Rust
Last updated: Mar 16, 2026
Rationale
Rust is Fluid Attacks’ language for low-level components where performance is the main concern.
The main reasons why we chose it over other alternatives are:
- It is open source .
- It is memory-safe by design, with a type system that prevents entire categories of bugs at compile time, including null dereferences, data races, and unhandled error paths.
- It has very powerful static typing with algebraic data types and exhaustive pattern matching, which allows encoding business invariants such that invalid states are not possible.
- It is a compiled language that produces self-contained native binaries, making distribution to clients and CI environments straightforward without requiring an external runtime or virtual environment.
- It supports cross-compilation to multiple OS and architecture targets from a single build environment.
- It is one of the fastest programming languages on the market, with predictable, low-latency execution and no garbage collector pauses, which is essential for our scanner workloads.
- Its dependency management via Cargo is significantly better than Python’s, with a reliable build system and reproducible environments.
- It naturally supports our engineering values: immutability by default, first-class functional programming patterns, and algebraic data types as core language features.
Alternatives
The following languages were considered:
Although some of these languages share individual strengths with Rust, none match its combination of correctness guarantees, native binary distribution, and predictable performance — the three attributes ranked highest for our workloads. (a) Switching to any of these alternatives would require migrating existing components, (b) each carries meaningful trade-offs against our highest-priority evaluation criteria, and (c) our evaluation confirmed Rust as the strongest fit across all weighted attributes.
Python
- It is open source.
- It is a high-level language that is easy to read and write.
- It has a very large community and ecosystem.
- It has a large market, making it easy to hire developers.
- It supports static typing only as an optional extension via mypy , not as a built-in compiler guarantee.
- It is an interpreted language, meaning it cannot produce self-contained binaries for distribution.
- It is significantly slower than Rust for CPU-bound workloads, and has become a bottleneck in our scanner components.
Python is our current baseline. The pain points that motivated this evaluation — lack of compile-time correctness, painful binary distribution, and slow scanner throughput — are structural limitations of the language that cannot be resolved through tooling alone.
Go
- It is open source.
- It has a slightly more complex syntax than Python but is fairly accessible.
- It has a growing community and market.
- It compiles to native binaries and supports cross-compilation.
- It has a garbage collector, which introduces non-deterministic pauses under memory pressure, making performance less predictable than Rust for our workloads.
- Its type system does not support algebraic data types or exhaustive pattern matching, which limits the ability to model domain invariants at compile time.
Go is a strong general-purpose alternative but does not match Rust’s correctness guarantees or performance predictability for CPU-intensive applications.
Haskell
- It is open source.
- It has the strongest functional programming and type system among all candidates, with full support for higher kind types and purely functional idioms.
- Its community and ecosystem are small and specialized.
- It has a very small market, making hiring and onboarding significantly harder than any other candidate.
- Its ecosystem for our critical dependencies (AWS SDK, tree-sitter) is limited and not commercially backed.
- Its learning curve is steep and the gap from Python or TypeScript is large.
Haskell scores highest for engineering values alignment but scores poorly on ecosystem viability and talent, and does not justify the onboarding and ecosystem risk for production workloads.
OCaml
- It is open source.
- It has a strong type system with algebraic data types and pattern matching.
- Its community and ecosystem are small and growing slowly.
- It has a very small market, and the pool of experienced engineers is extremely limited.
- Its ecosystem for AWS and tree-sitter is not mature.
- It lacks the safety guarantees around memory and concurrency that Rust provides natively.
OCaml shares some of Rust’s type system strengths but falls behind on performance, memory safety, ecosystem viability, and available talent.
Usage
Rust is used by:
- Sniffs