Rust (programming language)

Rust began as a personal project by Mozilla employee Graydon Hoare in 2006, who started the project due to his frustration with a broken elevator in his apartment building.^[15] Hoare named Rust after the group of fungi that is "over-engineered for survival".^[15] During the time period between 2006 and 2009, Rust was not publicized to others at Mozilla and was written in Hoare's free time;^[16]: 7:50 Hoare began speaking about the language around 2009 after a small group at Mozilla became interested in the project.^[17] Hoare cited languages from the 1970s, 1980s, and 1990s as influences — including CLU, BETA, Mesa, NIL,^{[note 4]} Erlang, Newsqueak, Napier, Hermes, Sather, Alef, and Limbo.^[17] He described the language as "technology from the past come to save the future from itself."^{[16]: 8:17 [17]} Early Rust developer Manish Goregaokar similarly described Rust as being based on "mostly decades-old research."^[15]

During the early years, the Rust compiler was written in about 38,000 lines of OCaml.^{[16]: 15:34 [18]} Features of early Rust that were later removed include explicit object-oriented programming via an obj keyword,^{[16]: 10:08} and a typestates system that would allow variables of a type to be tracked along with state changes (such as going from uninitialized to initialized).^{[16]: 13:12}

Mozilla officially sponsored the Rust project in 2009.^[15] Brendan Eich and other executives, intrigued by the possibility of using Rust for a safe web browser engine, placed engineers on the project including Patrick Walton, Niko Matsakis, Felix Klock, and Manish Goregaokar.^[15] A conference room taken by the project developers was dubbed "the nerd cave," with a sign placed outside the door.^[15]

During this time period, work had shifted from the initial OCaml compiler to a self-hosting compiler, i.e., written in Rust, based on LLVM.^{[19][note 5]} The Rust ownership system was also in place by 2010.^[15]

The first public release, Rust 0.1, was released on January 20, 2012^[21] for Windows, Linux, and MacOS.^[22] The early 2010s saw increasing involvement from open source volunteers outside of Mozilla and outside of the United States. At Mozilla, executives would eventually employ over a dozen engineers to work on Rust full time over the next decade.^[15] The Rust logo was developed in 2011 based on a bicycle chainring.^[23]

The years from 2012 to 2015 were marked by substantial changes to the Rust type system, including the removal of the typestate system and garbage collector.^{[16]: 18:36 [15]} Memory management through the ownership system was gradually consolidated and expanded to prevent memory-related bugs. By 2013, the garbage collector feature was rarely used, and was removed by the team in favor of the ownership system.^[15] Other changes during this time included the removal of pure functions, which were declared by an explicit pure annotation, in March 2013.^[24] Specialized syntax support for channels and various pointer types were removed to simplify the language.^{[16]: 22:32}

According to Rust developer Steve Klabnik, Rust was influenced during this period by developers coming from C++ (e.g., low-level performance of features), scripting languages (e.g., Cargo and package management), and functional programming (e.g., type systems development).^{[16]: 30:50}

Graydon Hoare stepped down from Rust in 2013.^[15] After Hoare's departure, it evolved organically under a federated governance structure, with a "core team" of initially six people,^{[16]: 21:45} around 30-40 developers total across various other teams,^{[16]: 22:22} and a Request for Comments (RFC) process for new language features added in March 2014.^{[16]: 33:47} The core team would grow to nine people by 2016^{[16]: 21:45} with over 1600 proposed RFCs.^{[16]: 34:08}

According to Andrew Binstock writing for Dr. Dobb's Journal in January 2014, while Rust was "widely viewed as a remarkably elegant language", adoption slowed because it radically changed from version to version.^[25] Rust development at this time was focused on finalizing the language features and moving towards 1.0 so it could begin promising backward compatibility.^{[16]: 41:26}

Six years after Mozilla sponsored its development, the first stable release, Rust 1.0, was published on May 15, 2015.^[15] A year after the release, the Rust compiler had accumulated over 1,400 contributors and there were over 5,000 third-party libraries published on the Rust package management website Crates.io.^{[16]: 43:15}

