getditto

getditto/safer_ffi

Rust MIT Dev Tools

Write safer FFI code in Rust without polluting it with unsafe code

1k stars
51 forks
slow
GitHub

1k

Stars

51

Forks

47

Open issues

23

Contributors

v0.1.12 01 Aug 2024

AI Analysis

safer_ffi is a Rust framework that enables writing FFI (foreign function interface) code with minimal unsafe blocks, reducing complexity and improving maintainability. It specifically targets Rust developers who need to expose safe, C-compatible APIs without cluttering their codebase with unsafe code. This tool benefits systems programmers, library authors, and teams integrating Rust with C/C++ ecosystems, but is not a general-purpose language or runtime.

Dev Tools Developer Tool Discovery value: 6/10
Documentation 8/10
Activity 7/10
Community 7/10
Code quality 8/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 8/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

ffi rust-safety c-interop systems-programming code-generation
Actively maintained Well documented MIT licensed Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
6d ago

Rust FFI framework that encapsulates unsafe code via macros for safer C interop without manual safety annotations

safer_ffi is a procedural macro framework that abstracts away unsafe FFI boilerplate in Rust by providing `#[derive_ReprC]` and `#[ffi_export]` attributes to generate C-compatible code and headers automatically. Built by Ditto (a distributed database company), it targets teams writing Rust libraries that must expose stable C ABIs without scattering `unsafe` blocks throughout the codebase. Adoption appears concentrated among Rust-to-C FFI authors, particularly those prioritizing maintainability over raw performance.

Origin

Created May 2020 by Getditto, emerging as the company productized its own FFI patterns. Positioned as an alternative to lower-level tools like bindgen and cxx by focusing on abstraction and safety at the Rust-side interface layer rather than C-binding generation or C++ interop.

Growth

Steady but modest growth: 1,046 stars over ~6 years, averaging ~175 stars/year. Recent velocity flat (2 stars in last 7 days as of 2026-07-04), suggesting mature plateau rather than accelerating adoption. Last commit 2026-05-04 indicates ongoing maintenance. No evidence of viral adoption or rapid corporate backing, consistent with it serving a specialized niche.

In production

adoption not verified. Ditto's own use (as the originating company) is likely, but no public case studies, employer testimonials, or downstream crate adoption counts provided. Crates.io presence confirmed but download metrics not accessible from README. Tool is relatively well-documented (user guide, rustdoc, examples), suggesting some professional use, but scale remains opaque.

Code analysis
Architecture

Appears to use procedural macros (#[derive_ReprC], #[ffi_export]) to wrap Rust types and functions, automatically enforcing repr(C) compatibility and generating C headers. Based on README, the framework abstracts pointer conversions and lifetime checks. Likely reduces unsafe surface area by centralizing FFI logic into macro expansions rather than forcing developers to write unsafe blocks inline.

Tests

not documented in README; CI badge shown but specific test strategy not described. Example (`examples/point`) suggests basic functionality is demonstrated but comprehensive coverage claims cannot be verified.

Maintenance

Last push 2026-05-04, ~2 months old relative to analysis date (2026-07-04). Active CI/CD badge indicates ongoing testing. MSRV documented at 1.66.1 (Rust 2021 edition). No abandonment signals; however, low recent star velocity and sparse commit history (typical for a stable, feature-complete tool) suggest maturity rather than active feature development.

Honest verdict

ADOPT IF: you are writing a Rust library that must expose a stable, long-lived C ABI and want to minimize manual unsafe code while auto-generating C headers. AVOID IF: you need C++ interop (use cxx), multi-language bindings (use uniffi), or are calling C from Rust (use bindgen). MONITOR IF: your FFI surface is small or highly performance-sensitive; safer_ffi's macro overhead may not be justified, and raw unsafe blocks + manual headers might be simpler.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

3/10

Risks
  • Adoption remains niche; few public case studies mean limited community feedback on edge cases.
  • Macro-based approach may complicate debugging; generated code expansion errors require familiarity with procedural macros.
  • Likely tied to Rust ecosystem's evolution; breaking changes in procedural macro APIs could require maintenance burden.
  • No evidence of corporate backing beyond Ditto; long-term maintenance depends on company's priorities.
  • Performance overhead of macro-generated wrappers not documented; may not suit latency-critical FFI paths.
Prediction

Will likely remain a stable, well-maintained niche tool for Rust-to-C FFI authors who prioritize code safety and maintainability over raw performance or polyglot interop. Adoption may grow modestly as Rust adoption expands, but unlikely to displace bindgen/cxx due to narrower scope.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Rust
84.3%
JavaScript
4.5%
CSS
2.7%
C#
2.5%
Handlebars
1.7%
C
1.6%
Lua
1.5%
Shell
0.9%

Information

Language
Rust
License
MIT
Last updated
2mo ago
Created
74mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

dtolnay

dtolnay/cxx

CXX is a Rust library that enables safe, zero-overhead FFI (foreign function...

6.8k Rust Dev Tools
rust-lang

rust-lang/rust-bindgen

rust-bindgen automatically generates Rust FFI bindings to C and C++ libraries,...

5.2k Rust Dev Tools
mozilla

mozilla/uniffi-rs

UniFFI is a multi-language bindings generator for Rust that enables developers...

4.8k Rust Dev Tools
rust-lang

rust-lang/libc

libc provides raw FFI bindings to platform system libraries for Rust, enabling...

2.6k Rust Dev Tools
vs. alternatives
dtolnay/cxx

cxx (6,760 stars) targets C++ interop and bidirectional C++ ↔ Rust. safer_ffi focuses on pure C. cxx is more mature and adopted; safer_ffi may be lighter-weight for C-only use cases.

rust-lang/rust-bindgen

bindgen (5,219 stars) generates Rust bindings from C headers (C → Rust). safer_ffi exports Rust to C (Rust → C). Complementary rather than directly competing; many projects use both.

mozilla/uniffi-rs

uniffi (4,757 stars) generates bindings to multiple languages (Python, Swift, Kotlin, etc.). safer_ffi is C-specific and lower-level. uniffi is higher-level, safer_ffi closer to the metal.

rust-lang/libc

libc (2,564 stars) is a type definitions crate for C interop. safer_ffi builds atop such tools with ergonomic wrappers. Different abstraction layers; not direct alternatives.