Compile-time state validation
Type-state programming is a technique where the state of an object is encoded in its type, allowing the compiler to verify that operations are only performed when the object is in a valid state. Instead of checking state at runtime with if statements or enums, the type system itself prevents invalid operations from compiling.
The key insight: If an invalid state transition cannot be expressed in code, it cannot happen at runtime.
self and return a new state type// WITHOUT type-state (runtime checking)
struct Connection {
state: ConnectionState,
socket: TcpStream,
}
impl Connection {
fn send(&mut self, data: &[u8]) -> Result<(), Error> {
if self.state != ConnectionState::Connected {
return Err(Error::NotConnected); // Runtime error!
}
self.socket.write_all(data)?;
Ok(())
}
}
// WITH type-state (compile-time checking)
struct Connection<State> {
socket: TcpStream,
_state: PhantomData<State>,
}
impl Connection<Connected> {
fn send(&mut self, data: &[u8]) -> Result<(), Error> {
// Can ONLY be called when Connected!
// No runtime check needed!
self.socket.write_all(data)?;
Ok(())
}
}
// This won't compile:
// let conn = Connection::<Disconnected>::new();
// conn.send(b"hello"); // ERROR: method `send` not found in `Connection<Disconnected>`The type-state version eliminates an entire class of bugs at compile time, with zero runtime cost.
---
The TCP protocol defines a precise state machine. Let's enforce it in types:
use std::io::{Read, Write};
use std::marker::PhantomData;
use std::net::{TcpStream, ToSocketAddrs};
// State marker types (zero-sized)
struct Disconnected;
struct Connecting;
struct Connected;
struct Closing;
struct TcpConnection<State> {
socket: Option<TcpStream>,
_state: PhantomData<State>,
}
// Initial state: Disconnected
impl TcpConnection<Disconnected> {
fn new() -> Self {
TcpConnection {
socket: None,
_state: PhantomData,
}
}
fn connect<A: ToSocketAddrs>(
self,
addr: A,
) -> Result<TcpConnection<Connected>, std::io::Error> {
let socket = TcpStream::connect(addr)?;
Ok(TcpConnection {
socket: Some(socket),
_state: PhantomData,
})
}
}
// Connected state: Can send/receive
impl TcpConnection<Connected> {
fn send(&mut self, data: &[u8]) -> std::io::Result<usize> {
// Safe: socket always exists when Connected
self.socket.as_mut().unwrap().write(data)
}
fn receive(&mut self, buffer: &mut [u8]) -> std::io::Result<usize> {
self.socket.as_mut().unwrap().read(buffer)
}
fn close(self) -> TcpConnection<Disconnected> {
// Consume self, drop the socket, return to Disconnected
drop(self.socket);
TcpConnection {
socket: None,
_state: PhantomData,
}
}
fn shutdown(self) -> TcpConnection<Closing> {
// Begin graceful shutdown
TcpConnection {
socket: self.socket,
_state: PhantomData,
}
}
}
// Closing state: Can only finalize
impl TcpConnection<Closing> {
fn finalize(mut self) -> TcpConnection<Disconnected> {
if let Some(socket) = self.socket.as_mut() {
let _ = socket.shutdown(std::net::Shutdown::Both);
}
TcpConnection {
socket: None,
_state: PhantomData,
}
}
}
// Usage
fn example_tcp() -> std::io::Result<()> {
let conn = TcpConnection::<Disconnected>::new();
// This won't compile - no `send` method on Disconnected:
// conn.send(b"hello");
let mut conn = conn.connect("127.0.0.1:8080")?;
// Now we can send - type system guarantees connection!