The development of the Servo browser engine continued in parallel with Rust, jointly funded by Mozilla and Samsung.^[26] The teams behind the two projects worked in close collaboration; new features in Rust were tested out by the Servo team, and new features in Servo were used to give feedback back to the Rust team.^[16]: 5:41 The first version of Servo was released in 2016.^[15] The Firefox web browser shipped with Rust code as of 2016 (version 45),^{[16]: 53:30 [27]} but components of Servo did not appear in Firefox until September 2017 (version 57) as part of the Gecko and Quantum projects.^[28]

Improvements were made to the Rust toolchain ecosystem during the years following 1.0 including Rustfmt, integrated development environment integration,^{[16]: 44:56} and a regular compiler testing and release cycle.^{[16]: 46:48} Rust also gained a community code of conduct and an IRC chat for community discussion.^{[16]: 50:36}

The earliest known adoption outside of Mozilla was by individual projects at Samsung, Facebook (now Meta Platforms), Dropbox, and Tilde, Inc. (the company behind ember.js).^{[16]: 55:44 [15]} Amazon Web Services followed in 2020.^[15] Engineers acknowledged the risks of adopting a new technology; they cited performance, lack of a garbage collector, safety, and pleasantness of working in the language as reasons for the adoption. Amazon developers cited a finding by Portuguese researchers that Rust code used less energy compared to similar code written in Java.^[15][29]

In August 2020, Mozilla laid off 250 of its 1,000 employees worldwide, as part of a corporate restructuring caused by the COVID-19 pandemic.^[30][31] The team behind Servo was disbanded. The event raised concerns about the future of Rust.^[32] In the following week, the Rust Core Team acknowledged the severe impact of the layoffs and announced that plans for a Rust foundation were underway. The first goal of the foundation would be to take ownership of all trademarks and domain names and to take financial responsibility for their costs.^[33]

On February 8, 2021, the formation of the Rust Foundation was announced by five founding companies: Amazon Web Services, Google, Huawei, Microsoft, and Mozilla.^[34][35] The foundation would provide financial support for Rust developers in the form of grants and server funding.^[15] In a blog post published on April 6, 2021, Google announced support for Rust within the Android Open Source Project as an alternative to C/C++.^[36]

On November 22, 2021, the Moderation Team, which was responsible for enforcing the community code of conduct, announced their resignation "in protest of the Core Team placing themselves unaccountable to anyone but themselves".^[37] In May 2022, the Rust Core Team, other lead programmers, and members of the Rust Foundation board implemented governance reforms in response to the incident.^[38]

The Rust Foundation posted a draft for a new trademark policy on April 6, 2023, which resulted in widespread negative reactions from Rust users and contributors.^[39] The trademark policy included rules for how the Rust logo and name could be used.^[39]

On February 26, 2024, the U.S. White House Office of the National Cyber Director released a 19-page press report urging software development to move away from C and C++ to memory-safe languages like C#, Go, Java, Ruby, Swift, and Rust.^[40][41][42]

Rust's syntax is similar to that of C and C++,^[43][44] although many of its features were influenced by functional programming languages such as OCaml.^[45] Hoare has described Rust as targeted at frustrated C++ developers and emphasized features such as safety, control of memory layout, and concurrency.^[17] Safety in Rust includes the guarantees of memory safety, type safety, and lack of data races.

Below is a "Hello, World!" program in Rust. The fn keyword denotes a function, and the println! macro (see § Macros) prints the message to standard output.^[46] Statements in Rust are separated by semicolons.

fn main() {
    println!("Hello, World!");
}

Variables in Rust are defined through the let keyword.^[47] The example below assigns a value to the variable with name foo of type i32 and outputs its value; the type annotation : i32 can also be omitted.

fn main() {
    let foo: i32 = 10;
    println!("The value of foo is {foo}");
}

Variables are immutable by default, but adding the mut keyword allows the variable to be mutated.^[48] The following example uses //, which denotes the start of a comment.^[49]

fn main() {
    // This code would not compile without adding "mut".
    let mut foo = 10; 
    println!("The value of foo is {foo}");
    foo = 20;
    println!("The value of foo is {foo}");
}

Multiple let expressions can define multiple variables with the same name, known as variable shadowing. Variable shadowing allows transforming variables without having to name the variables differently.^[50] The example below declares a new variable with the same name that is double the original value:

fn main() {
    let foo = 10;
    // This will output "The value of foo is 10"
    println!("The value of foo is {foo}");
    let foo = foo * 2;
    // This will output "The value of foo is 20"
    println!("The value of foo is {foo}");
}

