59 comments

  • malisper 19 hours ago
    Hey author here. Wasn't expecting to see this up.

    To concisely give an overview of the project, I've been experimenting with using LLMs to build a better version of Postgres. Postgres is 30 years old and we've learned a lot about databases since hten. A lot of the techniques that work for doing a rewrite are also useful for doing a rearchitecture.

    I'm now working on a new, not yet published version of pgrust that incorporates a lot of techniques. Currently the new version:

      - Passes 100% of Postgres regression suite
      - Implements a thread per connection model instead of the process per connection model Postgres does
      - Is 50% faster than Postgres on transaction workloads
      - Is ~300x faster than Postgres on analytical workloads. Right now it's 2x slower than Clickhouse on clickbench and I think it's possible to get faster than Clickhouse
    
    If you have any questions, I'm happy to answer them.
    • film42 7 hours ago
      A thread per connection is a almost always the correct decision for performance, but by choosing a process per connection, postgres is able to let you load whatever sketchy extensions you want. Worst case you crash the process, not the database. It would be nice if you could strike a balance so a segfaul in the extension only crashes a small percentage of connections, not the whole thing.
      • pilif 2 hours ago
        That’s not true for Postgres however: due to its usage of a shared memory pool, whenever a subprocess is terminated unexpectedly, Postgres will kill all other processes and enter recovery mode, replaying the WAL, during which time it will not accept connection requests.

        It does this because it can’t possibly know whether the dying process did bad things to the shared memory pool.

        • film42 1 hour ago
          You are correct! TIL, and thank you. Connection processes get a SIGQUIT, shared buffers cleared, and WAL replayed, but postmaster stays alive. It's effectively an online restart.
      • fpgaminer 6 hours ago
        If it's a choice between performance and being able to "safely" run sketchy extensions, I'd rather have performance.
        • brianaker 5 hours ago
          A mixture of threads and processes that can be used to match processors, disk I/O, and network interfaces.

          A very long time ago, there was once a feature called "Data Blades" which tanked a commercial database vendor. A badly behaving blade could bring down the entire database. Most anyone who has been working on databases for a few decades remembers this and makes a point of either not introducing these sorts of features or making use of processes over threads.

          I have not looked at the code referenced in the mentioned project, but thus far I haven't seen a model that could craft a complete SQL parser on its own.

          There are a number of problems, and design decisions, that a developer decides on when writing a database that I don't see any current models… just because you have the ingredients does not mean that the stew is edible.

          • mulmen 4 hours ago
            > A very long time ago, there was once a feature called "Data Blades" which tanked a commercial database vendor.

            I have no idea what this is and a web search turned up Harbor Freight woodworking tools.

            • Verdex 3 hours ago
              My first web search (data blades) turned up harbor freight woodworking tools.

              Then I made a second web search: data blades database.

              That turned up some ibm database software module technology which I assume is what's being discussed.

              • mulmen 2 hours ago
                I performed both searches on Kagi and didn't see anything about IBM. I do see results for "DataBlade" and "Data blade database" but I didn't try those specific variations after my first two attempts returned nothing of interest. That's too much effort to decipher a HN post.
            • Izkata 3 hours ago
              I think it's this: https://www.ibm.com/docs/en/informix-servers/15.0.x?topic=co...

              And what you found seems to be "Dado", not "Data".

              • mulmen 2 hours ago
                Yes, Kagi was sufficiently confused as to what "Data blades" are that it actually thought I was looking for replacement woodworking blades. "DataBlade" finds the IBM Informix product.
        • roughly 4 hours ago
          In the age of vibe-generated code, I promise you're gonna want the safety.
          • CuriouslyC 4 hours ago
            So load them up in read replicas
            • noworriesnate 3 hours ago
              Or use webassembly to sandbox them
            • echelon 3 hours ago
              You have to have a write path. You're gonna want what to be non-sketchy and performant.
        • socalgal2 2 hours ago
          You could fix probably the sketchy extension issue with WASM.
        • tremon 5 hours ago
          Do you mean that you don't run sketchy extensions and therefore this doesn't affect you, or that you're ok with data loss due to extension failures?
        • hoppp 4 hours ago
          What about extensions that are not sketchy? Lots of good ones out there.
          • throwaway27448 4 hours ago
            Presumably they'd be fine running in a threaded context.
            • thayne 1 hour ago
              An extension written for a single threaded host system might not work in a multi-threaded context. For example if has global or shared state that isn't protected with locks or similar (which is unfortunately fairly common in c code)
            • hoppp 3 hours ago
              Extensions like pgvector, TimescaleDB would probably need to be ported tho, not sure how much but there are footguns.
              • SoftTalker 1 hour ago
                Not needed in many (most?) cases.
        • ori_b 2 hours ago
          But it isn't.
        • jeltz 6 hours ago
          Threads does not offer any major performance advantage, performance of processes vs threads is virtually the same. The reason the PostgreSQL project is moving towards threads is to make development easier.
          • malisper 6 hours ago
            > Threads does not offer any major performance advantage

            This is very not true. When it comes to parallel queries, a process model adds a ton of overhead. You can't pass pointers between processes because the address space is different. This adds a ton of overhead in a bunch of different places. For example when doing a parallel hash join, Postgres will have each worker build a local hash table. Then it will take all the tuples out of the local hash table and copy them through shared memory to the leader who will then construct a new hash table. This duplicates a lot of work as you have to hash the tuples multiple times.

            A lot of getting to Clickhouse level performance was making better use of parallelism.

            • jeltz 6 hours ago
              Ok ... you know PostgreSQL supports hash tables in shared memory, right? PostgreSQL could in theory share those if we wanted to. The issue is just that coding anything which uses shared memory is a lot of work.

              Additionally the reasons PostgreSQL does not offer Clickhouse performance has very little to do with parallelism. PostgreSQL plans to move to threading but the efforts around imporving OLAP performance are almost entirely unrelated.

              • comex 31 minutes ago
                > The issue is just that coding anything which uses shared memory is a lot of work.

                Doesn’t that kind of prove the parent’s point though? In theory shared memory can do anything that threads can do. But if in practice some feature doesn’t get implemented in the multi-process design (because shared memory is hard), when it likely would have been implemented in a threaded design, then that’s still an advantage for threads.

              • gpm 4 hours ago
                Apart from being a lot of work are you really gaining much at that point? Memory corruption can still take down both sides...
              • dupontcyborg 5 hours ago
                i may be missing context, but shared memory across processes, without ipc?
                • Giefo6ah 4 hours ago
                  There's nothing special about threads vs processes in Linux. mmap works the same, the challenge is to map the same file. You can share a path, pass a file descriptor via fork or unix domain socket, among other techniques.
                  • LoganDark 2 hours ago
                    That induces disk I/O overhead (even if it somehow doesn't impact IPC performance)
                    • outpost_mystic2 57 minutes ago
                      It doesnt. Processes can share memory
                    • drdexebtjl 2 hours ago
                      The file doesn’t have to be disk-backed.
                      • LoganDark 1 hour ago
                        Don't you need something mounted for that?
                • frollogaston 4 hours ago
                  Being really pedantic here, shared memory is considered IPC, but not the kind you're thinking of. Shared address space, no overhead.
          • codesnik 6 hours ago
            unless you're spawning them for new connections.
            • jeltz 6 hours ago
              Some, but not that much. Switching PostgreSQL to a threaded model will not magically make spawning connections fast. PostgreSQL connections are quite heavyweight.

              The reason to use threads is almost entirely about ease of development, not about performance. If you use shrared memory like PostgreSQL does you need to write your own allocators, etc. So much you get for free if you use threads.

      • toast0 5 hours ago
        Doesn't postgres (rightly) have a cow if a process has a disorderly shutdown (at least while in a write transaction) because there's shared memory between the processes?
      • skybrian 23 minutes ago
        A more modern way to do this might be to support WebAssembly plugins.

        The extensions might need to be rewritten, but hey, we have AI for that now, so why not :-)

      • TZubiri 3 hours ago
        Some see a 30 year old system and think "outdated", I see a 30 year old system and think "time tested."

        Clearly a process per connection is more stable and that's what I'm using.

        It's unclear what problem such optimizations are solving anyway, with the old way you could only support a million concurrent users with a single server? Are we missing out on supporting ten million concurrent users with 2 servers instead of 10? Ostensibly reducing the minimum db hardware opex for a 10B$ company from 10k$/month to 2k$/month?

        • film42 1 hour ago
          A million users? Hell, I'd bet 99.999% of live postgres databases in existence serve less than 5 users on average. Even among products that actually make a profit, I bet 99.9% of them serve less than 100 customers a day. We hooligans on hacker news manage the 0.1% of databases, and in my newfound consulting life, I'm hoping to never support one of those again.
      • fluffybucktsnek 6 hours ago
        I'm not informed of the Postgres's internals, but, maybe, that can be solved by grouping threads into different processes depending on which set of extensions they request.
      • win311fwg 4 hours ago
        An OS thread per connection can be fine for performance if you don't have to scale your connections, but if you don't need to scale connections why have connections at all? Databases are even more performant when you eliminate connection overhead entirely.
    • levkk 6 hours ago
      Ouf. I don't know. I don't want to call you out without evidence -- I myself make benchmark claims all the time -- but 50% improvement in OLTP seems suspicious. I get that you used a standard benchmark, and I don't even know what it entails, but my spidey sense is going off. Perhaps, some trade off somewhere that won't make it to prod because it breaks MVCC -- and yes, I saw that it passes regression tests.

      Just checking, is fsync on? :) Regression tests don't catch bad IO patterns afaik.

      Anyway... sounds like a fun project to work on!

      • LtWorf 6 hours ago
        Remember when databases were faster to run in virtualbox rather than bare metal? (because virtual box was completely ignoring all the instructions to flush the data on the disks)
      • codys 3 hours ago
        It'd be very unfortunate if Postgres didn't have regression tests for data loss due to bad io patterns. Should be possible to do some checks against those in an appropriate test harness. Which might mean "have qemu run something we can kill off and examine the results".

        If those don't exist, I hope folks recognize how useful they are and add them.

    • OsrsNeedsf2P 6 hours ago
      What's your actual background and expertise with Postgres and databases more broadly? Basically, do you actually know what you're doing, or is there likely a massive footgun you don't know or haven't shared with us?
    • kfsone 3 hours ago
      It doesn't sound like you were trying to launch a product, but doing an experiment and someone threw you under the HN-spotlight-bus :) Is this a "see what I can achieve with LLM coding" or is this "build this and see how much of the coding can be accepted from LLMs"?
    • tudorg 19 hours ago
      > - Is ~300x faster than Postgres on analytical workloads. Right now it's 2x slower than Clickhouse on clickbench and I think it's possible to get faster than Clickhouse

      That sounds like you are storing the data in a columnar format? Or do you do both row and columnar?

      In a somewhat similar (yet also quite different) effort, I've been working on δx, a Postgres extension that compresses the data in a columnar format stored in normal Postgres tables (so replication, crash recovery, pg_dump, etc. still work normally). https://github.com/xataio/deltax

      It is currently about 30-40% slower than ClickHouse (single node, ofc). The PR to add it to clickbench was just accepted, so you can see the comparison here: https://benchmark.clickhouse.com/#system=+liH|_etx|gQ|saB&ty...

      • malisper 17 hours ago
        Yep! The new version of pgrust supports batch based execution and a columnar format. I'm curious how you got δx to perform that well? From what I've seen a columnar layout only gets you part of the way and really good parallelism and really fast hash tables seem to make up a significant portion of why Clickhouse is faster.
        • FreakLegion 3 hours ago
          pg_mooncake (now effectively abandoned due to being acquired by Databricks, but still up at https://github.com/Mooncake-Labs/pg_mooncake) pulled the DuckDB engine into Postgres wholesale, if I remember right.

          pg_lake also uses DuckDB but keeps it external, routing through Postgres and managing Iceberg tables (but not the data itself) there (https://github.com/Snowflake-Labs/pg_lake).

          Both of these were neck and neck with ClickHouse last time I tried them.

        • tudorg 7 hours ago
          Yeah, spent a lot of time on parallelism, vectorizing, pipelining, filter push-downs, bloom filters, all the tricks out there. It's really fun to make pretty steady progress on this.
    • gnull 19 hours ago
      What was your methodology and structure in making the prompts for the rewrite? Did you let the LLM roam in all of the codebase and tests from the beginning, or revealed things to it gradually in some way?
    • mattgreenrocks 4 hours ago
      I am super curious how you went about the port using LLMs. At $WORK we are looking to port code, preferably with LLMs, and it seems daunting, even with a test suite. Do you have an approach that works well for you?
      • hoppp 3 hours ago
        Bun has an interesting blog post about how it was ported. It did cost a lot, much more than hiring people would cost outside USA.
    • jl6 19 hours ago
      "Is 50% faster than Postgres on transaction workloads" - That is a very big claim! 50% faster on everything? Is it a strict improvement across the board or are there tradeoffs that make some workloads slower?
      • malisper 19 hours ago
        The 50% is specifically on percona-tpcc[0]. I got there through a mix of batching (postgres processes a row at a time), prefetching, and several handful of other optimizations.

          [0] https://github.com/Percona-Lab/sysbench-tpcc
    • greatony 2 hours ago
      It's a completely new era of software production (I will no longer call it development) LLMs give us unlimited manpower, and the language give us constraints to make more modern and safer softwares. Love to see this rewrite in Rust, and expecting much much more in next few month.
    • dimes 9 hours ago
      While a thread-per-connection seems like an improvement, do you have any plans to allow query multiplexing over a single connection? That would be a huge improvement IMO.
      • malisper 7 hours ago
        Can you elaborate on the use case for query multiplexing? Is it so your client would only need to establish one connection with Postgres and then could run as many queries as it wanted?
        • roller 4 hours ago
          Microsoft SQL Server has had a similar feature for a while -- Multiple Active Result Sets aka MARS. I don't have a good read on whether it actually helps any workloads. I've seen adapters that don't support it because of the extra complication.

          https://learn.microsoft.com/en-us/sql/relational-databases/n...