conn.send(b"GET / HTTP/1.1\r\n\r\n")?;
let mut buffer = [0u8; 1024];
let n = conn.receive(&mut buffer)?;
println!("Received {} bytes", n);
// Graceful shutdown
let conn = conn.shutdown();
let _conn = conn.finalize();
// Can't send after closing - won't compile:
// conn.send(b"too late");
Ok(())
}Files have permission-based states that should be enforced at compile time:
use std::fs::File;
use std::io::{Read, Write};
use std::marker::PhantomData;
use std::path::Path;
// Permission marker types
struct ReadOnly;
struct WriteOnly;
struct ReadWrite;
struct Closed;
struct FileHandle<Perm> {
file: Option<File>,
_perm: PhantomData<Perm>,
}
// Closed state: Can only open
impl FileHandle<Closed> {
fn new() -> Self {
FileHandle {
file: None,
_perm: PhantomData,
}
}
fn open_read<P: AsRef<Path>>(
self,
path: P,
) -> std::io::Result<FileHandle<ReadOnly>> {
let file = File::open(path)?;
Ok(FileHandle {
file: Some(file),
_perm: PhantomData,
})
}
fn open_write<P: AsRef<Path>>(
self,
path: P,
) -> std::io::Result<FileHandle<WriteOnly>> {
let file = File::create(path)?;
Ok(FileHandle {
file: Some(file),
_perm: PhantomData,
})
}
fn open_read_write<P: AsRef<Path>>(
self,
path: P,
) -> std::io::Result<FileHandle<ReadWrite>> {
let file = std::fs::OpenOptions::new()
.read(true)
.write(true)
.create(true)
.open(path)?;
Ok(FileHandle {
file: Some(file),
_perm: PhantomData,
})
}
}
// ReadOnly: Can only read
impl FileHandle<ReadOnly> {
fn read(&mut self, buffer: &mut [u8]) -> std::io::Result<usize> {
self.file.as_mut().unwrap().read(buffer)
}
fn close(self) -> FileHandle<Closed> {
drop(self.file);
FileHandle {
file: None,
_perm: PhantomData,
}
}
}
// WriteOnly: Can only write
impl FileHandle<WriteOnly> {
fn write(&mut self, data: &[u8]) -> std::io::Result<usize> {
self.file.as_mut().unwrap().write(data)
}
fn close(self) -> FileHandle<Closed> {
drop(self.file);
FileHandle {
file: None,
_perm: PhantomData,
}
}
}
// ReadWrite: Can do both
impl FileHandle<ReadWrite> {
fn read(&mut self, buffer: &mut [u8]) -> std::io::Result<usize> {
self.file.as_mut().unwrap().read(buffer)
}
fn write(&mut self, data: &[u8]) -> std::io::Result<usize> {
self.file.as_mut().unwrap().write(data)
}
fn close(self) -> FileHandle<Closed> {
drop(self.file);
FileHandle {
file: None,
_perm: PhantomData,
}
}
}
// Usage
fn example_file() -> std::io::Result<()> {
let handle = FileHandle::<Closed>::new();
let mut handle = handle.open_read("data.txt")?;
let mut buffer = [0u8; 1024];
handle.read(&mut buffer)?;
// This won't compile - no `write` method on ReadOnly:
// handle.write(b"data");
let handle = handle.close();
let mut handle = handle.open_write("output.txt")?;
handle.write(b"Hello, world!")?;
// This won't compile - no `read` method on WriteOnly:
// handle.read(&mut buffer);
Ok(())
}Enforce required fields at compile time:
use std::collections::HashMap;
use std::marker::PhantomData;
// Builder state markers
struct NoMethod;
struct HasMethod;
struct NoUrl;
struct HasUrl;
struct HttpRequestBuilder<Method, Url> {
method: Option<String>,
url: Option<String>,
headers: HashMap<String, String>,
body: Option<Vec<u8>>,
_method: PhantomData<Method>,
_url: PhantomData<Url>,
}
// Initial state: Nothing set
impl HttpRequestBuilder<NoMethod, NoUrl> {
fn new() -> Self {
HttpRequestBuilder {
method: None,
url: None,
headers: HashMap::new(),
body: None,
_method: PhantomData,
_url: PhantomData,
}
}
}
// Can set method from NoMethod state
impl<U> HttpRequestBuilder<NoMethod, U> {
fn method(self, method: &str) -> HttpRequestBuilder<HasMethod, U> {
HttpRequestBuilder {
method: Some(method.to_string()),
url: self.url,
headers: self.headers,
body: self.body,
_method: PhantomData,
_url: PhantomData,
}
}
}
// Can set URL from NoUrl state
impl<M> HttpRequestBuilder<M, NoUrl> {
fn url(self, url: &str) -> HttpRequestBuilder<M, HasUrl> {
HttpRequestBuilder {
method: self.method,
url: Some(url.to_string()),
headers: self.headers,
body: self.body,
_method: PhantomData,
_url: PhantomData,
}
}
}
// Optional fields available in all states
impl<M, U> HttpRequestBuilder<M, U> {
fn header(mut self, key: &str, value: &str) -> Self {
self.headers.insert(key.to_string(), value.to_string());
self
}
fn body(mut self, body: Vec<u8>) -> Self {
self.body = Some(body);
self
}
}
// Can only build when method AND url are set
impl HttpRequestBuilder<HasMethod, HasUrl> {
fn build(self) -> HttpRequest {
HttpRequest {
method: self.method.unwrap(),
url: self.url.unwrap(),
headers: self.headers,
body: self.body,
}
}
}
struct HttpRequest {
method: String,
url: String,
headers: HashMap<String, String>,
body: Option<Vec<u8>>,
}
// Usage
fn example_http() {
// Must set method and URL before building
let request = HttpRequestBuilder::new()
.method("GET")
.url("https://api.example.com/users")
.header("Authorization", "Bearer token123")
.header("Accept", "application/json")
.build();
// This won't compile - missing URL:
// let bad = HttpRequestBuilder::new()
// .method("POST")
// .build(); // ERROR: no method `build` on `HttpRequestBuilder<HasMethod, NoUrl>`
// This won't compile - missing method:
// let bad = HttpRequestBuilder::new()
// .url("https://example.com")
// .build(); // ERROR: no method `build` on `HttpRequestBuilder<NoMethod, HasUrl>`
// Order doesn't matter (commutative):
let request2 = HttpRequestBuilder::new()
.url("https://example.com") // URL first
.method("POST") // Then method
.body(b"data".to_vec())
.build();
}Financial state machines with one-way transitions:
use std::marker::PhantomData;
// Payment states
struct Created;
struct Pending;
struct Authorized;
struct Captured;
struct Refunded;
struct Failed;
struct Payment<State> {
id: String,
amount: u64,
currency: String,
_state: PhantomData<State>,
}
// Created: Initial state
impl Payment<Created> {
fn new(id: String, amount: u64, currency: String) -> Self {
Payment {
id,
amount,
currency,
_state: PhantomData,
}
}
fn submit(self) -> Payment<Pending> {
println!("Payment {} submitted", self.id);
Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
}
}
}
// Pending: Waiting for authorization
impl Payment<Pending> {
fn authorize(self) -> Result<Payment<Authorized>, Payment<Failed>> {
// Simulate authorization check
if self.amount > 0 {
println!("Payment {} authorized", self.id);
Ok(Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
})
} else {
Err(Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
})
}
}
}
// Authorized: Can capture or cancel
impl Payment<Authorized> {
fn capture(self) -> Payment<Captured> {
println!("Payment {} captured - funds transferred", self.id);
Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
}
}
fn cancel(self) -> Payment<Created> {
println!("Payment {} authorization cancelled", self.id);
Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
}
}
}
// Captured: Can refund (once!)
