Why We Chose Rust for TiKV and Practical Rust Development Experience

In this talk, PingCAP chief architect Tang Liu shares the reasons behind choosing Rust for the TiKV distributed KV store, contrasting it with Go, C++, and Java, and outlines the high‑level architecture of TiDB/TiKV.

Why Rust? The team needed a language without garbage collection, with predictable memory usage, and without the overhead of Cgo when interfacing with RocksDB. Rust offers type safety, memory safety, and thread safety, which are essential for high‑performance distributed systems.

Rust Basics – Rust is a systems programming language that catches memory‑related bugs at compile time. Simple examples such as a fn main() { println!("Hello, world!"); } hello‑world program, variable declarations, mutability ( let mut x = 0; ), and the compiler errors for using uninitialized or immutable variables are illustrated.

Key Language Features

Type safety : Implicit casts are disallowed; unsafe blocks are required for low‑level operations.

Memory safety : Ownership and move semantics ensure a value has a single owner; copying occurs only for types implementing the Copy trait.

Borrowing : Immutable ( &T ) and mutable ( &mut T ) borrows let you use a value without taking ownership, with compile‑time checks for overlapping mutable/immutable borrows.

Lifetime annotations guarantee that references do not outlive the data they point to.

Thread safety : Types that implement Send can be transferred across threads, and those that implement Sync can be safely shared; the typical pattern is Arc<Mutex<T>> or Arc<RwLock<T>> for concurrent data.

Practical Experience

Cargo : The standard build and package manager for Rust projects.

quick_error! : A macro to simplify error‑type definitions and conversions.

Clippy : A linter that suggests idiomatic Rust code (e.g., prefer to_owned() over to_string() ).

MIO : An asynchronous I/O library providing a unified event‑driven API (epoll, kqueue, IOCP) for high‑performance networking.

Using Arc<Mutex<T>> or Arc<RwLock<T>> to protect shared state across threads, and leveraging lock‑free channels for inter‑thread communication.

Drawbacks of Rust

Immature ecosystem: fewer libraries compared to Go, especially for networking (e.g., lack of built‑in async sockets) and RPC frameworks.

Poor stack traces on macOS: panic messages lack file and line information.

Q&A Highlights

Rust FFI outperforms Go Cgo in a benchmark calling Snappy's MaxCompressedLength 10,000 times.

Rust tooling works across editors (Vim, Emacs, Sublime) and platforms; Windows DLL generation is possible but not covered.

Calling C libraries from Rust is straightforward via the FFI module, though it requires unsafe wrappers.

Rust’s performance is comparable to C/C++ and superior to Go for low‑level tasks because it has no garbage collector.

The ecosystem is still growing; bindings for databases and message queues exist but are less mature than those for Go or Java.

The article concludes with a call to join the "High‑Availability Architecture" community for further Rust discussions.