        • dimes 3 hours ago
          Multiplexing would have a number of benefits. As you say, each client would only need a single connection regardless of the number of queries being sent. Resulting in:

          On the client side, there is usually a local connection pool. When a burst of traffic comes in, the client needs to either wait for the pool to free up or establish a new connection, which adds latency. This latency hit wouldn’t occur with multiplexing.

          With multiplexing, systems like pgbouncer would be unnecessary.

          Also, even with a thread-per-connection, you can still quickly exhaust the servers resources when you have lots of connections because threads have a lot of overhead. Reducing the number of connections needed would greatly increase the number of clients that a database can serve.

        • ptrwis 6 hours ago
          Not the OP, but yes - just imagine a web server talking to DB over one connection without any connection pooler
    • quadrature 7 hours ago
      Are you fixing the heap and table management ?. Postgres does not use an undo log and manages all table updates directly in table storage which slows MVCC.

      also have you told Ben Dicken ? https://x.com/BenjDicken/status/2074326407795417435

      • malisper 7 hours ago
        That's something I eventually want to fix. The challenge is the storage format is so integral to Postgres that it's going to be a huge PITA to come up with a novel design.

        Right now OrioleDB is in beta. Once that becomes production ready, I'll evaluate incorporating it into pgrust.

        For Ben Dicken, he has seen the project: https://x.com/BenjDicken/status/2074512043462603236. We're still working on all the novel features so I don't think it meets his bar quite yet.

        • quadrature 6 hours ago
          best of luck to you, it will be great to see a rearchitected postgres.
    • barrkel 19 hours ago
      Is it being used in production anywhere, even if only a toy app?

      I know you say it's not production ready and not optimized yet, but in the same breath - in your comment here - you say it's already faster.

    • teravor 2 hours ago
      when doing rewrites like these, why isn't the first step to instrument the original code so that you would get very good automated test suites to point the LLM toward?

      use both synthetic and real data to sample the internals of the original software to duplicate.

      locate all the data transformation junctures, sample and then replicate the tranforms 1:1 in the rewrite.

    • kardianos 6 hours ago
      PG Wire proto 3 is my largest source of frustrations.

      I'm playing with a POC for a better wire protocol here: https://github.com/solidcoredata/pgwire4

    • boomskats 18 hours ago
      This is great! Those analytical workloads numbers are mad - I'd love to see the benches, and I'm happy to contribute to some of the profiling.

      How does your thread-per-connection model compare to Heikki's proposal[0][1] from back in 2023?

      [0]: https://www.postgresql.org/message-id/31cc6df9-53fe-3cd9-af5... [1]: https://www.youtube.com/watch?v=xLLakMmVtbY

      • malisper 18 hours ago
        Rust actually made the change pretty simple. The main changes are:

          - Use thread local variables
          - Move everything from shared memory to process memory
          - Use threads instead of processes
        
        I've started to see meaningful benefits by changing the parallel algorithms to use a shared memory space. For example parallel hash joins have to copy tuples through shared memory to pass them between workers. That's just not something I have to do.
        • Apaec 16 hours ago
          [flagged]
    • jimbokun 2 hours ago
      That…is really impressive. Well done!
    • happyPersonR 6 hours ago
      Do you have anything in the regression test suite like jepsen etc?
    • solomatov 8 hours ago
      Super impressive! Is it possible for you to share your methodology of using LLMs?
      • malisper 7 hours ago
        My approach has changed throughout the course of this project. Throughout most of the project, we were working off of a c2rust translation of Postgres to Rust. That gave us a bunch of Rust code that was unsafe but did pass the Postgres test suite and was fast. c2rust had split Postgres into 1000 different crates. We then went through 1 by 1 and rewrote each crate into idiomatic rust.

        This naturally lended itself to a suite of skills to describe how to rewrite a crate from unsafe rust to idiomatic rust. The main three skills I had were 1) a skill for identifying the next crates to port 2) a skill for rewriting a crate and 3) a skill for auditing a crate and making sure there weren't any outstanding issues.

        My exact approach for managing subagents changed throughout the project. Initially I was doing parallel coding sessions with Conductor. After dynamic workflows came out, I used that as it was really easy to spin up dozens of parallel subagents and manage it from a single orchestrator. Over time I switched from using dynamic workflows to manually spinning up subagents from a central agent. The issue with dynamic workflows is they waterfall. Each step needs to finish before the next one starts. By manually spinning up subagents, I could have claude start porting a new crate as soon as a prior subagent finished.

        • ismailmaj 2 hours ago
          I think I would be horrified looking at your Claude API bill.
        • krashidov 6 hours ago
          Did you hand write the skills or did you have an agent audit your work and infer patterns?
        • solomatov 6 hours ago
          Thanks for sharing.
    • reinitctxoffset 4 hours ago
      This is how to LLM. Big ups, I wish the whole front page was stuff like this (and I think it'll happen).

      Everyone is so worried about the value of commodity software going to zero. It's like, yeah, going into CS for the money always looked dumb to me, it's just not a good career path for that, you have to love it.

      I am way more excited about a whole new class of stuff that obliterates the state of the art at every frontier.

      Keep doing it legend.

  • sdevonoes 7 hours ago
    Don’t understand these rewrites.

    - typically they are behind a single person. That’s usually bad because of spf

    - typically they are achieved in a very short amount of time, so the author hasn’t acquired any discipline in creating the project. That means it’s unlikely the author is going to stick to the project in the mid and long term

    - anyone that wants to contribute to the project needs to pay. Needs to pay tokens because it’s increasingly difficult to maintain these projects without AI

    So, who wants to put something like this in production? Doesn’t make much sense

    • anonzzzies 3 minutes ago
      It's not just a rewrite ; it has improvements. I did the same thing for fun for the same reason; I wanted to see if I can improvements on some of the legacy design stuff and, especially, the stuff PG people have told us that it cannot be done differently. It can. I would not put it in production, but it thought me a lot about the internals of databases. To keep my brain happy in the age of LLMs, I implement database things on our (also old but many times refactored/rewritten) production db without an LLM. I'm sweating through Flexible Paxos now; probably we will just keep using raft as it's old and stable and simple but it's interesting anyway.
    • scottlamb 3 hours ago
      I'd be interested to hear the author's answer to your question, but I see it as an interesting proof-of-concept. It's testing the viability of not only rewriting PostgreSQL in Rust (and their choice of deps) but also in switching the threading model and other architectural changes. LLMs shine at pumping out prototypes insanely fast, and a working prototype can put an end to a lot of speculation.

      I likely wouldn't use a rewrite of such a huge project if it doesn't have the backing of the original team (or a significant fraction thereof) and a believable story for having matched/exceeded the original code quality and maintenance. I also think in general using an LLM for license-laundering is legally and morally hard to defend, although this case is different in that they chose a more restrictive license. Not a lawyer, but my understanding is that you can just download PostgreSQL, do s/MIT/AGPL/ and release it, legally. (The original MIT-licensed version still exists, so no reason anyone would prefer yours until you make another release with some compelling new feature.)

    • seb1204 45 minutes ago
      Not the same but it is much faster and easier to re-create a 3d model of an existing set of drawings than from scratch. This is because a lot of the decisions have already been made.
    • pier25 3 hours ago
      > it’s increasingly difficult to maintain these projects without AI

      It's pretty much impossible in a project of this size. IIRC Postgres has over 1M loc.

    • kirubakaran 7 hours ago
      Everything has to start somewhere
    • pyrolistical 7 hours ago
      It’s open source. You take ownership of it for your deployment and stop relying on continued free work.

      You can use llm to pull in updates as they are released. It’s not gpl, so you don’t need to publish your port

      • cyphar 5 hours ago
        1. Nobody, not even the Googles or NSAs of the world do that. No single entity has the expertise nor resources necessary to maintain a fork for every open source project they use -- forking and maintaining Linux alone takes teams of people. And no, going full psychosis mode with LLMs is not going to save you.

        2. This project is AGPLv3.

      • sdevonoes 7 hours ago
        The companies I have worked for before all have used open source software like postgres, mysql, go, python, k8s, etc. 99% of the time we relied on free work; never contributed to these projects nor forked them for our own needs. I don’t think this behaviour is the unusual path tbh
      • ahartmetz 7 hours ago
        You don't even need to publish your port if it's GPLv3 as long as you don't publish the binary.
    • yasaheblasa 7 hours ago
      If you were a token burning company a project like this seems like a solution to this: https://xkcd.com/2347/

      that hits your metrics without the problem that your contributions are not welcome.

  • Chyzwar 18 hours ago
    I think the best way to test this would be to put PgBouncer or a similar proxy in front of a busy production database, and mirror queries to both traditional Postgres and the Rust one at the same time. Then you can compare output and performance under real load. After running it for a while, you could diff the tables one to one against the normal Postgres instance.
  • dirkc 20 hours ago
    How would one go about reviewing a piece of code like this?

    One of the things I'd typically do is peek at the commit history. Seeing what people worked on and how they did it tends to say a lot about a project. But with LLMs generating 7101 commits in less than a month that isn't feasible. Even looking at a single day is way too much [1]. It probably also doesn't make sense since the commits content won't tell you much anyway.

    ps. How do you easily get to the first commit in a repo on GitHub? Browsing commit history feels rather tedious

    [1] - https://github.com/malisper/pgrust/commits/main/?since=2026-...

    • booksock 8 hours ago
      (I'm working with malisper on pgrust),

      I think the focus for projects like this is going to shift to reviewing the testing/fuzzing process instead of reviewing each commit (going much further than what the postgres regression/isolation/crash tests do).

      related post from danluu: https://danluu.com/ai-coding/

      • wrs 7 hours ago
        Some of this post reminds me of a story I heard long ago from someone who had worked at a HW/SW company. They’d transferred an engineer from the ASIC design team to the OS kernel team, though he’d never been on a software team before. After a while the manager called him in for the following conversation:

        Manager: You’re doing amazing work — zero bugs in production! I’d like you to mentor the other SWEs on how to get their bug count down too.

        Engineer: We’re allowed to have bugs?

        • jeltz 6 hours ago
          Funny story but in my experience hardware engineers produce some of the worst software of the industry. Of course there must be some hardware engineers out there who do hood software but generally what they build are disasters.
          • tormeh 5 hours ago
            I bet it's being organized by project rather than product. Conway's law ensures such an org will create code around projects, not products, and that always ends horribly.
        • dcrazy 6 hours ago
          Hardware engineers call them errata ;-)
          • ferrouswheel 5 hours ago
            How many engineers does it take to fix a bug?

            Hardware Engineers: "None. We'll fix it in firmware."

            Firmware Engineers: "None. We'll fix it in software."

            Software Engineers: "None. We'll document it in the manual."

            Technical Writers: "None. The user can figure it out." etc.

            • chipotle_coyote 4 hours ago
              While I get the joke, as a technical writer, you might be surprised how often I've found myself as a defacto QA engineer:

              Me: This is what you said it does, and this is what it actually seems to do. Which one is right?

              Engineer: Shit.

      • fpgaminer 6 hours ago
        For large projects like this I think a hierarchical division of labor also helps.

        If you first carefully define the overall architecture and thus individual high level components of the system, then you know which of those components are mission critical and which are commodity. Mission critical would be anything ensuring ACID, etc. That way, no matter what you farm out to LLMs, you can keep the majority of limited human focus on the far fewer mission critical components. If tests end up not being robust enough to catch all issues, at least they'll be isolated to commodity code where damage is limited to things like DoS, etc, and not code that could cause data loss.

        I also think it's important to first define the _contracts_ on and between each of these components, and derive tests from those contracts. Partly because contracts more succinct and easier to reason about. And partly because Rust provides many tools to enforce contracts at compile time, reducing the need for tests (which themselves could end up subtly flawed). Contracts can be enforced through typing, private vs public APIs, etc. Newtypes are _incredibly_ powerful for both enforcing contracts and making footguns much less likely.

      • dmitrygr 4 hours ago
        And what happens when your "tests" are also vibecoded. Right now all of these houses of cards reset on human-written tests. What happens without them?
      • erichocean 5 hours ago
        > reviewing the testing/fuzzing process

        I've got insanely good at designing testing oracles over the last year for exactly this reason.

        I've ported some extremely finicky software between languages that it would have been borderline abusive to have a human do.

        Codex 5.3 and later for those interested.

    • gorgoiler 1 hour ago
      In general (I’m not saying this is the case with this project) if you don’t have their prompt history and you can’t re-run the LLM “compilation” yourself, is it open source? It feels a bit more like those “source available” projects where you can read the code but don’t have access to the build system.

      On the other hand, aside from the commit messages, one didn’t ever have access to the underlying thought process of human developers either, so maybe it’s not equivalent to say that secret prompts mean closed-source.

    • DuncanCoffee 20 hours ago
      The github cli has a command to query commits with a sorting asc/desc flag

      https://cli.github.com/manual/gh_search_commits

      here's the docs with more syntax using the "before x date"

      https://docs.github.com/en/search-github/searching-on-github...

      there's also an advanced search page, but it does not support commits when filtering with dates

      https://github.com/search/advanced

      or you can bisect the date in the search widget, this is the first day with a commit

      https://github.com/malisper/pgrust/commits/main/?since=2026-...

      first commit:

      https://github.com/malisper/pgrust/commit/22113dc36b02973060...

      • dirkc 19 hours ago
        Thanks for all the info you've provided!

        Maybe I'm just being a little grumpy. If I really need to look into a repository, I clone it and use vanilla git command line tools to have a look.

        It's just annoying that the modern web UI from GitHub takes >1s second to load a page with 34 commits

    • EDM115 19 hours ago
      > How do you easily get to the first commit in a repo on GitHub?

      You can use the syntax github.com/user/repo/commits/?after=last_commit_hash+number_of_commits-2 (-1 for the latest and -1 for the last)

      ex : https://github.com/malisper/pgrust/commits/?after=3646a73515...