Variable shadowing is also possible for values of different types. For example, going from a string to its length:

fn main() {
    let letters = "abc";
    let letters = letters.len();
}

A block expression is delimited by curly brackets. When the last expression inside a block does not end with a semicolon, the block evaluates to the value of that trailing expression:^[51]

fn main() {
    let x = {
        println!("this is inside the block");
        1 + 2
    };
    println!("1 + 2 = {x}");
}

Trailing expressions of function bodies are used as the return value:^[52]

fn add_two(x: i32) -> i32 {
    x + 2
}

An if conditional expression executes code based on whether the given value is true. else can be used for when the value evaluates to false, and else if can be used for combining multiple expressions.^[53]

fn main() {
    let x = 10;
    if x > 5 {
        println!("value is greater than five");
    }

    if x % 7 == 0 {
        println!("value is divisible by 7");
    } else if x % 5 == 0 {
        println!("value is divisible by 5");
    } else {
        println!("value is not divisible by 7 or 5");
    }
}

if and else blocks can evaluate to a value, which can then be assigned to a variable:^[53]

fn main() {
    let x = 10;
    let new_x = if x % 2 == 0 { x / 2 } else { 3 * x + 1 };
    println!("{new_x}");
}

while can be used to repeat a block of code while a condition is met.^[54]

fn main() {
    // Iterate over all integers from 4 to 10
    let mut value = 4;
    while value <= 10 {
         println!("value = {value}");
         value += 1;
    }
}

For loops in Rust loop over elements of a collection.^[55] for expressions work over any iterator type.

fn main() {
    // Using `for` with range syntax for the same functionality as above
    // The syntax 4..=10 means the range from 4 to 10, up to and including 10.
    for value in 4..=10 {
        println!("value = {value}");
    }
}

In the above code, 4..=10 is a value of type Range which implements the Iterator trait. The code within the curly braces is applied to each element returned by the iterator.

Iterators can be combined with functions over iterators like map, filter, and sum. For example, the following adds up all numbers between 1 and 100 that are multiples of 3:

(1..=100).filter(|x: &u32| -> bool { x % 3 == 0 }).sum()

More generally, the loop keyword allows repeating a portion of code until a break occurs. break may optionally exit the loop with a value. In the case of nested loops, labels denoted by 'label_name can be used to break an outer loop rather than the innermost loop.^[56]

fn main() {
    let value = 456;
    let mut x = 1;
    let y = loop {
        x *= 10;
        if x > value {
            break x / 10;
        }
    };
    println!("largest power of ten that is smaller than or equal to value: {y}");

    let mut up = 1;
    'outer: loop {
        let mut down = 120;
        loop {
            if up > 100 {
                break 'outer;
            }

            if down < 4 {
                break;
            }

            down /= 2;
            up += 1;
            println!("up: {up}, down: {down}");
        }
        up *= 2;
    }
}

The match and if let expressions can be used for pattern matching. For example, match can be used to double an optional integer value if present, and return zero otherwise:^[57]

fn double(x: Option<u64>) -> u64 {
    match x {
        Some(y) => y * 2,
        None => 0,
    }
}

Equivalently, this can be written with if let and else:

fn double(x: Option<u64>) -> u64 {
    if let Some(y) = x {
        y * 2
    } else {
        0
    }
}

Rust is strongly typed and statically typed, meaning that the types of all variables must be known at compilation time. Assigning a value of a particular type to a differently typed variable causes a compilation error. Type inference is used to determine the type of variables if unspecified.^[58]

The type (), called the "unit type" in Rust, is a concrete type that has exactly one value. It occupies no memory (as it represents the absence of value). All functions that do not have an indicated return type implicitly return (). It is similar to void in other C-style languages, however void denotes the absence of a type and cannot have any value.