impl Payment<Captured> {
fn refund(self) -> Payment<Refunded> {
println!("Payment {} refunded", self.id);
Payment {
id: self.id,
amount: self.amount,
currency: self.currency,
_state: PhantomData,
}
}
}
// Failed and Refunded: Terminal states (no methods)
impl Payment<Failed> {
fn reason(&self) -> &str {
"Authorization failed"
}
}
impl Payment<Refunded> {
// No further transitions allowed
}
// Usage
fn example_payment() {
let payment = Payment::new("pay_123".to_string(), 5000, "USD".to_string());
// Workflow 1: Successful capture
let payment = payment.submit();
let payment = payment.authorize().expect("Authorization failed");
let payment = payment.capture();
// Can refund captured payment
let payment = payment.refund();
// This won't compile - can't refund twice:
// payment.refund(); // ERROR: moved value
// Workflow 2: Authorization failure
let payment2 = Payment::new("pay_456".to_string(), 0, "USD".to_string());
let payment2 = payment2.submit();
match payment2.authorize() {
Ok(_) => println!("Authorized"),
Err(failed) => println!("Failed: {}", failed.reason()),
}
// This won't compile - can't capture without authorization:
// let payment3 = Payment::new("pay_789".to_string(), 1000, "USD".to_string());
// payment3.capture(); // ERROR: no method `capture` on `Payment<Created>`
}Zero-overhead state machines for game logic:
use std::marker::PhantomData;
// Player states
struct Idle;
struct Walking;
struct Jumping;
struct Attacking;
struct Dead;
struct Player<State> {
position: (f32, f32),
velocity: (f32, f32),
health: i32,
_state: PhantomData<State>,
}
// Idle: Can walk, jump, or attack
impl Player<Idle> {
fn new(position: (f32, f32)) -> Self {
Player {
position,
velocity: (0.0, 0.0),
health: 100,
_state: PhantomData,
}
}
fn walk(self, direction: (f32, f32)) -> Player<Walking> {
Player {
position: self.position,
velocity: direction,
health: self.health,
_state: PhantomData,
}
}
fn jump(self) -> Player<Jumping> {
Player {
position: self.position,
velocity: (0.0, 10.0),
health: self.health,
_state: PhantomData,
}
}
fn attack(self) -> Player<Attacking> {
Player {
position: self.position,
velocity: (0.0, 0.0),
health: self.health,
_state: PhantomData,
}
}
}
// Walking: Can stop, jump, or attack
impl Player<Walking> {
fn update(mut self, dt: f32) -> Self {
self.position.0 += self.velocity.0 * dt;
self.position.1 += self.velocity.1 * dt;
self
}
fn stop(self) -> Player<Idle> {
Player {
position: self.position,
velocity: (0.0, 0.0),
health: self.health,
_state: PhantomData,
}
}
fn jump(self) -> Player<Jumping> {
Player {
position: self.position,
velocity: (self.velocity.0, 10.0),
health: self.health,
_state: PhantomData,
}
}
}
// Jumping: Can only land (simplified)
impl Player<Jumping> {
fn update(mut self, dt: f32) -> Self {
self.position.1 += self.velocity.1 * dt;
self.velocity.1 -= 9.8 * dt; // Gravity
self
}
fn land(self) -> Player<Idle> {
Player {
position: (self.position.0, 0.0), // Ground level
velocity: (0.0, 0.0),
health: self.health,
_state: PhantomData,
}
}
}
// Attacking: Can only finish attack
impl Player<Attacking> {
fn finish_attack(self) -> Player<Idle> {
Player {
position: self.position,
velocity: (0.0, 0.0),
health: self.health,
_state: PhantomData,
}
}
}
// Any state can take damage
impl<State> Player<State> {
fn take_damage(mut self, damage: i32) -> Result<Player<State>, Player<Dead>> {
self.health -= damage;
if self.health <= 0 {
Err(Player {
position: self.position,
velocity: (0.0, 0.0),
health: 0,
_state: PhantomData,
})
} else {
Ok(self)
}
}
}
// Dead: Terminal state
impl Player<Dead> {
fn respawn(self, position: (f32, f32)) -> Player<Idle> {
Player {
position,
velocity: (0.0, 0.0),
health: 100,
_state: PhantomData,