    • jimbokun 1 hour ago
      You don’t. You trust that passing the regression tests means you are totally compatible with the original version.
    • skydhash 6 hours ago
      > ps. How do you easily get to the first commit in a repo on GitHub? Browsing commit history feels rather tedious

      I usually check the history of a file not easily changed like .gitignore.

      The first commit seems to be this one

      https://github.com/malisper/pgrust/commit/22113dc36b02973060...

      • isatty 2 hours ago
        Very smart. I like it.
    • bakugo 20 hours ago
      Vibe code was never meant to be reviewed.

      These rewrites are just test-driven development taken to the absolute extreme. Created under the hope that the existing tests are exhaustive and cover every relevant use case, such that if they all pass, the rewrite must be at least as good as the original. So just go with the vibes and burn tokens until they pass, and your job is done.

      In practice, this is never true for any codebase above a certain level of complexity, especially not one as mature and widely used as Postgres. But reality doesn't seem to be an obstacle for vibe coders.

      • dirkc 19 hours ago
        The challenge is that more and more people are producing project like this - 1,000s of commits and > 200k lines of code - and saying it was carefully created using agent based workflows and not vibe coded.
        • HPsquared 19 hours ago
          In that case they need to document the process and workflow, and demonstrate the care that was taken.
          • jarym 1 hour ago
            Quite amusing we have decades of human written code much of it sub standard and yet no one demanded proof till now of Open Source projects having to ‘demonstrate’ anything.

            If ya don’t wanna use it, don’t. Simple.

        • dmitrygr 4 hours ago
          > The challenge is that

          Why is that a challenge? As long as they are open about this, all is OK.

      • wartywhoa23 20 hours ago
        > reality doesn't seem to be an obstacle for vibe

        Went straight into my vault of brilliant quotes!

      • aforwardslash 7 hours ago
        One of the projects Im working on and off is a tamper-proof audit log, based on some PoC code I created almost 10 years go; unit and integration testing are good at preventing defects and regressions, but they will not guarantee your software will work. However, with the power of LLMs, one can easily use model checking (in my case with Quint) and/or other formal proof approaches to ensure the software conforms as specified. The result (in my opinion) is an implementation guided by a single human that is actually more trustworthy than manual human-made software using the traditional approach.
      • coldtea 20 hours ago
        And run them in test setups to try to find bugs.

        If you find some, fix them.

    • su66u 15 hours ago
      [dead]
    • egorfine 20 hours ago
      > How would one go about reviewing a piece of code like this?

      That's a wrong question. The right question is "why would one go about rewriting a piece of code in X". Once and if you find a good answer to that question, you will see the answer to your's.

  • vintagedave 18 hours ago
    This is impressive - but is a license change, from the PostgresQL license [0] to AGPL [1].

    I like the AGPL and think it's the best truly free open source license, but I worry if this is compatible. Ie, if this is rewritten from the original source, should the original apply? (Yes.) There has been a trend to rewrite open source software with a more restrictive license (like coretools in Rust). This looks considerably more ethical by choosing the AGPL - I just wonder, safer with no change at all?

    [0] https://www.postgresql.org/about/licence/

    [1] https://github.com/malisper/pgrust?tab=AGPL-3.0-1-ov-file

    • eurleif 7 hours ago
      You seem to have the restrictiveness backwards? The MIT license (uutils coreutils) is less restrictive than the GPL (GNU coreutils), and the AGPL is more restrictive than the PostgreSQL license.

      And it doesn't violate the PostgreSQL license to license the rewrite more restrictively. That's part of what makes MIT-style licenses less restrictive than the GPL or AGPL: they allow for more-restrictive relicensing.

    • LastTrain 7 hours ago
      If you don’t like the license just let an LLM spend a few days “porting” it and give that port any license you like because that is apparently what we do now.
      • ____tom____ 5 hours ago
        Yeah. I'm gonna have an LLM rewrite Star Wars and then film it. Should be fine, right?
        • deadbabe 4 hours ago
          Star Wars itself is a rewrite of King Arthur stuff so go right the fuck ahead.
        • processunknown 4 hours ago
          LGTM. copyright laws don't matter anymore.
          • moi2388 17 minutes ago
            The only good thing to come out of AI.
    • maxloh 7 hours ago
      The PostgreSQL License is a variant of the BSD license and is therefore compatible with the (A)GPL.

      Comprehend it this way: You create a blank (A)GPL project and incorporate the upstream BSD codebase into it. While those original upstream files remain under their original permissive license, the project as a whole is governed by the (A)GPL (plus the attribution requirements of the upstream license, which the GPL permits). From there, you can add your own code under the AGPL and distribute the combined work under the AGPL.

      If someone takes your code and uses only your portion, they can use it under the AGPL alone. However, if they also include the upstream source code, then the attribution requirements of the upstream license must still be met.

      • pavon 4 hours ago
        Yes, BSD licenses are compatible with AGPL meaning BSD licensed code can be combined with AGPL licensed code while complying with both licenses. However, it does not give you permission to relicense the BSD code (or derivative works) as AGPL. The author is free to license any new code they write as AGPL, however the license for the machine translated code is another question. If it is considered a derivative work (which I think it should be) then it must remain under the Postgres license.

        If it is not a derivative work, then for copyright to apply at all then it must be an "original work" which has "at least a modicum" of creativity applied by malisper in the translation. If this is satisfied then malisper could choose any license for the translated code they want, compatible with Postgres or not. If it isn't satisfied then no license applies, because it isn't eligible for copyright - essentially it is public domain.

        The safe and polite thing to do is to keep the same license when performing machine translation.

        • maxloh 4 hours ago
          IANAL, but calling this "relicensing" is technically inaccurate. It is more precise to describe it as adding constraints. When you combine your work with upstream code, you are layering additional requirements (like copyleft) onto the existing attribution requirements. The original limitations remain in effect. Therefore, it is not a shift from A to B, but rather from A to A ∪ B.

          This practice is entirely compatible with the PostgreSQL License, but it is often prohibited by GPL variants. You typically cannot combine GPL code with code under most other copyleft licenses, such as the Eclipse Public License.

          Regarding copyright status, AI-assisted work is increasingly recognized as copyrightable in many jurisdictions, provided the process involves a sufficient level of human creative input (though the specific threshold varies by jurisdiction). Only work generated purely by AI, with no human involvement, is arguably public domain. In a case like this, which is akin to "pair programming," the output is almost certainly copyrightable.

          • otterley 2 hours ago
            IAAL (not legal advice) and I’m not sure the issue is settled.

            The BSD license only explicitly permits the author “to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a written agreement.”

            By default, the owner of a protected work retains all rights not conveyed to someone else. Changing the license isn’t one of the enumerated activities, and so I think there’s a case to be made that it’s not permitted.

            Now if the author wants to claim it’s a new work, as opposed to a modification (which opens up a big bag of issues by itself because this was AI-authored), then the author can license it however they see fit.

    • MuteXR 5 hours ago
      The Postgres license is already fully compatible with the AGPL. BSD/MIT is more permissive.
    • mustache_kimono 7 hours ago
      Wow, yeah, really hate this.
    • otterley 6 hours ago
      If this software was written by a mechanical process, the license is a nullity. It’s public domain.
      • teraflop 6 hours ago
        Being created by a "mechanical process" from an existing creative work doesn't mean it's not a derivative work.

        For instance, if I take a copy of $BIG_BUDGET_MOVIE, and resample the video frames from 1080p to 720p through a purely mechanical transformation, that doesn't make the output public domain.

        • otterley 2 hours ago
          You might be right, if it is a derivative work and not a new one. There’s some evidence that the authors consider it a new one because they’re attempting to change its license.

          The BSD license doesn’t explicitly convey the right to create derivative works but it does convey the right to “modify” the software. (They seem similar but “modify” is a narrower verb.) So is this a modification? A derivative work? A new work entirely? If it shares no code with the work from which it was derived, things are more complex than it may seem (and it no longer fits the “compressed video” analogy very well).

  • cyber1 18 hours ago
    2664 "unsafe {", 1835 "unsafe fn". This is completely unsafe. It doesn't look like a rewrite that understands what's actually going on or how the architecture should be redesigned to take advantage of Rust strengths. Instead, it looks like an AI generated transpilation with extensive use of raw pointers.
    • malisper 18 hours ago
      Note that most of the unsafes are confined to the parser which was generated by running c2rust over the Postgres parser. The Postgres parser is itself generated from yacc/bison, so I decided to port it over mechanically rather than idiomatically.

      If there's particular unsafes that you think are egregious, let me know.

      • saym 2 hours ago
        Just wanted to say: I'm thoroughly impressed with how far in the weeds you're replying in this comment section. I'm learning a lot from the threads.
    • kaspar030 18 hours ago
      I set all my Rust LLM written projects to 'unsafe=deny'. Not sure why not everyone is anticipating your comment.
    • robotic 5 hours ago
      Let me just copy this review comment into my prompt.

      a few hours later

      Fixed!

    • HeavyStorm 18 hours ago
      Why even use rust...
      • maximilianburke 6 hours ago
        Because in C everything is unsafe, by definition.
  • simonw 12 minutes ago
    The WebAssembly demo that runs in your browser is a really neat touch: https://pgrust.com
  • juliangmp 21 hours ago
    I feel like we need to heavily differentiate between a rewrite and an AI rewrite.
    • maxloh 20 hours ago
      For instance, the TypeScript rewrite in Go was done mostly by humans and took a year before it was released. That is how you rewrite software that people can trust.
      • rirze 2 hours ago
        > mostly by humans

        `mostly` is doing a lot lifting here. The Go rewrite uses plenty of copilot. The reason you trust it is because you trust the people doing the rewrite.

      • rjh29 7 hours ago
        AI is a great use for this kind of boring, rote translation where precision is important. Humans are quite bad at it and tend to make mistakes. In either case the focus should be on improving testing, not trying to manually verify if the translation was correct by eye.
        • hoppp 4 hours ago
          I have an issue with the precision of generated code.

          LLMs sometimes confidently leave things out or they will overbuild.

          I use them all the time but mistakes happen. It's not exactly a scalpel, more like a sledge hammer.

        • IsTom 5 hours ago
          With programs large enough tests aren't going to ever be enough. Formal verification might work, but then who checks the specification for bugs?
          • copperx 4 hours ago
            In the case of rewrites, the specification is the original behavior, no? bugs and all.
            • hoppp 4 hours ago
              There is often no spec, just the old code, copied with the old bugs and with new ones sprinkled on top.
        • pier25 3 hours ago
          If precision is important then non deterministic AI is simply not a good tool.
      • subygan 6 hours ago
        What about human written software makes it more reliable than LLM written software?

        is it the craftsmanship, or the deliberate decision making of industry veterans?

        • queenkjuul 6 hours ago
          It's the notably poor quality of LLM-generated code
          • Petersipoi 4 hours ago
            As opposed to the incredible code that humans are known to write...
            • hoppp 4 hours ago
              If attention is all we need then what is better

              Hours of human attention

              or a few seconds of AI attention?

              I am not just talking about writing the code but the brainstorming that goes into it.

      • dboreham 2 hours ago
        Many projects that were done by humans and took a year can certainly not be trusted.
    • mebcitto 21 hours ago
      Not sure it’s so simple. I think close to 100% of new ambitious projects are going to leverage AI at least to some degree. I know a couple that have strict no-AI policies (e.g. Zig), but it’s a tiny minority i think.

      So how much AI usage does it make it an “AI rewrite”?

      • guenthert 21 hours ago
        Dunno. I got rather the impression that it's ambitious single-developer projects with no intention of maintenance which leverage those 'AI' code generators the most.

        Who wants to contribute to an unmaintainable code base?

      • lowsong 7 hours ago
        > I think close to 100% of new ambitious projects are going to leverage AI at least to some degree.

        Once the free money dries up that number will rapidly tend towards 0%.

        > So how much AI usage does it make it an “AI rewrite”?

        Any amount.

      • Dormeno 21 hours ago
        When the majority of the code is written by AI, it is more than 50%.
    • jatins 20 hours ago
      rewrites feel like an area where LLMs are better suited than humans imo

      It’s mostly grunt work and LLMs are well suited for translation tasks (iirc transformers arch was originally invented for translation)

    • byzantinegene 19 hours ago
      A human rewrite without maintenance is just a hobby project. An AI rewrite is just wasting tokens for god knows what?
    • baq 21 hours ago
      It’s just a build step now.
    • satvikpendem 21 hours ago
      It is more and more the future. No human would want to rewrite one technology to another because it is too marginal a gain. AI on the other hand does not give a shit.
      • Zecc 21 hours ago
        You underestimate what people are willing to do just for fun.
        • dawnerd 20 hours ago
          Yeah like what do they think the people porting doom to everything possible are thinking?
      • queenkjuul 6 hours ago
        > No human would want to rewrite one technology to another

        Except for when they do, like the new TypeScript...

    • colordrops 21 hours ago
      Is there any measurable difference in quality between the two, or are you just going on "vibes"? Is there a correlation between the quality of the manually written code and AI generated code driven by the same dev?

      Such crude takes only cause unnecessary friction. If you have a black box that spits out code, and you are unable to distinguish the quality between a top tier dev and an AI inside the black box, then the distinction is unnecessary. Most of the code on the internet is already a black box to you. What percentage of code running on your machines have you vetted by who wrote it and code quality?

      AI coding isn't going anywhere and will likely end up generating most code going forward so instead of rejecting it outright or arbitrarily categorizing it we need to focus on solid quantitative and qualitative measures of code and functionality regardless of who wrote it.

