DEV Community

Neural Download
Neural Download

Posted on

Rust

#rustrustprogramminglanguagebor

https://www.youtube.com/watch?v=Sy5YlVEW3N4

Rust is in places you probably don't think about. AWS Firecracker, the microVM your Lambda runs on, has been written in it since 2017. Cloudflare's edge proxy Pingora handles a trillion requests a day in Rust. Discord rewrote their hottest read path. The new Python tooling — uv and ruff from Charlie Marsh's Astral — is Rust all the way down. The Linux kernel started accepting Rust code in 6.1.

Five extremely serious infrastructure teams reached for the same language at roughly the same time. That is not a meme. So what is its actual deal?

The bug class it kills

When people say Rust is safe, they don't mean it kills all bugs. They mean a specific class. Five of them, mostly:

  • Use after free — return a pointer to memory that's been freed; next caller reads garbage.
  • Double free — release the same allocation twice; heap bookkeeping corrupts under load.
  • Data race — two threads touch shared memory without coordinating; you read values nobody wrote.
  • Null pointer dereference — the thing that crashes your service at 3 AM.
  • Buffer overflow — the bug class that owned the security industry from the nineties to roughly now.

Microsoft's Security Response Center analyzed the CVEs they assigned from 2006 through 2018. Around 70% were memory-safety bugs. Chromium ran the same analysis on a completely different codebase. Same number. Two of the largest C/C++ codebases on Earth, two independent counts, one answer.

Rust eliminates that whole class by construction. Not by tooling, not by fuzzers, not by linters — at compile time, before the binary exists.

The three rules nobody draws

The borrow checker isn't strict. It enforces three concrete rules:

  1. Each value has exactly one owner. When the owner goes out of scope, the value is dropped. The compiler inserts the deallocation statically — there's no garbage collector running at runtime to figure it out.

  2. You can have many readers, or one writer. Never both. Niko Matsakis, who designed the borrow checker, calls this mutation XOR sharing. Three words, the entire model.

  3. A reference can't outlive what it points at. The compiler tracks lifetimes and refuses to compile a reference that would survive its target.

Most languages let ownership stay implicit. Rust forces you to encode it in the type system. The friction in your first month is that encoding work. The payoff is bugs that never make it to runtime.

There's an opt-out. Write unsafe and the compiler stops checking. But you have to ask for it, and inside that block you own the safety contract.

Speed is a side effect of safety

Most explainers tell you Rust is fast and safe, like those are two parallel features the language happened to ship together. Wrong frame.

Watch the actual chain:

  • Rule one says exactly one owner, so the compiler always knows when each value dies.
  • So the compiler can statically insert the deallocation, like a destructor.
  • So there's no traced collector at runtime, no pause-the-world step, no GC tax.
  • So the program a Rust compiler emits has the same memory layout a C compiler would emit. Same speed, with proven safety.

Speed isn't a parallel feature. Speed is a side effect of safety.

The receipt: Discord's 2020 post on rewriting their Read States service from Go to Rust. Their Go version was getting latency spikes "roughly every 2 minutes" — Go's garbage collector forcing collection cycles even when nothing needed collecting. Rust version: zero spikes. Average response time dropped to microseconds. They didn't pick Rust because it was cool; they picked it because the GC tax was a structural cost they couldn't optimize away in Go.

Where the hype is real, where it's overblown

Real: kernels, browsers, embedded firmware, edge proxies, hypervisors that run other people's code, anywhere a 2 ms p99 spike costs real money. Anywhere a memory bug is a security incident, not just a crash. The math always checks out for blast-radius-critical hot paths.

Overblown: most web app backends. If your bottleneck is the database, the borrow checker tax doesn't pay you back. Go and Java and TypeScript will keep working fine for that shape of work. Discord rewrote one hot-path microservice — not their entire web app. The post got read as "rewrite everything in Rust." That isn't what they did.

Rust isn't perfect either. Async Rust still has rough edges, the GUI story isn't settled, and learning the borrow checker takes weeks. How long Rust stays in this position is a real question.

The heuristic

Next time it comes up in your team, ask: is this a blast-radius-critical hot path, or are we chasing a meme? If it's a hot path where memory bugs are security incidents and a 2 ms pause costs money — the math probably checks out. If it's a CRUD endpoint where the latency budget is 200 ms — almost certainly not.

Adoption is real, you can name five places. The bug class it kills is the 70% class. The mechanism is three rules. And the speed comes free, because compile-time enforcement is what removes the GC entirely.

That's its deal.

Top comments (0)