The default integer type is i32, and the default floating point type is f64. If the type of a literal number is not explicitly provided, it is either inferred from the context or the default type is used.^[59]

Integer types in Rust are named based on the signedness and the number of bits the type takes. For example, i32 is a signed integer that takes 32 bits of storage, whereas u8 is unsigned and only takes 8 bits of storage. isize and usize take storage depending on the memory address bus width of the compilation target. For example, when building for 32-bit targets, both types will take up 32 bits of space.^[60][61]

By default, integer literals are in base-10, but different radices are supported with prefixes, for example, 0b11 for binary numbers, 0o567 for octals, and 0xDB for hexadecimals. By default, integer literals default to i32 as its type. Suffixes such as 4u32 can be used to explicitly set the type of a literal.^[62] Byte literals such as b'X' are available to represent the ASCII value (as a u8) of a specific character.^[63]

The Boolean type is referred to as bool which can take a value of either true or false. A char takes up 32 bits of space and represents a Unicode scalar value:^[64] a Unicode codepoint that is not a surrogate.^[65] IEEE 754 floating point numbers are supported with f32 for single precision floats and f64 for double precision floats.^[66]

Compound types can contain multiple values. Tuples are fixed-size lists that can contain values whose types can be different. Arrays are fixed-size lists whose values are of the same type. Expressions of the tuple and array types can be written through listing the values, and can be accessed with .index or [index]:^[67]

let tuple: (u32, bool) = (3, true);
let array: [i8; 5] = [1, 2, 3, 4, 5];
let value = tuple.1; // true
let value = array[2]; // 3

Arrays can also be constructed through copying a single value a number of times:^[68]

let array2: [char; 10] = [' '; 10];

Rust's ownership system consists of rules that ensure memory safety without using a garbage collector. At compile time, each value must be attached to a variable called the owner of that value, and every value must have exactly one owner.^[69] Values are moved between different owners through assignment or passing a value as a function parameter. Values can also be borrowed, meaning they are temporarily passed to a different function before being returned to the owner.^[70] With these rules, Rust can prevent the creation and use of dangling pointers:^[70][71]

fn print_string(s: String) {
    println!("{}", s);
}

fn main() {
    let s = String::from("Hello, World");
    print_string(s); // s consumed by print_string
    // s has been moved, so cannot be used any more
    // another print_string(s); would result in a compile error
}

The function print_string takes ownership over the String value passed in; Alternatively, & can be used to indicate a reference type (in &String) and to create a reference (in &s):^[72]

fn print_string(s: &String) {
    println!("{}", s);
}

fn main() {
    let s = String::from("Hello, World");
    print_string(&s); // s borrowed by print_string
    print_string(&s); // s has not been consumed; we can call the function many times
}

Because of these ownership rules, Rust types are known as linear or affine types, meaning each value can be used exactly once. This enforces a form of software fault isolation as the owner of a value is solely responsible for its correctness and deallocation.^[73]

When a value goes out of scope, it is dropped by running its destructor. The destructor may be programmatically defined through implementing the Drop trait. This helps manage resources such as file handles, network sockets, and locks, since when objects are dropped, the resources associated with them are closed or released automatically.^[74]

Object lifetime refers to the period of time during which a reference is valid; that is, the time between the object creation and destruction.^[75] These lifetimes are implicitly associated with all Rust reference types. While often inferred, they can also be indicated explicitly with named lifetime parameters (often denoted 'a, 'b, and so on).^[76]

Lifetimes in Rust can be thought of as lexically scoped, meaning that the duration of an object lifetime is inferred from the set of locations in the source code (i.e., function, line, and column numbers) for which a variable is valid.^[77] For example, a reference to a local variable has a lifetime corresponding to the block it is defined in:^[77]

fn main() {
    let x = 5;                // ------------------+- Lifetime 'a
                              //                   |
    let r = &x;               // -+-- Lifetime 'b  |
                              //  |                |
    println!("r: {}", r);     //  |                |
                              //  |                |
                              // -+                |
}                             // ------------------+

The borrow checker in the Rust compiler then enforces that references are only used in the locations of the source code where the associated lifetime is valid.^[78][79] In the example above, storing a reference to variable x in r is valid, as variable x has a longer lifetime ('a) than variable r ('b). However, when x has a shorter lifetime, the borrow checker would reject the program:

fn main() {
    let r;                    // ------------------+- Lifetime 'a
                              //                   |
    {                         //                   |
        let x = 5;            // -+-- Lifetime 'b  |
        r = &x; // ERROR: x does  |                |
    }           // not live long -|                |
                // enough                          |
    println!("r: {}", r);     //                   |
}                             // ------------------+

Since the lifetime of the referenced variable ('b) is shorter than the lifetime of the variable holding the reference ('a), the borrow checker errors, preventing x from being used from outside its scope.^[80]