      • queoahfh 21 hours ago
        Didn't the initial rewrite of Bun into Rust have an ocean of "unsafe" in it, and wasn't it entirely dysfunctional?
        • kzrdude 4 hours ago
          There's still no release of rust-bun so then it might just not exist (until it proves itself).
        • Leynos 19 hours ago
          Yes, that was the point. It made unsafe behaviour visible in a way that could be addressed. I hadn't heard any reports of it being dysfunctional.
          • iigijshaba 17 hours ago
            I have read up on it again, and while it was entirely dysfunctional at the very early stages, it quickly came up to par or beyond, with the LLM especially helped by the huge test suite written in Typescript, different from both Zig and Rust.

            However, Jarred still describes a lot of unsafe, and usage of Miri in continuous integration.

            Funnily enough, RAII is cited as a major benefit of rewriting from Zig to Rust, while C++ already has RAII. I wonder if C++ and Rust are more suited to larger programs than Zig, unless the architecture in Zig is handled carefully.

      • dwedge 21 hours ago
        > Is there a correlation between the quality of the manually written code and AI generated code driven by the same dev?

        If the dev doesn't vet the code, it doesn't matter how good quality a dev they would be if they wrote the code - they didn't. Sure, the dev would probably drive the initial architecture discussion better and some people are using AI in small batches with tests and vetting everything, but some previously great devs are throwing in PRs that touch hundreds of files at once with one commit.

        A lot of people I previously considered great developers have become people I would not recommend for a job in the past 2-3 years.

        > If you have a black box that spits out code, and you are unable to distinguish the quality between a top tier dev and an AI inside the black box, then the distinction is unnecessary.

        Sure, but this is just begging the question. If nobody could tell, the term 'slop' wouldn't have become so popular.

        • colordrops 18 hours ago
          You must be replying to a different comment. Seems completely unrelated to what I wrote. I never claimed that there wasn't AI slop. My point is that there are different levels of code coming out of AI, both due to the quality of the model and harness, and the quality of the engineer that is driving it. Thus you can't just bucket all AI developed code the same.

          100% there is slop created by humans and really solid code bases generated by AI driven by a meticulous developer. You are making the exact error I was addressing, which is bucketing all AI code as the same.

          • dwedge 18 hours ago
            I quote-replied to your comment, so I doubt it was unrelated.

            > I never claimed that there wasn't AI slop

            No, but you implied that a top tier dev doesn't produce slop when using AI.

            > If you have a black box that spits out code, and you are unable to distinguish the quality between a top tier dev and an AI inside the black box

            My point was that "if" is doing a lot of heavy lifting here and you're coming very close to begging the question.

            > bucketing all AI code as the same.

            Most people are not "top tier devs" and over time this will probably become more true. Even if I accepted your premise that "top tier devs" only generate solid code bases with AI, the ease of entry and the ease of spitting out thousands of lines of code means the ratio of bad AI to good AI will not go in a good direction unless it becomes too expensive for non "top tier devs" to use. Given this, I think it's fair to assume AI code is low quality until proven otherwise.

            • colordrops 16 hours ago
              Yes most people are not top tier devs and most code is slop whether written by AI or not. I've probably dug through tens of thousands of code bases in my over 30 year career as a software engineer and most are slop.

              I also did not claim that all "top tier devs" would always produce better code with AI, but the qualification for a "top tier dev" in this case would be someone who verifies code multiple ways to make sure it is correct. I've seen amazing code come from bad interns that was reviewed mercilessly by season devs, and there's absolutely no reason it would not be the same with AI generated code.

              You do realize that you can review the entire architecture and code line for line even if it's AI generated right? My black box comment did not mean you couldn't see the code, it meant you don't know whether a machine wrote it or not.

              • jgon 7 hours ago
                You've dug through tens of thousands of code bases? 30 years would give you ~10,950 days, so you'd have to be digging into 2 code bases per day, every single day without any breaks for 30 years straight, to get to "tens of thousands".

                When I read things like this it makes it very hard to give any credence to the rest of your pro-AI arguments, because it just seems incredibly likely that you're a bullshitter.

      • lenkite 20 hours ago
        > Is there a correlation between the quality of the manually written code and AI generated code driven by the same dev?

        Aren't you making a strawman argument ? AFAIK this project is not made by an official PostgreSQL core developer, so the entire premise of your argument is invalid.

        • colordrops 18 hours ago
          I phrased that improperly which made you and probably others misunderstand. What I meant is, is the quality of AI generated code correlated with the developer? The answer is yes, a bad dev will absolutely produce worse code using AI than a good developer - the point being that there isn't just one level of quality of code coming out of AI, even with the same model and harness.
    • silon42 20 hours ago
      It's not that... It's a rewrite by project maintainers vs a fork.
    • egorfine 20 hours ago
      We already have a well established term for AI rewrites.
    • mrklol 21 hours ago
      I agree but I think from Bun we learned that a project with really good tests and enough tokens can be converted from one language to another quite good!
    • bozdemir 21 hours ago
      I'd %100 prefer an opus 4.8 rewrite over %99 of the time. Unless Fabrice Bellard is rewriting the stuff I need, I'd prefer AI over a human coder.
      • raincole 21 hours ago
        Or, you know, you can use Postgres. It's right there for you.
        • bozdemir 19 hours ago
          why? if a rewrite is better/faster/secure, why not? (I'm not saying PGrust is better, I didnt even install it, my perspective is in general)
          • mahogany 3 hours ago
            Of course, if the rewrite is all of those things, then it seems like a good option. The whole point is how do we know if it actually is better.
          • uecker 3 hours ago
            Because it is not trustworthy, which is really the most important thing.
      • OtomotO 21 hours ago
        AI is an average coder.

        It was trained on all code the code that could be found.

        Not just code written by genius programmers like Carmack and Bellard.

        Given that it's average, I'd prefer a human coder above average :)

        • bozdemir 19 hours ago
          I dont think Opus 4.8 is an average coder, with my own experience (I have coded 20 + years before even llms existed) it is anything but average. I don't think training data alone determines the success of these models, there are lots of reinforncement learning principles and fine tuning takes place, a crappy code in the dataset doesnt hold those llms scoring high in benchmarks, I dont think an average programmer can score 70% (opus 4.8) in SWE Bench Pro, which is a good one.
          • hoppp 4 hours ago
            I would say it's an average coder when it comes to writing functions because it keeps using regex. It might pass a benchmark but doesn't pass the smell test.
          • jeltz 7 hours ago
            I think Opus 8.4 is a below average developer, but maybe I have just worked with good developers and have a skewed perspective of what the average is.
        • rytill 20 hours ago
          LLMs learn a distribution during pre-training, not only an average.

          Then, by giving them context or by post-training, you can make them sample non-average parts of the distribution they learned.

          • OtomotO 20 hours ago
            > Then, by giving them context or by post-training, you can make them sample non-average parts of the distribution they learned.

            How do you derive that something is "below average" or "average" or "above average"?

            • rytill 20 hours ago
              Well, it’s up to the user or post-trainer of the LLM what they believe to be above average. Then they can design around that.

              In the case of real world LLMs and post-training, what is above average is defined roughly as: labeled good by expert humans, and scoring high on RL environments related to coding like debugging, passing tests, or running efficiently and verifiably correctly.

            • nextaccountic 19 hours ago
              > How do you derive that something is "below average" or "average" or "above average"?

              One technique is RLHF: have an human expert assess it.

              • OtomotO 17 hours ago
                Mhm, I just wonder how many samples they get and how much time they have to come to the conclusion.

                Like a short example is easier to grade, but not in the same ballpark as a whole codebase.

            • u8080 16 hours ago
              >How do you derive that something is "below average" or "average" or "above average"?

              How do you? I mean, that was your point basis.

        • piker 21 hours ago
          Which you will necessarily have if they’ve completed a Rust rewrite.
        • esafak 7 hours ago
          That is not how it works. IF it was condemned to be average models wouldn't be constantly improving, given that humans aren't getting better.
        • bigupthewhole 21 hours ago
          You haven't been using AI extensively I presume...

          I've been programming a long time and considered myself among the top in my domain and AI agents using like GPT 5.5 etc. are much better than me.

          • OtomotO 20 hours ago
            > You haven't been using AI extensively I presume...

            Ex falso quodlibet

            > I've been programming a long time and considered myself among the top in my domain

            I am not trying to attack you, but you considered yourself that... I don't know whether you actually were and frankly I don't care.

          • witx 20 hours ago
            [flagged]
  • gingersnap 21 hours ago
    I start to see a lot of these re-writes that depend on tests to state that its working. But the things that make software like Postgres and SQLite reliable are not mostly the test, but the real world production scars. That's where the reliability comes from, years and years of running in production.
    • sshine 21 hours ago
      > not mostly the test, but the real world production scars

      Most extensive test suites are exactly production scars: every time you have a bug or a regression, you write a test that confirms correct behaviour.

      SQLite is a good example to bring up because its extensive closed-source tests are what’s often cited as being what keeps people from forking it. (Turso did it, though, but it takes a company to deliver some guarantee of equivalent diligence.)

      And yes, years and years of running.

      • kelnos 21 hours ago
        Sure, but behaviors that never have a bug or regression don't get a test. Software of this kind of complexity has all kinds of behavior that has never been broken, and doesn't have a specific test written for it.

        Getting an extensive test suite passing is certainly orders of magnitude better than having no test suite at all, but it still doesn't tell you as much as you need to know. I would absolutely never trust an LLM Postgres rewrite (in any language) in production based on "only" Postgres's test suite passing.

        • bob1029 21 hours ago
          > Software of this kind of complexity has all kinds of behavior that has never been broken

          This space of things is astronomically larger than the space of things expressly covered by any test suite.

          "Program testing can be used to show the presence of bugs, but never to show their absence." -Edsger W. Dijkstra

          • w4der 20 hours ago
            I've also seen situations where a customer reports a bug, the fix breaks some regression, and the updated behavior to work around the fix breaking the regressions turns into an undocumented feature.
            • derdi 12 hours ago
              How do you break a regression? A regression is breakage. Are you one of the people who use "regression" to mean "regression test"? Did Codex learn this from you? I hate it.
          • mbrock 18 hours ago
            The same basically holds for proofs in the absence of coherent global correctness criteria like, say, confluence and normalization for a lambda calculus, or soundness and completeness for a logic.

            Fable's napkin estimate of the effort required to produce a passable reference semantics for Postgres, which would involve novel discoveries in denotational semantics of concurrent transactions and so on, might be in the ballpark of 30–60 years of PhD level work.

            So realistically I think the only way to validate a Postgres implementation involves differential testing, fuzzing, acceptance test suites, etc. And still you'll have bugs that need to be hammered out the good old fashioned way.

        • gblargg 20 hours ago
          Or even a human rewrite merely because some language is the current fad. A rewrite in a different language should be done for very good reasons, to solve problems that are bigger than the costs of all the bugs that will be introduced.
        • jghn 16 hours ago
          Perhaps before embarking on one of these rewrites the first step should be a heavy round of mutation testing and property based testing. Contribute any new testing code from this back to the original project. And *then* embark on the rewrite.
        • vitally3643 15 hours ago
          If that's your concern, then your argument becomes "software should never change". Why dare patch any bug ever? It might be load-bearing in some unknown, undocumented, unsupported workflow somewhere in the world. No test imaginable can catch that apart from the scream test.

          There are reasonable arguments against language ports, but this is not one. You're making an argument against code changing at all ever.

        • gb2d_hn 20 hours ago
          Agreed.And a rewrite in another language creates a high probability of a change in behaviour
      • hvb2 21 hours ago
        The maintainers that wrote those tests will have experience you won't get out of a rewrite.

        I think this is also where the real work is. A rewrite is one thing, that you can show off with a flashy blogpost. The maintenance, for years to come, won't be of that nature yet it still requires as much work.

      • martin-adams 20 hours ago
        This feels like the image of the plane that returns from battle with bullet holes, and the engineer being asked to path up where the holes to make it stronger. Only to be told to patch where there weren't holes as those planes didn't make it home.

        While not an exact fit of an analogy, those tests patch what was a problem with Postgres in the wild. What it doesn't cover are the things that worked in Postgres without tests, but may fail in port and go undetected.

        • danudey 12 hours ago
          I don't necessarily disagree, but two other points to consider:

          1. Every test that is written is another use case that wasn't tested before. 100% test coverage is often impractical, but the more tests you have the more of the code you can be confident about.

          2. Every test you add is another regression that can't happen in the future; if you test the index rebuilding code and validate the output then you know that you aren't going to make a change that breaks the index rebuilding code. If you have a legitimate change you update the tests, but if you're not expecting the change then you know there's a bug somewhere.

      • danudey 12 hours ago
        sqlite is the pathological case though; it has ~590 times more SLOC in the test suite than in the actual sqlite project.

        https://sqlite.org/testing.html

      • nicce 20 hours ago
        > Most extensive test suites are exactly production scars: every time you have a bug or a regression, you write a test that confirms correct behaviour.

        If you can be 100% guaranteed that there indeed is a test for every occurred bug. Sometimes maintainers are not so strict about it.

        And some programmers are so good that some issues are self-explanatory and they write good code to note a thing but don't write a test, because implementing the test is more expensive.

        • estebank 5 hours ago
          > And some programmers are so good that some issues are self-explanatory and they write good code to note a thing but don't write a test, because implementing the test is more expensive.

          You don't write a test (just) to verify that your change fixed the issue, but to ensure it doesn't regress in the future after an unrelated refactor.

      • byzantinegene 20 hours ago
        a code written to pass a test can surface unintended new bugs.
      • rustyhancock 21 hours ago
        One issue is those are the bugs you get when you write it in C++.

        They aren't the bugs you get when you write it in Rust.

        The kind of bugs you get are usually a function of the problem, language, implementation approach.

        • consp 21 hours ago
          So you get other bugs when rewriting in another language without existing tests, got it. This is why I hate all the announcements of "it is rewritten in rust so it is obviously better than the original since it passes all the tests". Edit: and it's an LLM rewrite. Add that to the pile of over hyped messaging.
          • baranul 20 hours ago
            Unfortunately, too many people are getting captured by marketing and are divorcing themselves from reality. A rewrite can be an improvement, even if in the same or any other language.