}
}
}
// Usage in game loop
fn game_loop_example() {
let mut player = Player::<Idle>::new((0.0, 0.0));
// Walk right
let mut player = player.walk((5.0, 0.0));
player = player.update(0.016); // 60 FPS
// Jump while walking
let mut player = player.jump();
// This won't compile - can't attack while jumping:
// player.attack(); // ERROR: no method `attack` on `Player<Jumping>`
// Land and attack
let player = player.land();
let player = player.attack();
let player = player.finish_attack();
// Take damage
match player.take_damage(150) {
Ok(alive) => {
// Continue playing
}
Err(dead) => {
let player = dead.respawn((0.0, 0.0));
// Back to idle
}
}
}---
Type-state programming relies on three key mechanisms:
use std::marker::PhantomData;
struct Connection<State> {
socket: TcpStream,
_state: PhantomData<State>, // Zero-sized, compiler-only marker
}PhantomData tells the compiler:
State"State doesn't actually appear in any fields"Connection and Connection as different types"PhantomData has size 0 and is optimized away.
State transitions consume self, preventing use of the old state:
impl Connection<Disconnected> {
fn connect(self) -> Result<Connection<Connected>, Error> {
// ^^^^ Consumes self
// Old Disconnected state is gone, can't be used again
let socket = TcpStream::connect("127.0.0.1:8080")?;
Ok(Connection {
socket,
_state: PhantomData,
})
}
}
// Usage
let conn = Connection::<Disconnected>::new();
let conn = conn.connect()?; // conn (Disconnected) moved
// Can't use old conn here - it's been consumed!This ensures:
Methods are only available for specific states:
impl Connection<Connected> {
// ^^^^^^^^^ Only for Connected state
fn send(&mut self, data: &[u8]) -> Result<()> {
self.socket.write_all(data)
}
}
// Disconnected has NO send method
impl Connection<Disconnected> {
// send() doesn't exist here
}The compiler will reject:
let conn = Connection::<Disconnected>::new();
conn.send(b"data"); // ERROR: no method named `send` found for type `Connection<Disconnected>`Let's prove type-state has zero runtime overhead:
use std::marker::PhantomData;
// Type-state version
struct TypeStateFile<State> {
fd: i32,
_state: PhantomData<State>,
}
// Raw version
struct RawFile {
fd: i32,
}
// Check sizes
assert_eq!(
std::mem::size_of::<TypeStateFile<ReadOnly>>(),
std::mem::size_of::<RawFile>()
);
// Both are 4 bytes (just the i32)
assert_eq!(std::mem::size_of::<PhantomData<ReadOnly>>(), 0);
// PhantomData is zero-sized// Type-state version
impl TypeStateFile<ReadOnly> {
fn read(&mut self, buf: &mut [u8]) -> usize {
unsafe { libc::read(self.fd, buf.as_mut_ptr() as *mut _, buf.len()) as usize }
}
}
// Raw version
impl RawFile {
fn read(&mut self, buf: &mut [u8]) -> usize {
unsafe { libc::read(self.fd, buf.as_mut_ptr() as *mut _, buf.len()) as usize }
}
}Both compile to identical assembly:
mov rdi, qword ptr [rsi] ; Load fd
mov rsi, qword ptr [rdx] ; Load buffer pointer
mov rdx, qword ptr [rdx + 8] ; Load buffer length
call read@PLT ; Call libc readThe state type parameter disappears during monomorphization—it only exists at compile time.
The power of type-state is making invalid states unrepresentable:
// BAD: Runtime validation
enum FileState {
Closed,
OpenReadOnly,
OpenWriteOnly,
}
struct File {
fd: Option<i32>,
state: FileState,
}
impl File {
fn write(&mut self, data: &[u8]) -> Result<()> {
match self.state {
FileState::OpenWriteOnly => { /* OK */ }
_ => return Err(Error::InvalidState), // Runtime error!
}
// ...
}
}
// GOOD: Compile-time validation
struct File<State> {
fd: i32,
_state: PhantomData<State>,
}
impl File<WriteOnly> {
fn write(&mut self, data: &[u8]) -> Result<()> {
// No check needed - can ONLY be called when WriteOnly!
// ...