Lifetimes can be indicated using explicit lifetime parameters on function arguments. For example, the following code specifies that the reference returned by the function has the same lifetime as original (and not necessarily the same lifetime as prefix):^[81]

fn remove_prefix<'a>(mut original: &'a str, prefix: &str) -> &'a str {
    if original.starts_with(prefix) {
        original = original[prefix.len()..];
    }
    original
}

In the compiler, ownership and lifetimes work together to prevent memory safety issues such as dangling pointers.^[82][83]

User-defined types are created with the struct or enum keywords. The struct keyword is used to denote a record type that groups multiple related values.^[84] enums can take on different variants at runtime, with its capabilities similar to algebraic data types found in functional programming languages.^[85] Both records and enum variants can contain fields with different types.^[86] Alternative names, or aliases, for the same type can be defined with the type keyword.^[87]

The impl keyword can define methods for a user-defined type. Data and functions are defined separately. Implementations fulfill a role similar to that of classes within other languages.^[88]

The Rust standard library defines and implements many widely used custom data types, including core data structures such as Vec, Option, and HashMap, as well as smart pointer types. Rust also provides a way to exclude most of the standard library using the attribute #![no_std], for applications such as embedded devices. Internally, the standard library is divided into three parts, core, alloc, and std, where std and alloc are excluded by #![no_std].^[89]

Rust uses the option type Option<T> to define optional values, which can be matched using if let or match to access the inner value:^[90]

fn main() {
    let name1: Option<&str> = None;
    // In this case, nothing will be printed out
    if let Some(name) = name1 {
        println!("{name}");
    }

    let name2: Option<&str> = Some("Matthew");
    // In this case, the word "Matthew" will be printed out
    if let Some(name) = name2 {
        println!("{name}");
    }
}

Similarly, Rust's result type Result<T, E> holds either a successfully computed value (the Ok variant) or an error (the Err variant)^[91]. Like Option, the use of Result means that the inner value cannot be used directly; programmers must use a match expression, syntactic sugar such as ? (the “try” operator), or an explicit unwrap assertion to access it. Both Option and Result are used throughout the standard library and are a fundamental part of Rust's explicit approach to handling errors and missing data.

The & and &mut reference types are guaranteed to not be null and point to valid memory.^[92] The raw pointer types *const and *mut opt out of the safety guarantees, thus they may be null or invalid; however, it is impossible to dereference them unless the code is explicitly declared unsafe through the use of an unsafe block.^[93] Unlike dereferencing, the creation of raw pointers is allowed inside safe Rust code.^[94]

let x: i32 = 1000;
println!("1000 as a u16 is: {}", x as u16);

Rust supports bounded parametric polymorphism through traits and generic functions.^[96] Common behavior between types may be declared using traits and impls:^[97]

trait Zero: Sized {
    fn zero() -> Self;
    fn is_zero(&self) -> bool
    where
        Self: PartialEq,
    {
        self == &Zero::zero()
    }
}

impl Zero for u32 {
    fn zero() -> u32 { 0 }
}

impl Zero for f32 {
    fn zero() -> Self { 0.0 }
}

The example above also includes a method is_zero which provides a default implementation that is not required when implementing the trait.^[97]

A function can then be made generic by adding type parameters inside angle brackets (<Num>), which only allow types that implement the trait:

// zero is a generic function with one type parameter, Num
fn zero<Num: Zero>() -> Num {
    Num::zero()
}

fn main() {
    let a: u32 = zero();
    let b: f32 = zero();
    assert!(a.is_zero() && b.is_zero());
}

In the examples above, Num: Zero as well as where Self: PartialEq are trait bounds that constrain the type to only allow types that implement Zero or PartialEq.^[97] Within a trait or impl, Self refers to the type that the code is implementing.^[98]

Generics can be used in functions to allow implementing a behavior for different types without repeating the same code. Generic functions can be written in relation to other generics, without knowing the actual type.^[99]

Rust supports two ways to call trait methods. With generics and trait bounds, calls use static dispatch: the compiler monomorphizes the function for each concrete type, yielding performance comparable to hand-written, type-specific code, at the cost of longer compile times and potentially larger binaries.^[100] When the exact type is not known at compile time, or when heterogeneous collections are needed, Rust provides trait objects (e.g., &dyn Trait, Box<dyn Trait>). Trait-object calls use dynamic dispatch via a vtable; a trait object is a "fat pointer" carrying both a data pointer and a method table pointer.^[100] This indirection can inhibit inlining and add a small runtime cost, but it keeps a single copy of the code and can reduce binary size. Only object-safe traits are eligible to be used as trait objects.^[101]