            But, there are also levels, in terms of quality and human code review, when dealing with rewrites. New bugs can be introduced or there can be style issues, that can take time to fully reveal themselves, and particularly if the person or people involved are not familiar with the other language.

      • _s_a_m_ 20 hours ago
        very naive. the runtime behavior of a rewrite should be significantly different in all kinds of unpredictable ways nobody see coming or might expect. It is a combination of language semantics, compiler behavior, operating system behavior, file system behavior, driver behavior, ..
      • rsoto2 6 hours ago
        having a large test suite does not equal to testing every potential edge scenario that has never broken before in production.
      • lukasco 17 hours ago
        So many comments here talking about the downsides. The only reason to do a rewrite is because there are massive upsides. Maybe the implicit point is that the upside (memory safety must be the biggest), isn't worth the downside (lots of bugs to be figured out before you trust it).
        • nativeit 13 hours ago
          I find a lot of HN discussions quickly turn into thought experiments and philosophical debates that largely forget the original topic. For the most part, I find this idiosyncrasy charming and entertaining, but it does frequently result in forests being missed for the trees.
    • alemanek 5 hours ago
      Not weighing in on this specific rewrite but tests are how you specify that your software works correctly. If a behavior isn’t covered by an automated test in some form you can’t assert that any given change doesn’t break it.

      I think it is completely reasonable to use a preexisting unmodified test suite to state that something is working. The larger the project the more true this becomes. Real world production scars are documented and guarded against in the test suite otherwise those lessons get lost.

      Also SQLite is legendary for its massive test suite and extensive fuzzing. They have 590x the amount of test code and scripts than normal code. Source: https://sqlite.org/testing.html

    • edelbitter 2 hours ago
      > That's where the reliability comes from

      So, we should make it easier to feed that reliability back upstream.

      Probably the most useful thing you can do with these LLM-transpilations for now: If the transpiled version passes all original tests, I can run my application test suite against it and use it to discover test coverage deficiencies in the original!

      If it crashes or otherwise observably misbehaves, I know the real project was missing regression tests for something. We could make upstream so much more resilient against accidentally breaking stuff in future updates, if only it becomes safe (offline + no side effects) and easy (if it crashes/locks, it is not from some memory safety bug from 25k transactions earlier) to run these transpiled projects as one row in our everyday integration matrix.

    • thunderbong 21 hours ago
      I agree. I also agree with the sibling reply that -

      > every time you have a bug or a regression, you write a test that confirms correct behaviour.

      What I fail to see in these rewrites however is - what about new bugs introduced by virtue of this rewrite? I mean it'll have to go through its own challenges in real-world scenarios, right?

    • nextaccountic 19 hours ago
      > I start to see a lot of these re-writes that depend on tests to state that its working.

      There's another way to validate the rewrite though. Just run both pgrust and postgres and compare the output. Know of an edge case? Run it too. Doesn't know? Use a fuzzer or some automated tool to find interesting inputs. Found an inconsistency? The input/output pair becomes a test case now

      Not sure if there's tooling for that though. If there is, just give it to Claude so they will incorporate it in their development loop

      • mahogany 3 hours ago
        > Just run both pgrust and postgres and compare the output.

        The space of inputs and outputs is infinite. You can't prove programs are the same by "just" testing a bunch inputs.

        • nextaccountic 2 hours ago
          Indeed. This approach is an improvement / augmentation over tests, not a panacea.

          Neither postgres nor pgrust have their behavior specified using formal methods. (pgrust could write some contracts using something like kani or creusot, but having upstream postgres also write contracts is a tougher sell). If they had, one could write a giant proof that said the two software essentially do the same thing (at least in a subset of environments and some simplifying assumptions)

      • 27183 7 hours ago
        > Not sure if there's tooling for that though.

        I can recommend proptest. What you're describing is a common pattern in property-based testing which basically boils down to "comparing against an oracle". In this case, postgres would be the oracle, pgrust is the system under test, and the idea is to generate strategies comprised of sequences of valid (and invalid) SQL statements and ensure the system under test behaves the same as the oracle in every case.

      • booksock 8 hours ago
        (I'm working with malisper on this) we built this too and are using it for a new version we're working on right now
    • the__alchemist 4 hours ago
      Great point. Stated another way:

      "Mom, can I have battle-tested, reliable software"

      "We have battle-tested, reliable software at home"

      Battle-tested, reliable software at home: (Pic of green text from `cargo test`)

    • xlii 20 hours ago
      As sibling mentioned - bugs and regressions are the thing that are (in a perfect world) usually covered.

      The problem however is non-covered success cases. A visualisation of the problem: let's say universe of interaction for DB consists of 10.000 SQL queries. Over 10 years various regressions were found and 2.000 SQL queries are guarded by tests. In reference implementation remaining 8.000 never surfaced over this time and it's unclear if they will work.

      And, thinking of how many various SQL queries PostgreSQL users around the world are using vs the test cases covered it's obvious that feature space isn't covered in 1% of the success ratio cases.

      Now the new, test-based implementation, has to prove it can handle remaining 99%.

    • zsoltkacsandi 20 hours ago
      Completely agree with this.

      The biggest lie of software engineering is that everything can be testable with tests. That a 100% test coverage is an indicator of quality software.

    • mrklol 21 hours ago
      And also the amount of people running it in thousands of scenarios. Not sure if these areas can be even tested for, but I guess time will tell (can observe Bun if it breaks somewhere as that’s afaik the first big AI rewrite which got into prod for masses).
      • joshka 21 hours ago
        A lot of the signal (github, forums, mailing lists, discord, etc.) can be turned into signal. Right now it's easy enough to collect. In future it will be easy enough to cluster and generate preferences, experience, etc.

        Every bug report, code change as a result, PR / commit message, PR comment that steers preferences, etc. is solid signal to generate future tests.

    • dapperdrake 15 hours ago
      "Everybody has a production system. The lucky ones also have a test system."
    • rowanG077 21 hours ago
      That's precisely what a regression test suite is for. There is a bug, you fix the bug, you add a regression test. So if the test suite is well maintained these real world production scars are reflected in the tests.
    • Lomlioto 20 hours ago
      I hope you are not true at all.

      Software like a Database should have an extensive test bench with concurrency tests, all corner cases etc.

      I'm not here running the new version on production to tell the maintainer/devs that my 'production unit tests failed'.

      What is this even for logic?

      I mean there is balance when i write tests for my production software, but my software is used by me. If i would have a library, i would test everything.

      And there was some blog post about another database system were they even virtualized the File access to test cases like when the disk controller stops working.

    • throwaway132448 21 hours ago
      Wait - does the AI rewrite the tests too? If so, lol.
    • hk__2 21 hours ago
      The test suite is the result of these years of years of running in production. Every time you fix a bug, you add a non-regression test to ensure you don’t break it again.
    • kstrauser 21 hours ago
      In a project like PostgreSQL, those scars are reflected in unit tests demonstrating that they’re fixed. It’d be hard to pass its test suite and not be as robust as the original.
      • simiones 21 hours ago
        > It’d be hard to pass its test suite and not be as robust as the original.

        This is not true, even in principle, even for Postgres itself. You'd be right to say that it'd be hard to pass the test suite and not be robust at all to some extent. But even in Postgres, I bet that you can quite easily introduce a change that will pass the whole test suite but reduce robustness compared to the latest release (for a somewhat silly example, add a call to `exit()` on a timer that's longer than the longest duration test in the suite - that will significantly reduce robustness while still passing the entire test suite).

      • dwedge 21 hours ago
        Sure but these scars/tests are from the original implementation. Just because it doesn't have issues there doesn't mean it didn't bring its own set of issues
      • ShinTakuya 21 hours ago
        This is all well and good in theory, but the number of times I've seen tests that don't actually test what they say they're testing is hard to count. Yes even when you encourage the developers to ensure the test fails first and do TDD. Tests help you ship with confidence but there's usually at least a few that are just passing by pure luck.

        So no, I wouldn't judge a rewrite as being equal just because it passes the tests. That said, I don't think that means you shouldn't do it. You just have to be pragmatic about it.

      • kelnos 21 hours ago
        Passing a regression test suite only proves that those particular regressions aren't present. It proves nothing about robustness beyond that.
      • kjs3 15 hours ago
        I dunno...I can envision something vibecoded prioritizing passing test suites producing something that does that, but isn't even functional in real-world production. Sort of like in the pre-AI world, where someone claims 'standards compliance' by way of passing compliance test suites, but can't actually interoperate well with other implementations of the standard. YMMV.
      • surajrmal 15 hours ago
        Unit tests aren't useful for rewrites, only integration tests are. So there may be missing coverage. Also many things are simply difficult to test (eg performance under very specific conditions)
        • jeltz 7 hours ago
          PostgreSQL's tests are mostly integration tests.
      • guenthert 21 hours ago
        They ought to, but are they? In https://wiki.postgresql.org/wiki/Developer_FAQ I don't see a requirement to provide a regression test for a bug fix.
        • joshka 20 hours ago
          It would be reasonably easy to audit and automate this...
          • jeltz 7 hours ago
            It is not a requirement the PostgreSQL project wants to have. It would be a heavy burden and mostly pointless.
            • joshka 2 hours ago
              If you examine what you're saying here and slippery slope it a little, examining past effort for misses and correcting them at scale is not worth doing? There are many ways that the second part of your perspective are incorrect (burden / lack of point). I bet that a coding agent could in an automated fasion find at least reasonable additions that you'd say add value and reduce potential for error long term that you'd find valuable. They've probably already done so (I don't know postgres dev at all, so just supposition here. They will 100% do so in the future.
      • tpetry 20 hours ago
        You immply that a testcase exists for every weird edge case. Especially filesystem and concurrency is things you can barely build test cases for.

        Even a 100% test coversge is far away from verifying all behaviour.

      • oblio 21 hours ago
        Edsger W. Dijkstra:

        "Program testing can be used to show the presence of bugs, but never to show their absence!"

    • Suzuran 16 hours ago
      That's not relevant though. All concerns are secondary to security and Rust is the only language with security GUARANTEES. No other language is as secure. Therefore, even the worst Rust rewrite is automatically better than the best work in any other language, because it is the only one with guaranteed security.

      If a Rust rewrite of any of your software becomes available and you aren't installing it immediately and without reservation, then you are simply not giving security the priority it both demands and deserves, and that makes you disastrously insecure. This is a serious issue that should be given all priority. There is no room for debate. Your only policies should be security before all else and compliance with those policies must be absolute and without deviation, or all is lost.

      • ianburrell 4 hours ago
        Pro: Database is perfectly secure.

        Con: The database no longer exists.

        Also, there is more to security than memory errors. SQL injection, authentication, and access rules matter. It doesn’t matter if Rust database is secure to bad data if it lets anyone in to do anything. Or if it is crashing all the time or corrupting your data.

      • queenkjuul 5 hours ago
        What if the rust rewrite uses "unsafe" on every line?
      • bbg2401 15 hours ago
        > If a Rust rewrite of any of your software becomes available and you aren't installing it immediately and without reservation

        This is silly.

        Rust is awesome, and it's hard to argue against in many domains. However, software is more than the language it is written in or the runtime serving it. Is the Rust rewrite fully compatible? Is it supported by a strong community? Is it likely to continue to be supported? Is its release cadence sensible? Is its licence compatible with your intended usage?

        There are many questions needing to be answered before making rash decisions based purely on tech.

        • Suzuran 10 hours ago
          None of those concerns approach the level of priority that must be assigned to security. On defense, your security must be perfect forever or you are absolutely defeated. None of us are on the red team. It's not a rash decision, it's the only decision that logic allows. If you are not secure, you are NOTHING.
          • jeltz 6 hours ago
            I strongly disagree. The easiest way to shut down your business is to insist on being 100% secure because the only way to have perfect security is to do nothing.

            Security is always about tradeoffs.

  • josefrichter 21 hours ago
    Why so much negativity? I find these projects interesting for learning purposes and exploring new ways. What’s wrong with that?
    • esjeon 4 hours ago
      Possibly:

      1. Piggybacking established brand names (Postgres + Rust)

      2. … without practicality nor advancement (e.g. this solves no extra problems)

      3. … without trust (i.e. LLM-driven rewrite, with no capabilities to thoroughly review it)

      I think people get easily upset when the title has high-signal names like Postgres, and the title touts it somehow, yet it’s obviously impractical for obvious reasons (short-/long-term practicality, social trust & network effect, etc)

    • piker 21 hours ago
      Because it’s uncomfortable to see decades of work copied so trivially.
      • antihero 20 hours ago
        But that's the thing, without the decades of work, it wouldn't BE trivial.

        Everyone is standing on the shoulders of those which came before. If LLMs allow us to combine the incredible decades of effort and knowledge and experiences that's gone into building something as great as Postgres, and take that and combine the experience and philosophy that has led to the creation of a language that potentially provides tangible benefits, and for far less human time and effort that it would have otherwise taken...surely something that should be celebrated as absolutely incredible?

        • jackphilson 20 hours ago
          But who is getting celebrated? The people who spent a lot of time on the original thing, or the AI rewrite that everyone now uses?
          • mayli 7 hours ago
            The people benefit from all human knowledge, future human beings.
            • waterTanuki 5 hours ago
              if only we lived in such a world
      • nasretdinov 20 hours ago
        I can trivially copy any code even without an LLM though with a simple tool called rsync!
      • alirezaxdehghan 19 hours ago
        Imagine the feelings of a dude who used to code in assembly and then some punk writes in c++ and uses gcc... decades of work wasted.
        • Apaec 11 hours ago
          That is a completely different thing than LLM generated code.
    • byzantinegene 19 hours ago
      can you enlighten me, what exactly do you learn from asking a llm to do a rewrite?
      • subarctic 4 hours ago
        I mean you can learn a lot. You can learn what's possible with less effort to build a proof of concept. It's kind of like you had another engineer do it for you, you don't completely learn how to do it yourself but you can still learn a lot with much less effort
        • mahogany 3 hours ago
          You would learn way more by asking an LLM how postgres works. Nobody is even reading this Rust code. There are 7000 commits over 2 weeks. What is being learned from that?
      • josefrichter 14 hours ago
        No, I can’t. The way you frame your question tells me you’re not seeking enlightenment.
        • solid_fuel 7 hours ago
          It's a very fair and generous way to frame the question, considering you like seeing these rewrites for "learning".
    • jillesvangurp 20 hours ago
      People feel threatened by LLMs doing things well that they feel should require their skills and talent.