}
}
// File<ReadOnly> doesn't even HAVE a write methodType-state produces helpful compiler errors:
let conn = TcpConnection::<Disconnected>::new();
conn.send(b"data");error[E0599]: no method named `send` found for struct `TcpConnection<Disconnected>`
--> src/main.rs:42:10
|
42 | conn.send(b"data");
| ^^^^ method not found in `TcpConnection<Disconnected>`
|
= note: the method `send` exists but the following trait bounds were not satisfied:
`Disconnected: Connected`
= help: items from traits can only be used if the trait is implementedThe error guides the developer to the correct solution: connect first!
let mut conn = conn.connect("127.0.0.1:8080")?;
conn.send(b"data"); // Now it compiles!Type-state doesn't affect memory layout:
use std::marker::PhantomData;
#[repr(C)]
struct Connection<State> {
socket: i32, // 4 bytes
buffer: [u8; 1024], // 1024 bytes
_state: PhantomData<State>, // 0 bytes
}
// All states have the SAME layout:
assert_eq!(
std::mem::size_of::<Connection<Disconnected>>(),
std::mem::size_of::<Connection<Connected>>()
);
// Both are 1028 bytes (4 + 1024 + 0)
// Same alignment:
assert_eq!(
std::mem::align_of::<Connection<Disconnected>>(),
std::mem::align_of::<Connection<Connected>>()
);This means:
Type-state works seamlessly with RAII:
struct Connection<State> {
socket: TcpStream,
_state: PhantomData<State>,
}
// Implement Drop for ALL states
impl<State> Drop for Connection<State> {
fn drop(&mut self) {
println!("Closing connection");
// socket is automatically closed (it implements Drop)
}
}
// Usage
{
let mut conn = Connection::<Disconnected>::new()
.connect("127.0.0.1:8080")?;
conn.send(b"data")?;
// conn dropped here, connection closed automatically
}Why do we need PhantomData?
// WITHOUT PhantomData (won't compile):
struct Connection<State> {
socket: TcpStream,
}
// ERROR: parameter `State` is never used
// WITH PhantomData (compiles):
struct Connection<State> {
socket: TcpStream,
_state: PhantomData<State>,
}
// OK: State is "used" via PhantomDataConnection behaves with respect to subtypinguse std::marker::PhantomData;
// Invariant over State (default with PhantomData)
struct Connection<State> {
_state: PhantomData<State>,
}
// Can't substitute Connected for Disconnected
fn takes_connected(conn: Connection<Connected>) { }
let disconnected = Connection::<Disconnected> { _state: PhantomData };
// takes_connected(disconnected); // ERROR: type mismatchThis is exactly what we want—states should NOT be interchangeable!
---
// DON'T use type-state for simple flags
struct Connection<State> {
_state: PhantomData<State>,
}
// DO use a simple bool
struct Connection {
is_open: bool,
}
// Can't use type-state here - state unknown at compile time
match response.status() {
200 => { /* success state */ }
404 => { /* not found state */ }
500 => { /* error state */ }
_ => { /* unknown */ }
}---
// BAD: Type-state for a simple toggle
struct Light<State> {
brightness: u8,
_state: PhantomData<State>,
}
struct On;
struct Off;
impl Light<Off> {
fn turn_on(self) -> Light<On> {
Light { brightness: self.brightness, _state: PhantomData }
}
}
impl Light<On> {
fn turn_off(self) -> Light<Off> {
Light { brightness: self.brightness, _state: PhantomData }
}
}
// GOOD: Simple bool
struct Light {
is_on: bool,
brightness: u8,
}
impl Light {
fn toggle(&mut self) {
self.is_on = !self.is_on;
}
}// BAD: PhantomData not marked as unused
struct Connection<State> {
socket: TcpStream,
state: PhantomData<State>, // Missing underscore
}
// Looks like it might be used, confusing for readers
// GOOD: Clear that it's a marker
struct Connection<State> {
socket: TcpStream,
_state: PhantomData<State>, // Underscore indicates "unused" (but needed)
}_ to indicate they're markers.
// BAD: Checking state at runtime when compile-time is possible
struct File {
fd: i32,
mode: FileMode, // Runtime state
}
enum FileMode {
ReadOnly,
WriteOnly,
}
impl File {
fn write(&mut self, data: &[u8]) -> Result<()> {
if self.mode != FileMode::WriteOnly {
return Err(Error::NotWritable); // Runtime check
}
// ...
}
}
// GOOD: Compile-time state
struct File<Mode> {
fd: i32,
_mode: PhantomData<Mode>,
}
impl File<WriteOnly> {
fn write(&mut self, data: &[u8]) -> Result<()> {
// No runtime check needed!
// ...
}
}// BAD: Too many type parameters
struct Builder<HasUrl, HasMethod, HasHeaders, HasBody, HasAuth, HasTimeout> {
url: Option<String>,
method: Option<String>,
// ... 10+ fields
_has_url: PhantomData<HasUrl>,
_has_method: PhantomData<HasMethod>,
_has_headers: PhantomData<HasHeaders>,
_has_body: PhantomData<HasBody>,
_has_auth: PhantomData<HasAuth>,
_has_timeout: PhantomData<HasTimeout>,
}
// Nightmare to use:
// Builder<No, No, No, No, No, No>::new()...