However, Rust also uses a feature known as trait objects to accomplish dynamic dispatch, a type of polymorphism where the implementation of a polymorphic operation is chosen at runtime. This allows for behavior similar to duck typing, where all data types that implement a given trait can be treated as functionally equivalent.^[102] Trait objects are declared using the syntax dyn Tr where Tr is a trait. Trait objects are dynamically sized, therefore they must be put behind a pointer, such as Box.^[103] The following example creates a list of objects where each object can be printed out using the Display trait:

use std::fmt::Display;

let v: Vec<Box<dyn Display>> = vec![
    Box::new(3),
    Box::new(5.0),
    Box::new("hi"),
];

for x in v {
    println!("{x}");
}

If an element in the list does not implement the Display trait, it will cause a compile-time error.^[104]

Rust is designed to be memory safe. It does not permit null pointers, dangling pointers, or data races.^{[105][106][107][108]} Data values can be initialized only through a fixed set of forms, all of which require their inputs to be already initialized.^[109]

Rust does not use garbage collection. Memory and other resources are instead managed through the "resource acquisition is initialization" convention,^[110] with optional reference counting. Rust provides deterministic management of resources, with very low overhead.^[111] Values are allocated on the stack by default, and all dynamic allocations must be explicit.^[112]

The built-in reference types using the & symbol do not involve run-time reference counting. The safety and validity of the underlying pointers is verified at compile time, preventing dangling pointers and other forms of undefined behavior.^[113] Rust's type system separates shared, immutable references of the form &T from unique, mutable references of the form &mut T. A mutable reference can be coerced to an immutable reference, but not vice versa.^[114]

Rust's memory safety checks may be circumvented through the use of unsafe blocks. This allows programmers to dereference arbitrary raw pointers, call external code, or perform other low-level functionality not allowed by safe Rust.^[115] Some low-level functionality enabled in this way includes volatile memory access, architecture-specific intrinsics, type punning, and inline assembly.^[116]

Unsafe code is sometimes needed to implement complex data structures.^[117] A frequently cited example is that it is difficult or impossible to implement doubly linked lists in safe Rust.^{[118][119][120][121]}

Programmers using unsafe Rust are considered responsible for upholding Rust's memory and type safety requirements, for example, that no two mutable references exist pointing to the same location.^[122] If programmers write code which violates these requirements, this results in undefined behavior.^[122] The Rust documentation includes a list of behavior considered undefined, including accessing dangling or misaligned pointers, or breaking the aliasing rules for references.^[123]

Macros allow generation and transformation of Rust code to reduce repetition. Macros come in two forms, with declarative macros defined through macro_rules!, and procedural macros, which are defined in separate crates.^[124][125]

A declarative macro (also called a "macro by example") is a macro, defined using the macro_rules! keyword, that uses pattern matching to determine its expansion.^[126][127] Below is an example that sums over all its arguments:

macro_rules! sum {
    ( $initial:expr $(, $expr:expr )* $(,)? ) => {
        $initial $(+ $expr)*
    }
}

fn main() {
    let x = sum!(1, 2, 3);
    println!("{x}"); // prints 6
}

Procedural macros are Rust functions that run and modify the compiler's input token stream, before any other components are compiled. They are generally more flexible than declarative macros, but are more difficult to maintain due to their complexity.^[128][129]

Procedural macros come in three flavors:

• Function-like macros custom!(...)
• Derive macros #[derive(CustomDerive)]
• Attribute macros #[custom_attribute]

Rust supports the creation of foreign function interfaces (FFI) through the extern keyword. A function that uses the C calling convention can be written using extern "C" fn. Symbols can be exported from Rust to other languages through the #[no_mangle] attribute, and symbols can be imported into Rust through extern blocks:^{[note 6][131]}

#[no_mangle]
pub extern "C" fn exported_from_rust(x: i32) -> i32 { x + 1 }
unsafe extern "C" {
    fn imported_into_rust(x: i32) -> i32;
}

