The kernel never trusts you. Every system call crosses a hardware-enforced privilege boundary — and that boundary is the most important invariant in the entire OS.

An operating system is a collection of invariants — promises the kernel makes to every program. This post names them.

Closures capture their environment under the same ownership rules as everything else in Rust. Iterators are lazy, composable, and compile down to the same code as hand-written loops. Functional style, systems performance.

Vec, String, and HashMap are the workhorses of Rust. Each one owns its data on the heap and enforces invariants the compiler alone can't — contiguous memory, valid UTF-8, unique keys.

Lifetimes are the compiler's proof that every reference points to valid data. You don't control how long things live — you help the compiler verify that references never outlive what they point to.

Generics let you write code that works for many types without sacrificing type safety or performance. The compiler generates specialized code for each concrete type — zero cost, full safety.

Traits define shared behavior across types — and the compiler guarantees every type that claims to implement a trait actually does. This is polymorphism with compile-time proof, not runtime hope.

Rust splits errors into two categories: unrecoverable (panic) and recoverable (Result). The compiler forces you to handle the recoverable ones. You cannot ignore a Result — the type system won't let you.

Enums let you define a type by listing its possible variants. match forces you to handle every single one. The compiler guarantees you never forget a case — and Option guarantees you never forget about absence.

Invariants aren't just for distributed systems. They're in every parser, every format, every function boundary. Here's where I found them while implementing TOON in Rust.