      That's understandable but it's still a bit of a negative emotion that probably isn't very productive. Or very rational. This thread is full of people trying to argue that this can't be any good, shouldn't be any good, and is clearly going to end in tears. And obviously this thing passing tens of thousands of carefully curated tests that accumulated over decades suggests otherwise. It's hard to argue against that.

      This probably is going to have some new issues. But it's an impressive achievement.

      • LtWorf 6 hours ago
        Irrational fear… that's why we all collectively ditched gcc and moved to that llm rewrite made in rust right?

        The only one using feelings rather than reason here is you.

    • queoahfh 20 hours ago
      I am concerned about the quality. Even a cursory skim of the code makes the code appear asinine. Unless the genius aspects of the code elude me.

      https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

      https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

      • mataamad 19 hours ago
        This is a (slightly more typesafe) transliteration of the C code.

        https://github.com/postgres/postgres/blob/2e6578292a9184dcaa...

      • mechazawa 20 hours ago
        Yeah same. The structure makes no real sense and when digging into the code it reads like I'm the first human to look at it.
        • 0x000xca0xfe 18 hours ago
          I'm too young but I imagine assembly programmers were feeling the same when automatic code generation by compilers took over. Very weird.
          • iigijshaba 17 hours ago
            More that I got confused by the C function returning bool, not as an error value, but as a result, which is my fault for skimming it quickly.

            I have taken a closer look at the code, and it seems superficially a somewhat faithful rewrite, not quite idiomatic Rust, but closer than I anticipated at first. I know there are non-LLM rewriting tools for C to Rust, and with a test suite to help, a rewrite to Rust might be greatly helped. The new Rust code does have some drawbacks in some ways, and there are topics I am curious about.

          • philipbjorge 5 hours ago
            Wow, I would love to read an interview series based on this!!
          • u8080 16 hours ago
            I guess there also were macro-assemblers before C, so it was a bit more natural.
        • thewhitetulip 20 hours ago
          That's how Ai generated code is. I am almost convinced that Models are intentionally taught to write obtuse code because AI companies don't want us to write code at all
    • bakugo 21 hours ago
      I don't really understand how "written by AI" and "for learning purposes" can ever be compatible. What exactly does one learn from typing "Rewrite this in Rust, make no mistakes" into a terminal?
      • manquer 4 hours ago
        How much token this would burn is of interest I suppose
  • gnull 19 hours ago
    Regression tests start to play a different role with LLMs.

    On one hand, they give an LLM a short feedback loop to correct itself, and iterate fast when writing code. A human also uses it as a feedback loop, but we don't iterate as fast and don't handle big walls of conditions, so its effect is not as big.

    On the other hand, LLM's ability to handle a big wall of if-conditions can backfire if it starts taking shortcuts and taking the tests-as-a-spec too literally, overfitting the solution, overly focusing on the given datapoints (conditions checked by tests) and missing the overall behavior shape that the tests intend to pin down. For humans, this is less of a concern because we are bad at big walls of if-conditions, and we'd rather try to see the original shape that the tests are pinning down than monkey-patch the solution to fit the individual points.

    It's interesting to see how one balanced these two. In this case particularly. Maybe you could play around with separating the data you give an LLM into "training set" and "validation set", training set can be seen fully, but validation set is hidden and is only queried when the solution is deemed ready. Say, training set = original source code + half of the tests; LLM uses that for quick feedback loop. And validation set = the remaining half of the tests; test code is not shown to the LLM and run only when the LLM says it's done to catch potential overfitting of the resulting solution over training set.

    To me, the credibility of a solution like that would depend on what methodology the authors used. If they just let the LLM see all tests, I'd be skeptical (albeit unable to point out specific bugs due to the volume of work and LLM's ability to make bad things look trustworthy). The good thing is, real-life use will add new, unseen before datapoints for testing — so validation set will build up with time. Really curious to see how it will work.

    • giovannibonetti 4 hours ago
      Property testing and deterministic simulation seem like good alternatives.
  • pknerd 21 hours ago
    I am not trolling, but I have a simple question: Why? Why do I use this instead of the official build? What is the business case?
    • musicmatze 21 hours ago
      I think a business case for a "look I let an LLM rewrite a large codebase" does not exist.
      • silon42 20 hours ago
        You are now at 0.1%... now submit upstream in sensible chunks (function or maybe file/module), waiting for people to review (a few per week, maybe) and approve/merge.
    • signatoremo 6 hours ago
      Why not? The author have their own reasons to do it. Did they ask you to use it instead of the official build? It's a github repo.

      Why does there need to be a business case? They aren't selling it.

    • booksock 8 hours ago
      (I'm working with malisper on this), we are now focusing on improving many things about postgres! Some we have written about before [0], and we have much more in mind too. Malis wrote another comment about analytical workloads being 300x faster now than postgres for a version we're working on right now

      Aiming for postgres compatible database with a 2026 architecture

      [0] https://malisper.me/the-four-horsemen-behind-thousands-of-po...

      • solid_fuel 7 hours ago
        > Aiming for postgres compatible database with a 2026 architecture

        Except you didn't improve the architecture, did you? You just asked an LLM to copy what was already there. Making real improvements to the database architecture requires understanding the database architecture, not just asking a calculator to do the work for you.

        Better benchmark performance means nothing if the underlying guarantees break, and a 300x improvement sure makes me suspicious. I would look at something like this if it passes a Jepsen test, otherwise you simply will not be able to convince me that it's worth my time.

        • booksock 6 hours ago
          The version we have live right now is pre architecture changes, we wanted to make sure we could hit this milestone first. And agree about proving the underlying guarantees. It will be pretty exciting when we do
    • egorfine 20 hours ago
      It's pure virtue signaling.
    • wartywhoa23 19 hours ago
      Software raidership?
    • fragmede 20 hours ago
      Because Rust is what's cool these days. Don't you wanna be cool? Also Rust has memory safety things that C++ doesn't have, so there's a class of bugs that can't happen in the Rust version. That doesn't mean the Rust version is 100% bug free, but just that it's not vulnerable to that class of bugs. So it's a good thing for security reasons if you're running a database server somewhere that attackers could get at it. There might be performance benefits down the road if they choose to focus on that.
      • pknerd 20 hours ago
        Well, I will give 7/10 as an FYP
      • LtWorf 6 hours ago
        Rust doesn't have ACID and I'm sure this doesn't either.

        I'd like to know if the "authors" know what I'm talking about.

        • fragmede 6 hours ago
          You think that's bad, MongoDB doesn't even have schemas. Schemas!
    • fulafel 16 hours ago
      [dead]
  • krupan 30 minutes ago
    I started my programming career by porting code from one model of TI calculator to another. It was code I could not have written from scratch myself at the time. I learned a lot about the two different versions of TI Basic that the calculators used, but I didn't learn how the program really worked. I can't even remember now if it was Tetris or the tank game that I ported. Maybe it was both? That was a boring English class...

    I totally understand why porting code is fun. It's kind of like when I checked out drawing books from the library as a kid and just traced the pictures because my own attempts at drawing were so bad. It gives you a feeling of accomplishment, even though you didn't actually do anything that difficult. And you do learn some things along the way.

    Doing the same with an LLM probably gives you that similar feeling of accomplishment, even though you didn't actually do that much (sorry, hate to say it that way). I wonder if you learn even less in the process. Maybe you just learn different things.

    Now that I think about it, even writing some code from scratch with an LLM is not much different than doing a porting project. Someone else did the hard work of creating the original programs that the LLM was trained on, and now you (the LLM really) are just porting/restating what someone else did. I hadn't thought of that before

  • melodyogonna 20 hours ago
    Rust and its ecosystem needs to become more original. There are so many new problems that needs software solutions. Existing solutions that already work don't have to be rewritten in Rust.
    • pessimizer 6 hours ago
      A lot of it is actually GPL-washing and rust is the excuse.

      I'm on the rewrite it in rust bandwagon, but I secretly want to rewrite things in rust so they can be refactored and made easier to maintain and add features. So "rewrite it in rust" is just like "rewriting it in anything that I'm currently enamored with," and doing it with an LLM (defactoring?) would miss the point for me.

      rust being safe(r) just makes the rewrite less risky.

  • vips7L 16 hours ago
    I suspect the future of open source will be to never publish your tests. Or someone will just pump them into an LLM like this.
    • manquer 3 hours ago
      SQLite already does this but hasn’t stopped the rust /go clones from popping up .

      These are toy projects with no serious interest in maintaining the port long term. and even with things like bun where the port is merged it remains to be seen on maintainability over time.

  • password4321 5 hours ago
    Jepsen or GTFO.

    These days there's little chance for a new DB to build its community using network effect. If you want this to catch on, switch to manually grinding community building ASAP gold plating the experience for a specific niche (AI can guide your priorities but will hinder your comms). Otherwise, have fun building!

    • subarctic 4 hours ago
      I mean if it's actually just another Postgres, you don't have to worry about network effects as much because anyone could use it in place of Postgres. But sure, the more people you know using this, the safer it would feel to use it
  • ottavio 21 hours ago
    Why should a developer use this for anything beyond a pet project? Just because it is written in Rust?

    All these "rewritten in rust" projects only reinforce the idea that a significant part of the rust community consists of software talibans and not of engineers who must deliver something that works and is reliable over time.

    • arka2147483647 20 hours ago
      Often the biggest blocker on moving to a new programming language, is the cost of re-writing everything.

      Cue some story here on a bank or airline somewhere still relying on cobol backend servers.

      These LLM conversions really seem to make modernization of large parts software layers possible!

      • CamouflagedKiwi 20 hours ago
        I have some familiarity with the bank situation, and while a lot of them are on some very old systems (maybe COBOL, maybe something else, either way they want off it) the cost of actually re-writing the code is far from the most significant issue.

        Consider: You have a big mainframe running your tier 1 bank. Assume that you can see all the code on it, and you can feed all that to an LLM if you like. Getting it to spit out a Rust version is not what you actually want - you now have a modern language but it's still a singleton instance, so where do you run it? Most hardware doesn't give you enough uptime for what you need here, because what you actually needed was a re-architecture for distribution / failover / whatever, and while you could ask your LLM to do that you aren't going to run your bank on the result.

        • waterTanuki 5 hours ago
          > but it's still a singleton instance, so where do you run it? Most hardware doesn't give you enough uptime for what you need here, because what you actually needed was a re-architecture for distribution / failover / whatever, and while you could ask your LLM to do that you aren't going to run your bank on the result.

          If only we had a way to solve these issues with tools capable of running Rust programs in that way. I guess every company that needs distribution / failover has a mainframe sitting in their office nowadays huh?

          https://k3s.io/

          https://kubernetes.io/

          https://aws.amazon.com/

          https://www.erlang.org/

          etc.

        • jiggawatts 19 hours ago
          > while you could ask your LLM to do that you aren't going to run your bank on the result.

          Why not?

          I feel like we're entering a new era of prejudice against not a category of humans, but against non-human intelligences.

          The design patterns for distributed and fault-tolerant systems are well-known and established in the industry. Both humans and AIs are familiar with them!

          So if you sketch a design for the AI to follow, establish the rules in AGENTS.md, have a robust test suite, use a frontier model dialed up to eleven, etc... why not rely on the LLM output?

          At the end of the day, humans are not without fault either.

          I've been wading through some legacy "pre-AI" code recently and it has more bugs than a rainforest! Static fields used incorrectly, causing data races. Floating point types used for money amounts. JavaScript and SQL injection up the wazoo. Wildly unsafe password handling. So on, and so forth. This is the norm for most human-written software, not the exception.

          As a proof-of-concept, I tried an AI rewrite of one such legacy app[1], and it is not bug free, but it notably has fewer bugs than the original. Different bugs, sure, and I'll have to iron them out after a round or two of UAT, but I'm honestly more confident with what I got from the chatbot than the code inherited from humans.

          [1] Deals with money, but admittedly at a much lower level of risk and consequence than a banking app running on a mainframe.

      • BadBadJellyBean 19 hours ago
        It's not enough to do a rewrite. Someone has to maintain it. Such a huge codebase with literally zero experts is unmaintainable. There is no one who knows how the internals work.

        Sure you could keep vibe coding it but I wouldn't bet my data on that. A database needs to be rock solid.

        • 72deluxe 19 hours ago
          This seems to be the issue with using LLMs for any code generation. Even with my own code bases that I've written entirely by hand over years, if I use AI to implement anything, I don't go through the mental model of architecting it, so I don't know how it works. I can only imagine this to be far, far worse for large code bases maintained by a team of people who are all using AI.
      • geraneum 20 hours ago
        > Cue some story here on a bank or airline somewhere still relying on cobol backend servers.

        There's existing money and expertise in those environments to rewrite the whole thing, yet they don't. You may loan them free engineers/experts and they might still not rewrite anything.

        • marcus_holmes 19 hours ago
          It's a clean-cut financial decision.

          The existing system works. Yes, it costs a lot to maintain, and you could definitely reduce that if you moved to a more modern system. So now you're talking payback periods. Cost of development / maintenance cost savings per year = number of years before you pay back the project.

          Problem is, that the cost of the development is often unclear, and the maintenance cost savings, while definitely above zero, and often unclear, and approximated the numbers usually come to a payback period in decades.