// BETTER: Group related states
struct Builder<Required, Optional> {
url: Option<String>,
method: Option<String>,
// ...
_required: PhantomData<Required>,
_optional: PhantomData<Optional>,
}
struct RequiredFields<HasUrl, HasMethod> {
_url: PhantomData<HasUrl>,
_method: PhantomData<HasMethod>,
}
// OR: Use runtime validation for optional fields
struct Builder<Required> {
url: Option<String>, // Type-state required
method: Option<String>, // Type-state required
headers: HashMap<String, String>, // Runtime optional
_required: PhantomData<Required>,
}// BAD: No cleanup when dropped
struct Database<State> {
connection: DbConnection,
_state: PhantomData<State>,
}
// If dropped without explicit close, connection leaks!
// GOOD: Implement Drop for cleanup
impl<State> Drop for Database<State> {
fn drop(&mut self) {
println!("Closing database connection");
self.connection.close();
}
}
// EVEN BETTER: Make close explicit, warn if not closed
impl Database<Connected> {
fn close(self) -> Database<Closed> {
// Explicit close
self.connection.close();
Database { connection: self.connection, _state: PhantomData }
}
}
impl<State> Drop for Database<State> {
fn drop(&mut self) {
eprintln!("WARNING: Database connection dropped without explicit close!");
self.connection.close();
}
}---
Type-state is a true zero-cost abstraction:
// Type-state version
let mut conn = Connection::<Disconnected>::new();
let mut conn = conn.connect("127.0.0.1:8080")?;
conn.send(b"data")?;
// Compiles to the same assembly as:
let mut conn = RawConnection::new();
conn.raw_connect("127.0.0.1:8080")?;
conn.raw_send(b"data")?;Type-state: 847ns
Raw version: 847ns
Difference: 0ns (identical)Type-state does increase compile time:
impl Connection<Disconnected> { fn connect() { } }
impl Connection<Connected> { fn send() { } }
// Compiler generates separate code for eachdyn trait objects for plugin boundariesEach state instantiation can increase binary size:
// This generates TWO copies of process()
fn process<State>(conn: Connection<State>) {
// Complex function body
}
// Called with:
process(Connection::<StateA>::new());
process(Connection::<StateB>::new());Without type-state: 124KB
With 5 states: 142KB (+14%)
With 20 states: 198KB (+60%)// Extract state-independent logic
fn process_common(fd: i32, buffer: &[u8]) {
// Shared code (no monomorphization)
}
impl<State> Connection<State> {
fn process(&self, buffer: &[u8]) {
process_common(self.fd, buffer); // Single copy
}
}All states have the same memory layout:
println!("Disconnected: {} bytes", size_of::<Connection<Disconnected>>());
println!("Connected: {} bytes", size_of::<Connection<Connected>>());
println!("Closing: {} bytes", size_of::<Connection<Closing>>());
// Output:
// Disconnected: 16 bytes
// Connected: 16 bytes
// Closing: 16 bytesType-state is cache-friendly:
// All states have same layout → predictable memory access
let connections: Vec<Connection<Connected>> = vec![...];
for conn in &mut connections {
conn.send(b"data"); // Sequential memory access, cache-friendly
}
// Compare to runtime state:
let connections: Vec<DynamicConnection> = vec![...];
for conn in &mut connections {
if conn.state == State::Connected { // Branch prediction needed
conn.send(b"data");
}
}Type-state: 12.4ms (no branches)
Runtime state: 15.8ms (branch mispredictions)---
Implement a traffic light with three states: Red, Yellow, Green.
Requirements:use std::marker::PhantomData;
struct Red;
struct Yellow;
struct Green;
struct TrafficLight<State> {
_state: PhantomData<State>,
}
impl TrafficLight<Red> {
fn new() -> Self {
TrafficLight { _state: PhantomData }
}
fn duration(&self) -> u32 {
30 // seconds
}
fn next(self) -> TrafficLight<Green> {
TrafficLight { _state: PhantomData }
}
}
impl TrafficLight<Green> {
fn duration(&self) -> u32 {
45 // seconds
}
fn next(self) -> TrafficLight<Yellow> {
TrafficLight { _state: PhantomData }
}
}
impl TrafficLight<Yellow> {
fn duration(&self) -> u32 {
5 // seconds
}
fn next(self) -> TrafficLight<Red> {
TrafficLight { _state: PhantomData }
}
}
// Usage
fn main() {
let light = TrafficLight::<Red>::new();
println!("Red for {} seconds", light.duration());
let light = light.next();
println!("Green for {} seconds", light.duration());
let light = light.next();
println!("Yellow for {} seconds", light.duration());
let light = light.next();
println!("Back to Red for {} seconds", light.duration());
// This won't compile:
// let light = TrafficLight::<Red>::new();
// let light = light.next().next().next().next(); // Error after 3 transitions
}Implement a database transaction with proper state management:
Requirements:use std::marker::PhantomData;