The #[repr(C)] attribute enables deterministic memory layouts for structs and enums for use across FFI boundaries.^[131] External libraries such as bindgen and cxx can generate Rust bindings for C/C++.^[131][132]

The Rust ecosystem includes its compiler, its standard library, and additional components for software development. Component installation is typically managed by rustup, a Rust toolchain installer developed by the Rust project.^[133]

The Rust compiler, rustc, compiles Rust code into binaries. First, the compiler parses the source code into an AST. Next, this AST is lowered to IR. The compiler backend is then invoked as a subcomponent to apply optimizations and translate the resulting IR into object code. Finally, a linker is used to combine the object(s) into a single executable image.^[134]

rustc uses LLVM as its compiler backend by default, but it also supports using alternative backends such as GCC and Cranelift.^[135] The intention of those alternative backends is to increase platform coverage of Rust or to improve compilation times.^[136][137]

Cargo is Rust's build system and package manager. It downloads, compiles, distributes, and uploads packages—called crates—that are maintained in an official registry. It also acts as a front-end for Clippy and other Rust components.^[138]

By default, Cargo sources its dependencies from the user-contributed registry crates.io, but Git repositories, crates in the local filesystem, and other external sources can also be specified as dependencies.^[139]

Rustfmt is a code formatter for Rust. It formats whitespace and indentation to produce code in accordance with a common style, unless otherwise specified. It can be invoked as a standalone program, or from a Rust project through Cargo.^[140]

Clippy is Rust's built-in linting tool to improve the correctness, performance, and readability of Rust code. As of 2025^[update], it has 795 rules.^[141][142]

Following Rust 1.0, new features are developed in nightly versions which are released daily. During each six-week release cycle, changes to nightly versions are released to beta, while changes from the previous beta version are released to a new stable version.^[143]

Every two or three years, a new "edition" is produced. Editions are released to allow making limited breaking changes, such as promoting await to a keyword to support async/await features. Crates targeting different editions can interoperate with each other, so a crate can upgrade to a new edition even if its callers or its dependencies still target older editions. Migration to a new edition can be assisted with automated tooling.^[144]

rust-analyzer is a set of utilities that provides integrated development environments (IDEs) and text editors with information about a Rust project through the Language Server Protocol. This enables features including autocomplete, and compilation error display, while editing code.^[145]

Since it performs no garbage collection, Rust is often faster than other memory-safe languages.^{[146][73][147]} Most of Rust's memory safety guarantees impose no runtime overhead,^[148] with the exception of array indexing which is checked at runtime by default.^[149] The performance impact of array indexing bounds checks varies, but can be significant in some cases.^[149]

Many of Rust's features are so-called zero-cost abstractions, meaning they are optimized away at compile time and incur no runtime penalty.^[150] The ownership and borrowing system permits zero-copy implementations for some performance-sensitive tasks, such as parsing.^[151] Static dispatch is used by default to eliminate method calls, except for methods called on dynamic trait objects.^[152] The compiler also uses inline expansion to eliminate function calls and statically-dispatched method invocations.^[153]

Since Rust uses LLVM, all performance improvements in LLVM apply to Rust also.^[154] Unlike C and C++, Rust allows the compiler to reorder struct and enum elements unless a #[repr(C)] representation attribute is applied.^[155] This allows the compiler to optimize for memory footprint, alignment, and padding, which can be used to produce more efficient code in some cases.^[156]

Rust is used in software across different domains. Components from the Servo browser engine (funded by Mozilla and Samsung) were incorporated in the Gecko browser engine underlying Firefox.^[157] In January 2023, Google (Alphabet) announced support for using third party Rust libraries in Chromium.^[158][159]

Rust is used in several backend software projects of large web services. OpenDNS, a DNS resolution service owned by Cisco, uses Rust internally.^[160][161] Amazon Web Services uses Rust in "performance-sensitive components" of its several services. In 2019, AWS open-sourced Firecracker, a virtualization solution primarily written in Rust.^[162] Microsoft Azure IoT Edge, a platform used to run Azure services on IoT devices, has components implemented in Rust.^[163] Microsoft also uses Rust to run containerized modules with WebAssembly and Kubernetes.^[164] Cloudflare, a company providing content delivery network services, used Rust to build a new web proxy named Pingora for increased performance and efficiency.^[165] The npm package manager used Rust for its production authentication service in 2019.^{[166][167][168]}

