The C to Rust Migration Book
Migrate from C to Rust without breaking the world
Securing and modernizing software is a top priority today. Tech debt and memory-safety bugs remain the largest sources of vulnerabilities, which is why teams increasingly turn to Rust for its reliability and memory safety. But rewrites are hard, scary, and carry a lot of risk. Mainmatter assembled our experience from helping clients successfully modernize some of the worlds most important software into this book.
Whether you rewrite a self-contained library from scratch or incrementally migrate a large, complex codebase that keeps changing, this book teaches you the techniques to succeed. You will learn how to maintain a safe mixed C-Rust codebase, design and structure clean APIs, and translate common C idioms into idiomatic Rust.
The C to Rust Migration Book
Start the course
This book is built around our philosophy of self-paced learning. Each concept is paired with an exercise you solve in a real Rust package, with a test suite that checks your solution.
It assumes prior knowledge of Rust and some C. No prior FFI experience required. That's what the course teaches.
By the end you'll be ready to introduce Rust into a C codebase in a productive way.
Table of contents
Foreign Function Interfaces
The fundamentals of FFI: how C and Rust communicate at the binary level through the C ABI, symbol tables, and the linker. You'll write your first extern "C" blocks by hand and see what you're promising the compiler when you declare a binding, and what goes wrong when the signature doesn't match.
Types and Data Across the Boundary
How to move primitive values, strings, structs, and collections across the language boundary while keeping ownership clear. You'll use bindgen to generate Rust bindings from C headers, and cheadergen, Mainmatter's tool for the reverse direction, to generate C headers from your Rust code, and configure both for non-trivial types.
FFI-Safe Types
Raw pointers and untyped primitives are a major source of bugs at the FFI boundary. You'll learn safer alternatives: NonNull, Option, newtype wrappers, and enum discriminants that carry meaning instead of bare values, and how to design types that make invalid states unrepresentable even when talking to C code that has no type safety of its own.
FFI validation
Every FFI function is a trust boundary. C callers can pass null pointers, out-of-range values, or invalid UTF-8, and Rust can't catch that at compile time. You'll build the discipline of validating and narrowing inputs at the boundary, so invalid data from C never reaches safe Rust or your business logic.
Error Handling and API Design
Rust's Result and ? stop at extern "C". You'll convert Rust error types into C-compatible results with error-code enums and out-parameters, and surface failure information without leaking Rust internals. You'll also learn to expose coarse operations rather than per-field setters and keep your API surface small.
Production-Quality FFI
You'll document FFI functions with Rust's /// # Safety convention and numbered invariants, so every unsafe contract is explicit and surfaces as C doc comments in the generated headers via cheadergen. We cover build integration, automated checks, and treating your FFI surface as an API you'll maintain forever.
About the author
Facing Rust challenges and need a helping hand?
Mainmatter is an engineering consultancy specializing in Rust. We offer engineering services, training, and mentorship to companies that aim to migrate from C to Rust or introduce Rust into an existing codebase.
We can help with complex C-to-Rust migrations, reliability issues, training, and skill gaps.
Contact us
Community
EuroRust 2026
EuroRust is a two-day conference for all things Rust, plus two more days of side activities, workshops, and hackathons. Join us in October in Barcelona.
Get your ticket