struct Inactive;
struct Active;
struct Committed;
struct RolledBack;
struct Transaction<State> {
id: u64,
connection: DbConnection,
_state: PhantomData<State>,
}
struct DbConnection {
// Mock connection
}
impl DbConnection {
fn execute(&mut self, query: &str) {
println!("Executing: {}", query);
}
}
impl Transaction<Inactive> {
fn new(connection: DbConnection) -> Self {
Transaction {
id: rand::random(),
connection,
_state: PhantomData,
}
}
fn begin(self) -> Transaction<Active> {
println!("BEGIN TRANSACTION {}", self.id);
self.connection.execute("BEGIN");
Transaction {
id: self.id,
connection: self.connection,
_state: PhantomData,
}
}
}
impl Transaction<Active> {
fn query(&mut self, sql: &str) {
println!("Transaction {}: {}", self.id, sql);
self.connection.execute(sql);
}
fn commit(self) -> Transaction<Committed> {
println!("COMMIT TRANSACTION {}", self.id);
self.connection.execute("COMMIT");
Transaction {
id: self.id,
connection: self.connection,
_state: PhantomData,
}
}
fn rollback(self) -> Transaction<RolledBack> {
println!("ROLLBACK TRANSACTION {}", self.id);
self.connection.execute("ROLLBACK");
Transaction {
id: self.id,
connection: self.connection,
_state: PhantomData,
}
}
}
// Terminal states have no methods (except Drop)
impl Transaction<Committed> {
fn id(&self) -> u64 {
self.id
}
}
impl Transaction<RolledBack> {
fn id(&self) -> u64 {
self.id
}
}
// Implement Drop to ensure cleanup
impl<State> Drop for Transaction<State> {
fn drop(&mut self) {
println!("Transaction {} dropped", self.id);
}
}
// Usage
fn main() {
let connection = DbConnection {};
let tx = Transaction::new(connection);
let mut tx = tx.begin();
tx.query("INSERT INTO users VALUES (1, 'Alice')");
tx.query("UPDATE accounts SET balance = 1000 WHERE user_id = 1");
// Commit
let tx = tx.commit();
println!("Transaction {} committed", tx.id());
// Rollback example
let connection2 = DbConnection {};
let tx2 = Transaction::new(connection2).begin();
let tx2 = tx2.rollback();
println!("Transaction {} rolled back", tx2.id());
}Implement an OAuth2 authorization flow with type-safe state transitions:
Requirements:use std::marker::PhantomData;
use std::time::{Duration, SystemTime};
struct Unauthorized;
struct AuthorizationRequested {
state: String,
}
struct TokenReceived;
struct Expired;
struct OAuthClient<State> {
client_id: String,
client_secret: String,
redirect_uri: String,
access_token: Option<String>,
refresh_token: Option<String>,
expires_at: Option<SystemTime>,
_state: PhantomData<State>,
}
impl OAuthClient<Unauthorized> {
fn new(client_id: String, client_secret: String, redirect_uri: String) -> Self {
OAuthClient {
client_id,
client_secret,
redirect_uri,
access_token: None,
refresh_token: None,
expires_at: None,
_state: PhantomData,
}
}
fn request_authorization(
self,
scopes: &[&str],
) -> (OAuthClient<AuthorizationRequested>, String) {
let state = generate_random_state();
let auth_url = format!(
"https://oauth.provider.com/authorize?client_id={}&redirect_uri={}&scope={}&state={}",
self.client_id,
self.redirect_uri,
scopes.join(" "),
state
);
let client = OAuthClient {
client_id: self.client_id,
client_secret: self.client_secret,
redirect_uri: self.redirect_uri,
access_token: None,
refresh_token: None,
expires_at: None,
_state: PhantomData,
};
(client, auth_url)
}
}
impl OAuthClient<AuthorizationRequested> {
fn exchange_code(
self,
code: &str,
state: &str,
) -> Result<OAuthClient<TokenReceived>, OAuthError> {
// In real implementation, verify state matches
// Exchange code for tokens (mock)
let (access_token, refresh_token, expires_in) =
mock_token_exchange(&self.client_id, &self.client_secret, code)?;
Ok(OAuthClient {
client_id: self.client_id,
client_secret: self.client_secret,
redirect_uri: self.redirect_uri,
access_token: Some(access_token),
refresh_token: Some(refresh_token),
expires_at: Some(SystemTime::now() + Duration::from_secs(expires_in)),
_state: PhantomData,
})
}
}
impl OAuthClient<TokenReceived> {
fn make_request(&self, endpoint: &str) -> Result<String, OAuthError> {
// Check if token expired
if let Some(expires_at) = self.expires_at {
if SystemTime::now() >= expires_at {
return Err(OAuthError::TokenExpired);
}
}
let access_token = self.access_token.as_ref().unwrap();
// Make authenticated request (mock)
Ok(format!("Response from {} with token [REDACTED]", endpoint))
}
fn check_expiration(self) -> Result<OAuthClient<TokenReceived>, OAuthClient<Expired>> {
if let Some(expires_at) = self.expires_at {
if SystemTime::now() >= expires_at {
return Err(OAuthClient {
client_id: self.client_id,
client_secret: self.client_secret,
