#pointer #opaque #pointers #cbindgen #ffi

no-std opaque-pointer

Generic functions to work with opaque pointers when use FFI to expose Rust structs

3 unstable releases

0.8.8 Apr 22, 2023
0.8.6 Dec 9, 2021
0.8.5 May 12, 2021
0.7.2 Jan 29, 2021
0.3.0 Sep 13, 2020

#61 in FFI

Download history 71/week @ 2023-02-10 62/week @ 2023-02-17 25/week @ 2023-02-24 13/week @ 2023-03-03 14/week @ 2023-03-10 17/week @ 2023-03-17 49/week @ 2023-03-24 14/week @ 2023-03-31 17/week @ 2023-04-07 32/week @ 2023-04-14 56/week @ 2023-04-21 35/week @ 2023-04-28 80/week @ 2023-05-05 18/week @ 2023-05-12 19/week @ 2023-05-19 41/week @ 2023-05-26

173 downloads per month


139 lines


Generic functions to work with opaque pointers when use FFI to expose Rust structs

Crates.io Crates.io Crates.io

Basic usage

With this crate you can manage raw pointers easily to expose structs that will be use as opaque pointers from C or C++ calling to Rust functions to use it. This can be used with cbindgen crate with option parse.parse_deps = true for it will generate opaque C/C++ structs to use pointers in the arguments.

You can find more information about using Rust from other languages in The Rust FFI Omnibus objects section of Jake Goulding.

Lender feature

If you activate the feature lender the functions like own_back<T>() will check if the pointer is valid. It means, the function result will be a error if the pointer was not returned by raw<T>().


Creating FFIs to use a Rust's struct methods from C or C++:

struct Counter { value: u8 }

impl Counter {
    pub fn new() -> Self { Self { value: 0 } }
    pub fn add(&mut self, value: u8) { self.value += value }
    pub fn get(&self) -> u8 { self.value }

/// Ownership will NOT control the heap-allocated memory until own it back.
pub extern fn counter_new(value: u8) -> *mut Counter {
    return opaque_pointer::raw(Counter::new());

/// Drop (free memory of) Rust's Counter object as usually.
pub extern fn counter_free(counter: *mut Counter) {
    unsafe { opaque_pointer::free(counter) };

pub extern fn counter_add(counter: *mut Counter, value: u8) -> bool {
    let counter = unsafe { opaque_pointer::mut_object(counter) };
    if counter.is_err() {
        return false;
    let counter = counter.unwrap();
    // Here will NOT be dropped, the pointer continues been valid.
    return true;

pub extern fn counter_get(counter: *const Counter) -> u8  {
    let counter = unsafe { opaque_pointer::object(counter) };
    if counter.is_err() {
        return 0;
    let counter = counter.unwrap();
    return counter.get();
    // Here will NOT be dropped, the pointer continues been valid.

The previous example is compiled when tests are run. If you have an error with that code, please, open a issue.


  • std: activated by default, it is required for c-types FFI.
  • alloc: required if compile without std.
  • c-types: FFI for C types, requires std feature.

Panic & unwind in FFI functions

This create returns a result to avoid panic if the pointer is null, if yours FFI need to panic check out the next links.

As a good resume see comment in gtk-rs issue #78:

Currently any unwinding across extern "C" functions is UB, even if all those functions happens to be implemented in Rust. That's part of what that WG is working on solving. For example this adds support for an extern "C-unwind" ABI that explicitly allows unwinding (and AFAIU causes unwinding through extern "C" to abort as it should).

And the mentioned pull request #76570 of Rust.

Also see comment in Rust issue #58794 and Rust issue #58760:

The default was changed to abort-by-default in extern functions in this PR. This is tracking the stabilization of the #[unwind(allowed)] (and #[unwind(abort)]) attributes.

Also Rust pull request #55982:

This PR changes the behavior of generated code to be sound-by-default. If an extern fn is unwound (panicked through) then it immediately aborts the program. Put another way, no extern fn can unwind.

And Rust issue #52652:

This UB is not mentioned in any later release notes.