In operating systems, the Rust for Linux project, launched in 2020, merged initial support into the Linux kernel version 6.1 in late 2022.^{[169][170][171]} The project is active with a team of 6–7 developers, and has added more Rust code with kernel releases from 2022 to 2024,^[172] aiming to demonstrate the minimum viability of the project and resolve key compatibility blockers.^[169][173] The first drivers written in Rust were merged into the kernel for version 6.8.^[169] The Android developers used Rust in 2021 to rewrite existing components.^[174][175] Microsoft has rewritten parts of Windows in Rust.^[176] The r9 project aims to re-implement Plan 9 from Bell Labs in Rust.^[177] Rust has been used in the development of new operating systems such as Redox, a "Unix-like" operating system and microkernel,^[178] Theseus, an experimental operating system with modular state management,^[179][180] and most of Fuchsia.^[181] Rust is also used for command-line tools and operating system components, including stratisd, a file system manager^[182][183] and COSMIC, a desktop environment by System76.^[184]

In web development, Deno, a secure runtime for JavaScript and TypeScript, is built on top of V8 using Rust and Tokio.^[185] Other notable adoptions in this space include Ruffle, an open-source SWF emulator,^[186] and Polkadot, an open source blockchain and cryptocurrency platform.^[187]

Discord, an instant messaging software company, rewrote parts of its system in Rust for increased performance in 2020. In the same year, Dropbox announced that its file synchronization had been rewritten in Rust. Facebook (Meta) used Rust to redesign its system that manages source code for internal projects.^[15]

In the 2025 Stack Overflow Developer Survey, 14.8% of respondents had recently done extensive development in Rust.^[188] The survey named Rust the "most admired programming language" annually from 2016 to 2025 (inclusive), as measured by the number of existing developers interested in continuing to work in the language.^{[189][note 7]} In 2025, 29.2% of developers not currently working in Rust expressed an interest in doing so.^[188]

DARPA has a project TRACTOR (Translating All C to Rust) automatically translating C to Rust using techniques such as static analysis, dynamic analysis, and large language models.^[190]

Rust's safety and performance have been investigated in programming language theory research.^{[191][117][192]}

Rust's applicability to writing research software has been examined in other fields. A journal article published to Proceedings of the International Astronomical Union used Rust to simulate multi-planet systems.^[193] An article published in Nature shared stories of bioinformaticians using Rust.^[138] Both articles found that Rust has advantages for its performance and safety, but cited the learning curve as being a primary drawback to its adoption.

According to the MIT Technology Review, the Rust community has been seen as "unusually friendly" to newcomers and particularly attracted people from the queer community, partly due to its code of conduct which outlined a set of expectations for Rust community members to follow.^[15] Inclusiveness of the community has been cited as an important factor for some Rust developers.^[138] The official Rust blog collects and publishes demographic data each year.^[196]

The Rust Foundation is a non-profit membership organization incorporated in United States, with the primary purposes of backing the technical project as a legal entity and helping to manage the trademark and infrastructure assets.^[197][44]

Key Information

Formation	February 8, 2021; 4 years ago (2021-02-08)
Founders	Amazon Web Services Google Huawei Microsoft Mozilla Foundation
Type	Nonprofit organization
Location	United States
Chairperson	Shane Miller
Executive Director	Rebecca Rumbul
Website	foundation.rust-lang.org
Show more

It was established on February 8, 2021, with five founding corporate members (Amazon Web Services, Huawei, Google, Microsoft, and Mozilla).^[198] The foundation's board is chaired by Shane Miller.^[199] Starting in late 2021, its Executive Director and CEO is Rebecca Rumbul.^[200] Prior to this, Ashley Williams was interim executive director.^[44]

The Rust project is composed of teams that are responsible for different subareas of the development. The compiler team develops, manages, and optimizes compiler internals; and the language team designs new language features and helps implement them. The Rust project website lists 6 top-level teams as of July 2024^[update].^[201] Representatives among teams form the Leadership council, which oversees the Rust project as a whole.^[202]

Wikibooks has a book on the topic of: Rust for the Novice Programmer

• Comparison of programming languages
• History of programming languages
• List of programming languages
• List of programming languages by type
• List of Rust software and tools
• Outline of the Rust programming language