          And that's without the usual tech caveats; We can't promise there won't be bugs. We can't promise deadlines will be met. We can't promise the project will succeed at all. We can't promise existing functionality will be faithfully reproduced in the new system. The normal risks around any software dev project.

          All in all, it looks really expensive and really risky compared to just doing nothing and running the same old system for another five years.

          Source: I helped do some of the maths on this for a Y2K project.

      • bjt 7 hours ago
        OK but, Postgres is not one of those clunky "we have to replace this" systems.
      • rixed 20 hours ago
        > the biggest blocker on moving to a new programming language, is the cost of re-writing everything

        In 2026, not sure if it was satire. Do some people truly believe that all their software stack has to be single tech, from device drivers to end user apps? Does that extend to remotely accessed services?

    • the__alchemist 3 hours ago
      As someone who loves Rust the language and tool set: This class of projects [LLM rewrite of a reliable piece of software honed over decades) is embarrassing.

      If you are watching this and haven't used rust: Please don't judge the language by this part of its users.

    • dixtel 21 hours ago
      > software talibans

      I will note that, very funny

      • ottavio 20 hours ago
        Well, this approach is more similar to imposing a dogma thank engineering.

        Is managing memory safely important? YES

        Is managing memory safely the solution to most of the problems? Absolutely not.

        Advocating the language ignoring everything else (having as first and only argument that the code was rewritten in rust fully qualify for this case) is dogma and not engineering.

      • cryo32 20 hours ago
        Yeah I'm using that one.

        We have a problem with software religious fundamentalists in our organisation and it's an apt description.

        • bdelmas 17 hours ago
          I actually had a lot of problems with software cult followers of influencer gurus like ThePrimeagen, Lex Fridman, Theo, etc... Those are so worst. You can't resonate with them.
          • cryo32 16 hours ago
            Trick is to ignore people who follow the cult.

            We went down the earlier Udi Dahan and DDD crap.

      • m00dy 20 hours ago
        what does it mean ?
        • exitb 20 hours ago
          Pushy fundamentalists, I suppose.
    • egorfine 20 hours ago
      > significant part of the rust community consists of software talibans

      I seriously don't get it though. Rust is a nice language, but so is X. However we don't see X people brigading existing projects with constant bombardment with "rewritten in X". What is that about Rust that prompts this behavior?

      • zeratax 18 hours ago
        what do you mean by that? were there people brigarding postgres to rewrite to rust? otherwise relative to popularity i do also constantly see posts on here about Project X rewritten in Go, Zig, C etc...
      • jackphilson 20 hours ago
        It's pretty ergonomic to agents. Like typescript.
      • colechristensen 19 hours ago
        Rust attracts zealots because of the various kinds of safety guarantees. The speed means it can replace more or less anything.

        People see the safety as a moral superiority so it attracts obnoxious zealots.

        Other languages' features and syntax aren't nearly so easy for zealots to form behind. The perception of absolute safety it puts in some people makes them crazy.

        • egorfine 19 hours ago
          This is a good point, actually. Might well be the reason.
        • waterTanuki 5 hours ago
          A more plausible explanation:

          People were told for years they can't use Rust for their new projects because it hasn't been "proven" in industry yet. So the option was to sit back and wait (chicken and egg) or move to rewrite a bunch of projects so that it could actually be "proven". Not saying this is the only reason why it happens (every language has its Zealots) but it certainly makes more sense.

          Due to the explosion of new programming languages over the past few decades your options are to either aggressively expand wherever possible or die out because you're not "proven".

    • 0dayz 18 hours ago
      How exactly are rewriting something the equivalent of being the taliban?
      • skywhopper 18 hours ago
        Because they are blowing up old monuments as part of an attempt to enforce a hardline but nonsensical purity on other people.
        • MuteXR 5 hours ago
          Except for the monument still being there, and being the main thing everyone uses still.
        • zeratax 18 hours ago
          what is the metaphorical blowing up here?
    • alex_duf 21 hours ago
      I think this shouldn't be taken too seriously, from what I understand it's an exploration of what's possible with today's LLMs.

      You're right to talk about the trend though, because what it shows is how the cost of re-writing well covered project has completely crashed, so that in itself is a learning.

      • oblio 21 hours ago
        The cost of surface level rewrites has crashed. Which will probably cover 80% of cases. Caveat emptor on which side your project falls.
        • ottavio 20 hours ago
          I have no issues recognizing that I had memory-related problems in production (I program embedded systems in C).

          But most of my issues were related to concurrency and data sanification, especially when the other end of communication fails with unexpected behavior. These bugs are nastier than memory.

          So, I have pointers, and I am not afraid to use them.

    • shawabawa3 19 hours ago
      > Why should a developer use this for anything beyond a pet project?

      If it _is_ 50% faster, then that's the reason

      Obviously like any new database it's very risky to use so probably only used for niche use cases at first, but if it turns out to be just as reliable as postgres and faster then why not?

      • LtWorf 6 hours ago
        It probably is 50% faster, probably by skipping flushing data to disk.
  • SirHackalot 6 hours ago
    I don’t trust AI rewrites, definitely not in 2026 — possibly never.
    • briandw 5 hours ago
      Code is code. It either does the job or doesn't. If there is nothing that could convince you that AI generated code is trustworthy (for whatever definition of trust) then this is an article of faith, not a rational position.
      • munchler 4 hours ago
        > Code is code. It either does the job or doesn't.

        Surely that is not the only dimension that matters when evaluating software. Maintainability and readability, for example, are crucial for any long-lived project.

        • domlebo70 3 hours ago
          Devils advocate: Are they? Why? If LLM's are capable of taking absolute crap and iterating on it to achieve a purpose, then does readability really matter?
        • briandw 4 hours ago
          “Does the job” means all of those things. Figure out what’s important, find a way to measure it (could be also be qualitative.) How does the AI generated code do? If you simply say its no good because of the way it was created, it’s not a rational decision process.
      • SirHackalot 5 hours ago
        Disagree, it’s already a leap of faith to trust even human code (which is why we try to prove code, or at the very minimum create guardrails with tests). Human reasoning itself is under doubt. It’s even more of a leap of faith (>>) to trust code generated by AI reasoning (which I can only currently call “homunculus reasoning,” it’s not inferior but it’s just got the probabilistic aspect of reasoning). People who YOLO their work to Al are practicing a different form of faith. I like knowing what my code does, and making correct predictions about it. A mental model is very important. My position is very rational, yours is faith-based. This is a technology that has many cool uses, but this is not one of those uses (in 2026). Unless the author can convince me they have as good of a mental model of this rewrite as the makers of the original source code. Maybe they do, I’m sure they would run circles around me, but I need the confidence that this isn’t going to wake me up at 3am because of some bug. And the only way I know that about PG is because I trust the creators.
  • kopirgan 55 minutes ago
    Where will this leave the c based driver which I believe is the basis for many others?
  • diziet 7 hours ago
    I love llm coding. I don't know what I am looking at here

    https://github.com/malisper/pgrust/blob/main/Cargo.lock

    What is happening.

    No PRs? No Make files? I understand running tests and debugging is the workflow, but where do you log things? How do you orchestrate builds? Etc.

    • nemothekid 6 hours ago
      `Cargo.lock` is a lockfile machine generated by Cargo. It's similar to package-lock.json. In any case, its machine generated the old fashioned way.
  • grugdev42 20 hours ago
    Neat as a pet project, but anyone thinking of using this is production is insane.

    Rewriten in Rust is becoming a meme now.

    • isatty 1 hour ago
      Been a meme for a while now. I avoid that noise on principle.
  • whartung 5 hours ago
    I just want to quibble that the 100% Postgres regression tests do not test the threaded aspect of this project, and that is a pretty fundamental architecture change.
  • voihannena 20 hours ago
    > <something> rewrite to rust using AI sound like meme now.

    https://news.ycombinator.com/item?id=48474313

  • lukasco 17 hours ago
    Quite a lot of projects are trying this "rewrite to a new language using LLM", both internally, or externally (like is here). For me, they confirm some (slightly controversial) takes.

    1. human code reviews are dead. We don't yet know what's next. Two reasons they are dead: too much code to review, and code reviewing sucks (who wants to spend their days reviewing code?) 2. Not knowing how to review LLM code is a big barrier to adoption, but bigger regression test suites (testability/evals) is almost certainly the direction. 3. There are a lot of projects that haven't moved to more modern infra because it was too hard. Now it's much easier. Sure stuff will go wrong. Sure it all has to be tested. What's new here? 4. Programming languages for LLMs are coming. 5. Projects that don't allow AI coding will be forced to come around or fade.

    Separately, bit off topic:

    New projects will often have LLMs built in, so non-determinism will be inherent in the project. No amount of code review will be able to eliminate that.

  • voidUpdate 21 hours ago
    I wonder how long this will be maintained for...
    • musicmatze 21 hours ago
      As long as tokens are cheap
  • cyberjar 20 hours ago
    I'm starting to get a bit of fatigue for these projects that boil down to just "I asked Claude to re-write this code into a new language that's in vogue right now!"

    I really don't understand why this is needed outside of an opportunity to show how impressive LLMs can be when working within large codebases, but even then people in the comments are finding bizarre implementation choices that a human developer wouldn't make. I'll stick with Postgres and its - gasp - C implementation for now, thanks.

    • rjh29 6 hours ago
      In this case it's justified because Rust allows safe implementation of threaded code. Current Postgres is per-process. Switching to threading yields performance improvements.
      • solid_fuel 1 hour ago
        > Current Postgres is per-process. Switching to threading yields performance improvements.

        Please describe in detail what you believe this means and the mechanism by which switching from processes to threads improves performance.

    • verytrivial 20 hours ago
      [dead]
  • theplumber 21 hours ago
    I think we will actually see some successful projects coming out of this. There are definitely people who want x old project in this new/better programming language and who are willing to put effort into maintaining it not just doing one off port.
  • eu-tech-tak 20 hours ago
    How is the performance compared to regular PostgreSQL?

    I know it says it is not performance optimized yet, but if this succeeds, will it only bring more "memory safety" or is there a serious performance gain as well?

    • orphea 20 hours ago

        will it only bring more "memory safety" or is there a serious performance gain as well?
      
      The project will die in a couple of days or weeks. You're making a mistake if you're seriously consider using this in any capacity.
      • eu-tech-tak 1 hour ago
        I am not considering it at all. I am simply curious if switching to Rust has any significant performance benefits or not.
      • rhogan 20 hours ago
        I also suspect this will die very shortly, which is a real shame, not because it will be beneficial but because of the time and tokens needlessly spent on something that will be thrown out.
      • emilsedgh 20 hours ago
        Maybe it will, but having a performance comparison will be very interesting nontheless.
      • vips7L 16 hours ago
        As is every slop generated project. It’s the Toy Story meme irl.

        https://knowyourmeme.com/memes/i-dont-want-to-play-with-you-...

    • guenthert 15 hours ago
      This seems to be a multi-phased project. First phase (completed) was the re-write in Rust. There doesn't seem to be a performance gain and no significant one should be expected. In a 2nd phase a new architecture is implemented which malisper claims to perform much better.

      I wished the two phases would have been tackled in reverse order.

      • solid_fuel 7 hours ago
        > I wished the two phases would have been tackled in reverse order.

        Well, tackling them in reverse order would require the humans behind this to develop an actual understanding of the existing code and architecture before starting the project, instead of just asking claude to do it. So, here we are.

    • malisper 19 hours ago
      The version in the GitHub repo is ~8x slower than Postgres. I have a new unpublished version that is 50% faster than Postgres on transactional workloads and ~300x faster on analytical workloads.
  • hkchad 8 hours ago
    X written in Rust seems like the new Hello World for LLM coding agents now.
  • rubnogueira 19 hours ago
    I think the cool thing about these projects is that even if test parity reaches 100%, some bugs are going to surface on the new project that don't exist on the original project.

    This is usually a good example of a test case that the upstream project is not covering and can be contributed back.

    Parity should be bidirectional, so definitely it is possible for both parties to benefit from it.

  • henry2023 3 hours ago
    If the underlying code ends up being a completely unreadable blob that no human will ever read why not directly do a port to assembly instead of rust?
  • Decabytes 18 hours ago
    It’s interesting to see how llms have turned the concept of rewrite it in rust, from an impossibility for some projects (code is too large and complicated, it will take too much time) to a real possibility for even large projects.
  • evil-olive 20 hours ago
    > The goal is to make Postgres easier to change from the inside

    uh-huh, sure.

    you want to show off "look what the LLM can do / look what I burned a bunch of tokens on"?

    you want to brag about how your LLM-generated slop is somehow more maintainable than the original because blah blah blah Rust?

    here [0] is the version history of Postgres. pick a version from the past. let's say 14.x because it's the most current that's still under active support.

    have your LLM implement version parity with 14.x. show off how it passes all the tests blah blah blah.

    then have it upgrade your codebase to parity with 15.x, implementing whatever new features and bugfixes that includes.

    and have it generate an automated test that demonstrates upgrading an actual database from LLM-14.x to LLM-15.x and verifying there's no data loss or corruption. maybe even multiple such tests, if you're feeling fancy.

    then lather, rinse and repeat with 16, 17, and 18.

    and show off the diffs of each version. does the LLM rewrite a huge pile of already-working code in the process of each version upgrade? does it introduce new latent bugs in the process - the kind of things the existing test suite didn't think to explicitly test for?

    "I took a static snapshot of code and converted it to another static snapshot of code" is meaningless. all you're doing is bragging about having more money than good sense.

    the stability and trustworthiness of software like Postgres does not come from a one-time snapshot showing tests passing. it comes from the engineering process that produces the software and its test suite.

    oh, and for shits and giggles, because this same test was so illuminating with the Bun "rewrite" into Rust, here is the file with the most unsafe blocks in the codebase:

        > rg -c unsafe crates/backend/parser/gram_core/src/convert_ddl.rs
        128
        > wc -l crates/backend/parser/gram_core/src/convert_ddl.rs
        2055 crates/backend/parser/gram_core/src/convert_ddl.rs
    
    why does a single 2000-line file have over 100 unsafe blocks?

    why is the parser unsafe at all?!?