redirect_uri: self.redirect_uri,
access_token: None, // Clear expired token
refresh_token: self.refresh_token,
expires_at: None,
_state: PhantomData,
});
}
}
Ok(self)
}
fn refresh(self) -> Result<OAuthClient<TokenReceived>, OAuthError> {
let refresh_token = self.refresh_token.as_ref()
.ok_or(OAuthError::NoRefreshToken)?;
let (access_token, new_refresh_token, expires_in) =
mock_token_refresh(&self.client_id, &self.client_secret, refresh_token)?;
Ok(OAuthClient {
client_id: self.client_id,
client_secret: self.client_secret,
redirect_uri: self.redirect_uri,
access_token: Some(access_token),
refresh_token: Some(new_refresh_token),
expires_at: Some(SystemTime::now() + Duration::from_secs(expires_in)),
_state: PhantomData,
})
}
}
impl OAuthClient<Expired> {
fn refresh(self) -> Result<OAuthClient<TokenReceived>, OAuthError> {
let refresh_token = self.refresh_token.as_ref()
.ok_or(OAuthError::NoRefreshToken)?;
let (access_token, new_refresh_token, expires_in) =
mock_token_refresh(&self.client_id, &self.client_secret, refresh_token)?;
Ok(OAuthClient {
client_id: self.client_id,
client_secret: self.client_secret,
redirect_uri: self.redirect_uri,
access_token: Some(access_token),
refresh_token: Some(new_refresh_token),
expires_at: Some(SystemTime::now() + Duration::from_secs(expires_in)),
_state: PhantomData,
})
}
}
// Error types
#[derive(Debug)]
enum OAuthError {
TokenExpired,
NoRefreshToken,
ExchangeFailed,
}
// Mock functions
fn generate_random_state() -> String {
"random_state_123".to_string()
}
fn mock_token_exchange(
client_id: &str,
client_secret: &str,
code: &str,
) -> Result<(String, String, u64), OAuthError> {
Ok((
"access_token_abc".to_string(),
"refresh_token_xyz".to_string(),
3600, // 1 hour
))
}
fn mock_token_refresh(
client_id: &str,
client_secret: &str,
refresh_token: &str,
) -> Result<(String, String, u64), OAuthError> {
Ok((
"new_access_token_def".to_string(),
"new_refresh_token_uvw".to_string(),
3600,
))
}
// Usage
fn main() -> Result<(), OAuthError> {
// Start OAuth flow
let client = OAuthClient::new(
"client_123".to_string(),
"secret_456".to_string(),
"https://myapp.com/callback".to_string(),
);
// Request authorization
let (client, auth_url) = client.request_authorization(&["read", "write"]);
println!("Visit: {}", auth_url);
// User authorizes, we get a code
let client = client.exchange_code("auth_code_789", "random_state_123")?;
// Make API requests
let response = client.make_request("/api/user")?;
println!("{}", response);
// Check expiration and refresh if needed
match client.check_expiration() {
Ok(client) => {
// Still valid
println!("Token still valid");
}
Err(expired_client) => {
// Expired, refresh it
let client = expired_client.refresh()?;
println!("Token refreshed");
}
}
Ok(())
}---
Diesel uses type-state extensively to ensure type-safe SQL queries:
// From diesel's query builder
use diesel::prelude::*;
// Each builder method returns a different type
let query = users::table // SelectStatement<...>
.filter(users::age.gt(18)) // SelectStatement<..., WithFilter>
.select(users::name) // SelectStatement<..., WithSelect>
.limit(10); // SelectStatement<..., WithLimit>
// Can only call execute() when query is complete
let results = query.load::<String>(&conn)?;
// This won't compile - can't execute without select:
// users::table.filter(users::age.gt(18)).load(&conn);Tokio's TcpStream uses internal type-state for connection states:
use tokio::net::TcpStream;
// Internally uses type-state for:
// - Connecting
// - Connected
// - Reading
// - Writing
// - Closed
let stream = TcpStream::connect("127.0.0.1:8080").await?;
// Can only read/write after connection succeeds
stream.write_all(b"data").await?;Hyper uses type-state for HTTP message construction:
use hyper::{Request, Body};
let request = Request::builder()
.method("POST")
.uri("https://api.example.com")
.header("Content-Type", "application/json")
.body(Body::from(r#"{"key": "value"}"#))?;
// Can only build() after method and URI are setRusqlite enforces transaction states:
use rusqlite::{Connection, Transaction};
let conn = Connection::open("db.sqlite")?;
let tx = conn.transaction()?; // Returns Transaction type
tx.execute("INSERT INTO ...", params![])?;
tx.commit()?; // Consumes transaction
// Can't use tx here - it's been consumed---
typed-builder cratephantom-type crate documentation---
Key Takeaways:Type-state programming is one of Rust's most powerful techniques for building safe, zero-cost abstractions. By pushing state validation to compile time, we eliminate entire classes of runtime errors while maintaining peak performance.
Run this code in the official Rust Playground