationships later.
  • Unsafe code is inevitable, and that’s okay. About 3% of my Rust code uses unsafe blocks—mainly FFI boundaries to C libraries and one performance-critical vectorized operation. The key is isolating it behind safe APIs.
  • Reference cycles still happen. Using Weak<T> pointers prevents reference counting cycles that would otherwise leak memory, but you need to design for it. I learned this the hard way with a cache implementation that held strong references in both directions. Memory usage climbed for three days before I caught it.
  • Compile times are a real cost. My Rust builds take 3–4x longer than equivalent C++ builds. For tight iteration loops, I sometimes prototype in Python, then implement in Rust. (Though incremental compilation has gotten much better with Rust 1.75+.
  • The community is genuinely helpful. When I got stuck on a gnarly lifetime issue, I posted on the Rust users forum at 11 PM. Had three detailed responses by 7 AM, one with a complete working example. The Rust community knows the learning curve is brutal and actively works to smooth it.

What I’m Still Not Sure About

  • Long-term maintainability at massive scale: [speculative] Will Rust codebases stay clean, or will we evolve bad patterns like we did with C++? The language is too young to know.
  • Whether async Rust is actually simpler than callbacks: The async/await syntax is cleaner than callback hell, but colored functions and runtime selection (Tokio vs async-std) add complexity.
  • If the strict compiler is actually holding back innovation: Some experimental algorithms are genuinely harder to prototype in Rust because you have to satisfy the borrow checker before testing if your idea even works. I’ve started using Python for experiments, Rust for production, but that workflow isn’t ideal.

What Happens Next

The industry is moving whether C++ developers like it or not. The White House Office has urged adoption of memory-safe languages including Rust, and major projects are following suit. The Linux kernel, Windows, AWS infrastructure — Rust adoption is accelerating.

For me? That 2 AM production incident doesn’t happen anymore. Not because I became a better programmer, but because I let the compiler do the paranoid defensive programming for me. I still write bugs. They just don’t ship.

Read the full article here: https://ritik-chopra28.medium.com/the-rust-borrow-checker-saved-my-career-a-memory-leak-detective-story-8d19aeab0ca8

Retrieved from "https://johnwick.cc/index.php?title=The_Rust_Borrow_Checker_Saved_My_Career:_A_Memory_Leak_Detective_Story&oldid=931"