HN Debrief

Postgres rewritten in Rust, now passing 100% of the Postgres regression tests

  • AI
  • Databases
  • Open Source
  • Programming
  • Developer Tools

The repo is a Rust rewrite of PostgreSQL that currently passes 100% of PostgreSQL’s regression tests. The author said the public branch is still about 8x slower than Postgres, but an unpublished version now uses a thread-per-connection design, batch execution, and a columnar format. That version is claimed to be 50% faster on Percona TPC-C style transactional benchmarks and roughly 300x faster on analytical workloads, landing around 2x slower than ClickHouse on ClickBench. The project was built with heavy AI assistance, starting from a c2rust translation and then rewriting crates into more idiomatic Rust.

Treat this as a serious experiment in using AI plus strong test suites to move a giant legacy codebase, not as a production-ready database. If this pattern matters to your team, the next thing to watch is differential testing, crash and concurrency validation, extension compatibility, and whether the project can sustain maintenance beyond a flashy first milestone.

Discussion mood

Impressed by the technical feat, but overwhelmingly skeptical about trust, maintainability, and production readiness. The biggest reasons were that passing Postgres regression tests does not validate durability or concurrency under real-world failure, the code was heavily AI-generated, the public branch is still slower, and extension and long-term maintenance stories are weak.

Key insights

  1. 01

    Review shifts from commits to evals

    For an AI-heavy rewrite, line-by-line review of thousands of generated commits is the wrong control point. The useful review surface is the architecture, the contracts between components, and the quality of testing, fuzzing, and oracles around the parts that guard ACID guarantees. Several people also pointed out that Rust’s type system can encode some of those contracts directly, which lets humans spend their attention on corruption-risk code instead of commodity translation work.

    If your team adopts agents for large rewrites, budget less for traditional PR review and more for test oracle design, fuzzing, mutation testing, and explicit interface contracts. Keep the human experts on transaction, storage, and recovery paths where a subtle miss becomes data loss.

      Attribution:
    • booksock #1
    • fpgaminer #1
    • erichocean #1
  2. 02

    The benchmark story is narrower than it sounds

    The eye-catching speed claims apply to an unpublished branch, not the public repo, and they come from specific benchmarks rather than broad parity. The public code is still around 8x slower than PostgreSQL. The faster branch is claimed to win on Percona sysbench TPC-C style transactional tests and ClickBench style analytics because it changes execution strategy with batching, prefetching, columnar storage, and parallelism. That makes the numbers more plausible, but it also means readers should not confuse a passing rewrite milestone with a ready-made faster Postgres.

    Do not evaluate this as 'Rust Postgres is 50% faster.' Evaluate it as an experimental new engine that happens to speak a Postgres-compatible surface. Ask for reproducible benchmark configs and durability settings before using the numbers in any decision.

      Attribution:
    • levkk #1
    • LtWorf #1
    • malisper #1 #2
  3. 03

    Threading changes the risk surface too

    Moving from PostgreSQL’s process-per-connection model to threads is not just an optimization choice. It changes failure isolation. One bad extension or memory error can move from killing a backend process to threatening the whole server. That tradeoff matters less in a world with fewer unsafe extensions and more memory-safe code, but it does not disappear. Several people also noted that existing regression tests do not really exercise the threaded architecture itself, which is one of the biggest changes in the project.

    When a rewrite changes isolation boundaries, treat that as a product decision, not an implementation detail. Add fault injection and extension crash tests that specifically probe what now fails per thread, per process, or cluster-wide.

      Attribution:
    • toast0 #1
    • happyPersonR #1
    • lukasco #1
    • SirHackalot #1
  4. 04

    Extensions are the real compatibility wall

    PostgreSQL’s extension story is deeply tied to internal C interfaces, not a narrow stable plugin API. That means a Rust reimplementation is not truly Postgres-compatible just because SQL behavior matches. To support the existing ecosystem, it would need ABI compatibility with C functions and data structures or a migration path that gets extension authors onto something like pgrx. The author acknowledged that doing this pulls unsafe C pointers and strings right back into the system.

    If your business depends on Postgres extensions, treat extension compatibility as a first-class go or no-go criterion. SQL parity alone is not enough for a migration plan.

      Attribution:
    • jeltz #1
    • malisper #1
  5. 05

    The interesting part is the engine redesign

    The most credible path to value here is not the language port. It is the shift toward a more modern analytical engine behind a Postgres-compatible interface. The author and another builder working on δx both pointed to the same ingredients behind ClickHouse-like performance: columnar layout, vectorized execution, pipelining, filter pushdown, bloom filters, and especially better parallel algorithms and hash tables. That lines up with what successful hybrid OLTP and OLAP systems have actually done.