    0: https://en.wikipedia.org/wiki/PostgreSQL#Release_history

    • tgv 20 hours ago
      It's not just unsafe, it's this:

          let r = unsafe { &*p };
      
      It looks as if it's building structs out of information in (mutable pointers) to other structs without an Rc in sight. Which makes sense for a C parser: you've got a table with data, so you just link to it. It's fast, and when you know you're not going to touch it, it's safe. But this doesn't make the Rust code any better than the C code.
      • malisper 18 hours ago
        Note that the code I believe you are referring to is from the parser which was generated with c2rust. The Postgres parser is generated from yacc/bison so rather than try to rewrite it idiomatically, I did so mechanically.
      • ykonstant 19 hours ago
        Genius! Rewrite Postgres in Rust by rewriting Rust in C!
    • malisper 18 hours ago
      > why is the parser unsafe at all?!?

      The parser was generated by c2rust. The Postgres parser is generated from yacc/bison itself so I didn't bother making it idiomatic.

  • ZiiS 21 hours ago
    What would be interesting is if they found a memory unsafe bug. Postgres is a perfect case study of 30 years of C with a bit of CPP; if rewriting in a safer language didn't find anything...
    • derdi 20 hours ago
      I would expect Postgres to be heavily tested with things like Valgrind and various sanitizers. I'd be surprised if there were low-hanging fruit. But also, if there is code that does something fishy with pointers, wouldn't the AI likely paper over it by adding an unsafe block in the Rust version, preserving the same fishiness? It's hard to know how hard it would try to prove that the original is broken.
    • pknerd 15 hours ago
      > What would be interesting is if they found a memory unsafe bug

      They will ask relevant Claude skill.md

    • whatever1 21 hours ago
      You are exactly right. There is no freaking way there was no unsafe behavior in a code case of the size of Postgres.

      In fact from a porting effort this is the first blog post I would expect. Not that the hey we successfully did it.

  • 0xferruccio 6 hours ago
    Super impressive! Remember talking with Michael about his experience with Citus at Heap and reading his blog posts on Postgres

    Super cool to see him working on this now, almost 10 years later

  • dzonga 7 hours ago
    codebase full of code that wouldn't fly in production.

    I ain't no Rustacean - but 'unsafe' calls all over.

  • kburman 5 hours ago
    `seams` is the new emdash
  • bigwhite 3 hours ago
    First bun, now it's PG's turn again, although this isn't official.

    I have a feeling that AI is rewriting everything!

    • gchamonlive 2 hours ago
      And they'll reproduce virtually the same problems, because code was never a primary issue for output. Products reflect organizational problems, which AI can't solve.
  • fukaiall 5 hours ago
    Rust feels like the just right language to produce all those slops of AI and the language itself. Great to promote yourself as a productive engineer, but at the end of the day you’re just reinforcing the statement that AI and the language itself are great, not you.
  • tormeh 21 hours ago
    Woah! AGPL? That's interesting. I think Postgres has shown an open source SQL server didn't need a copy-left license to develop sustainably, so I'm not entirely aure about that, but I do like the license in general.
    • Ameo 21 hours ago
      When the software consists entirely of ~$1000 worth of Claude credits and ~40 hours of developer time prompting and curating it, literally what does it matter what license the resulting 100k LoC artifact is provided under?

      Copyleft and the whole software licensing ecosystem only matter when producing that software actually requires serious human effort and dedication.

      • ncruces 21 hours ago
        Also can the code even be copyrighted?

        For my machine translation of SQLite to Go I added this to the README as to licencing:

        Most of the code here is machine translated using wasm2go. As such, the original authors retain copyright and the original licenses remain in effect. Everything else is licensed under MIT-0.

        The translator (wasm2go) has a licence chosen by, and a copyright notice from, me. Makes no sense for the translated code.

        • wasting_time 16 hours ago
          I do the same for translated code. It's not creative work which is a prerequisite for being copyrightable.

          And avoid relying on direct LLM output for actual work to make sure I don't accidentally include some regurgitated snippet from an incompatible license.

          It helps that LLMs struggle to write good, idiomatic code in my language of choice.

      • marcus_holmes 19 hours ago
        > Copyleft and the whole software licensing ecosystem are only applicable when producing software that actually required human effort.

        Fixed that for you. Code generated by an LLM is not copyrightable (because copyright only protects human effort), so the codebase is automatically public domain and cannot be licensed at all.

        They could theoretically copyright the prompts that they used, but as that's not part of the output, and the output doesn't deterministically arise from those prompts, they'd struggle to use that to back a copyright claim.

  • krater23 4 hours ago
    It's silly, nearby all Rust projects are rewrites of existing projects and now as you don't need to learn Rust to do rewrites, people just let the AI rewrite projects in Rust.
  • mstaoru 19 hours ago
    Great! Now ask it to rewrite it in CSS!
  • flanked-evergl 21 hours ago
    What is the future of this? Code is not the same as a viable open-source project with a community, contributors, advocates, users and funding, even if it's perfect code.

    Even though I'm sure it won't be easy to convince the Postgres project to switch to Rust, I do think that trying would be time better spent.

  • pojzon 7 hours ago
    Till its used in prod for few years and polished, I wont touch that.

    Too many things tests wont catch.

  • mebcitto 21 hours ago
    Does it support the extension ecosystem? Or would extensions need to be rewritten as well?
    • malisper 19 hours ago
      It is theoretically possible to have a Rust port of Postgres support extensions. If you make all the relevant functions and structures ABI compatible with Postgres, extensions should work. The issue is the moment you're dealing with C pointers and C strings, pretty much all the code you have to write is unsafe.
      • mebcitto 19 hours ago
        Perhaps pure pgrx extensions would make sense as a first target?
    • jeltz 6 hours ago
      They would need to be rewritten as there is no formal extension API. Extensions can call into almost any part of PostgreSQL.
    • ZiiS 21 hours ago
      They would need rewriting (a few are included)
  • znpy 21 hours ago
    Is this another llm-driven rewrite?

    I wonder how many "unsafe" blocks are in there...

    • queoahfh 21 hours ago
      From what I skimmed manually, not that many, but the code itself seems labyrinthical. Like, why have both Rust Try-supporting Error-like tagged union, but also booleans, for error handling, in the same function?

      https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

      https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

      • malisper 19 hours ago
        I'm not sure what you mean? The rust code you're showing mimics the Postgres code: https://github.com/postgres/postgres/blob/2e6578292a9184dcaa...

        The boolean being returned is the return value of the function. It's not used to return an error.

        • iigijshaba 17 hours ago
          Now that I have taken a closer look, the code looks significantly better than it seemed at first glance, though there are still peculiarities, and some drawbacks.

          An unfortunate aspect is that the code has become a bit more bloated in some regards due to usage of Result, instead of an implicit elog() macro and similar. Passing Result around, in some ways as an alternative to an unwinding exception, is cleaner in some ways, but it also bloats the code somewhat.

          The rewrite also could have simpler code in some cases, like

          https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

          could perhaps just be

          match syscache_seams::search_pg_class_full_form::call(ctx.mcx(), relationId)? {

                  Some(form) => Ok(form.relhassubclass),
          
                  None => {
          
                      Err(ereport(ERROR)
                          .errmsg(format!("cache lookup failed for relation {relationId}"))
                          .into_error())
          
                  }
          
              }
          
          but that is a smaller thing.

          I see a lot of MemoryContext. I am not sure how much that bloats the code (though the C code is bloated due to C's issues and problems, like re-using collections and such). Does it incur an overhead?

          • malisper 12 hours ago
            > The rewrite also could have simpler code in some cases

            The Rust code is a literal translation of the Postgres code which returns the value at the end instead of an early return.

            > I see a lot of MemoryContext

            MemoryContext in C is used for multiple reasons: 1) performance 2) keeping track of how much memory has been allocated and where and 3) preventing memory leaks.

            Reasons 1 and 2 are still relevant for Rust. The challenge is in C memory contexts are stored in a global variable. Global variables don't work well with the rust borrow checker so I opted for passing memory contexts as function arguments instead.

        • iigijshaba 18 hours ago
          Sorry, I wrongly assumed in the C code when I skimmed it that the boolean was for error handling, not the result value. The elog() macro is used for error handling.
  • queoahfh 21 hours ago
    What a peculiar kind of rewrite.

    Rust:

    https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

    Original:

    https://github.com/postgres/postgres/blob/df293aed46e3133df3...

    Usage:

    https://github.com/malisper/pgrust/blob/3646a73515a5e4ac7d0b...

    The return type in the rewrite is both some sort of Error tagged union that supports the Try machinery in Rust; but, it also contains a boolean that apparently must be checked; or something. It seems labyrinthical and possibly broken and terrible.

    • khuey 20 hours ago
      I make no claim as to whether the change makes sense given that I didn't look at the callers of this function, but Result<bool> is an entirely reasonable pattern in Rust. If you want the callers to be able to distinguish between "has the subclass", "doesn't have the subclass", and "something went wrong" this is idiomatic Rust.
      • queoahfh 18 hours ago
        I wrongly guessed that the boolean in the original C code was for error handling when I skimmed it, but instead it is just a result value, while elog() and related macros/functions are used for general error handling in the C version. I agree that it makes sense in Rust and other languages with tagged unions.

        Though often when applicable, a simple tagged union is used instead when that would document the intention better. Like, the Rust version of search_pg_class_full_form::call() returns a Some for cache hit and None for cache miss as far as I can skim, and that group of methods returning that could arguably have returned a basic enum instead with CacheHit(value) and CacheMiss. Though this is a nitpick on my part.

    • pdevr 20 hours ago
      It is a feature in Rust, not a bug :-) (I know you didn't say it is a bug.)

      The error-tagged union is PgResult<bool> - which means it contains bool as the result if things go well. (The other part in the union is of course the error.)

      In the original function also, it is returning a boolean: "bool has_subclass".

      So anyway you have to check for the boolean as part of the logic. That is what it is doing.

      • queoahfh 20 hours ago
        Yes, but the original boolean seems to have been used for error handling, and the tagged union is also used for error handling. Why have both simultaneously in the same function instead of just one of the two?

        Edit: Looking at the code again, perhaps I was mistaken, since the boolean might not have been for error handling, just the result of the function, and C's limitations regarding error handling led it to using something like elog(), apparently a macro defined in https://github.com/postgres/postgres/blob/master/src/include... .

  • empiricus 21 hours ago
    Now which one is safer? A new Postgres written in Rust, or the original real world tested Postgres?
    • raverbashing 21 hours ago
      Also, are they calling it Postgrust?
      • reddit_clone 7 hours ago
        That made me laugh.

        This thread is enumerating all the same talking points of both sides.

  • Xmd5a 20 hours ago
    Rust is a stripper
  • nalekberov 7 hours ago
    I don’t understand these rewrites, honestly, what is the point? Who have had any C++ related issues while working with Postgres?
  • scotty79 20 hours ago
    Rewrites in Rust are kinda impressive. This language with its move semantics and close ownership tracking is very different from every other language. To create a rewrite in it, you have to rearchitect the code. There is not as much freedom there when it comes to where to keep what and where you can pass what as it is in other languages.
  • jstrong 19 hours ago
    but did they change the process-per-connection model? if not, wtf??
    • rjh29 6 hours ago
      Yes, see top comment.
  • sneak 20 hours ago
    Now do Freetype and libtiff/libpng/etc.

    I have privately wondered for years, pre-AI, why Apple hadn’t paid some engineers to go off and write some comprehensive test suites and then port these to Swift. It would shut down entire swaths of memory safety bugs they have been coping with for literally decades. SO MANY of the zeroclick iOS exploits can be traced to a few fragile and vulnerable foss libraries, xkcd 2347 style.

  • CleitonAugusto 5 hours ago
    [flagged]
  • gokulrajaram 4 hours ago
    [flagged]
  • minraws 21 hours ago
    [dead]
  • grougnax 20 hours ago
    [dead]
  • ronfriedhaber 21 hours ago
    The great Jarred Sumner pulled it off with bun, whether it can be pulled of with Postgres is an open question..

    DST systems such as Antithesis can definitely help.

  • satvikpendem 21 hours ago
    We had one for SQLite (which is SQL-ite btw, not SQ-Lite which doesn't make any sense) via Turso, no wonder we see the same for Postgres. Personally I do want to see libraries be in as much memory safe languages as possible.
    • dxdm 20 hours ago
      How do you know it's not SQL-lite with the single L serving a double role?

      Common pronunciations allow you to stay perfectly ambiguous about where the L goes, which aligns quite well with the name as spelled. If you do it right, nobody can tell if you're saying sequel-ite or sequel-lite or seque-lite on the one hand, or S-Q-L-ite or S-Q-L-lite or S-Q-lite on the other.

      AFAIK there is no official word on how the name is intended to be read or said.

      • richie_adler 14 hours ago
        Richard Hipp says he doesn't care how anybody pronunces it. That said, he pronounces it "S-Q-L-ite".
      • satvikpendem 11 hours ago
        Because the creator himself said it's an -ite suffix similar to minerals like bauxite, not -lite.
        • dxdm 10 hours ago
          Interesting, thanks for mentioning that. I've always wondered about the origins of the name, never found anything, but now with your mention of "mineral" I was able to find this:

          > (Hipp) How do I pronounce the name of the product? I say S-Q-L-ite, like a mineral.

          > But I also hear a lot people say, "Sequel lite and SQL lite." You know, I don't care. Whatever comes off of your tongue easily is fine with me.

          > (Q) But the official correct way is S-Q-L-ite?

          > (Hipp) Yes, like a mineral.

          https://www.listennotes.com/podcasts/the-changelog/why-sqlit...

          So, he means SQL-ite, but doesn't want to proscribe this as the only way people should say it. I like all of that.

          Maybe we should follow his example.