    If you are building around Postgres, look past language debates and focus on execution model changes that can deliver real workload gains. Compatibility on the wire is useful, but the business value comes from storage and execution architecture.

      Attribution:
    • tudorg #1 #2
    • malisper #1 #2
  6. 06

    Massive commit volume breaks old trust signals

    A repo with more than 7000 commits in under a month makes normal open source trust heuristics stop working. You cannot skim history and infer care from the shape of the work the way you can with a human-scale project. The author’s description of orchestrating many subagents explains how that volume happened, but it also reinforces why observers asked for process documentation instead of asking people to inspect commit logs. In this model, provenance is no longer legible from the history alone.

    If you publish AI-generated infrastructure code, document the workflow, testing gates, and acceptance criteria up front. Otherwise outsiders will assume the repo is opaque by default, even if the end result is solid.

      Attribution:
    • malisper #1
    • dirkc #1

Against the grain

  1. 01

    Regression suites still carry real value

    A few people pushed back on the blanket dismissal of test parity. PostgreSQL’s regression tests encode a large amount of hard-won production knowledge, and a rewrite that passes them is not meaningless theater. It proves that a lot of real behavior survived translation. The mistake is treating that as sufficient evidence for production use. It is meaningful evidence, just not the whole case.

    Do not throw out inherited test suites as if they are mere cosmetics. Use them as the baseline, then layer differential tests, crash tests, and real workload validation on top.

      Attribution:
    • alemanek #1
    • hk__2 #1
    • rowanG077 #1
    • kstrauser #1
  2. 02

    AI code quality depends on the operator

    Some commenters rejected the reflex to bucket all AI-generated code together as slop. Their point was practical. Model quality, harness design, and especially how rigorously the human driver verifies outputs all change the result. A careful engineer can use AI and still review architecture and code in depth. The problem is not that the code came from a model. The problem is assuming generation itself is verification.

    Set process standards around validation instead of blanket source prejudice. If you use agents internally, judge the output by reproducibility, tests, and maintainability, not by whether a human typed every line.

      Attribution:
    • colordrops #1 #2 #3
  3. 03

    A Rust port might not reveal memory bugs

    The expected payoff of rewriting C in Rust is often framed as exposing hidden memory unsafety, but that may not happen here. PostgreSQL is already heavily tested with tools like Valgrind and sanitizers, and a mechanical port can preserve dubious pointer logic inside unsafe blocks instead of eliminating it. In that case, the rewrite may change syntax more than it changes the actual bug surface.

    If your thesis for a rewrite is memory safety, measure how much unsafe behavior was actually removed or isolated. A Rust label is not enough if the dangerous logic was simply wrapped and carried forward.

      Attribution:
    • derdi #1
    • whatever1 #1

In plain english

ABI
Application binary interface, the low-level calling and data layout rules that allow compiled components to work together.
ACID
The core database guarantees of atomicity, consistency, isolation, and durability.
bison
GNU Bison, a parser generator compatible with yacc grammars.
c2rust
A tool that mechanically translates C code into Rust code.
ClickBench
A benchmark suite used to compare analytical query performance across database systems.
ClickHouse
An open source column-oriented database known for very fast analytical query performance.
columnar format
A way of storing data by columns instead of rows, which is often faster for analytical queries.
crash recovery
A database’s ability to return to a correct state after a crash or abrupt shutdown.
differential testing
Testing two implementations with the same inputs and comparing their outputs to find mismatches.
filter pushdown
An optimization where filtering is applied as early as possible to avoid processing unnecessary data.
fuzzing
A testing technique that feeds many unexpected or random inputs into software to trigger crashes, security issues, or logic bugs.
Jepsen
A testing approach and toolset for finding correctness bugs in distributed systems by injecting failures and checking guarantees.
OLAP
Online analytical processing, workloads focused on large scans and aggregations for reporting or analysis.
OLTP
Online transaction processing, workloads made of many small reads and writes such as application transactions.
pgrx
A Rust framework for writing PostgreSQL extensions.
Postgres
PostgreSQL, a widely used open source relational database.
PostgreSQL
A widely used open source relational database system, often shortened to Postgres.
regression suite
A collection of tests that check whether software still behaves correctly after changes, especially for previously fixed bugs.
Rust
A systems programming language designed to provide strong memory safety guarantees through compile-time checks.
TPC-C
A standard benchmark that simulates transactional database workloads such as order entry and inventory updates.
unsafe
A Rust language feature that allows operations the compiler cannot fully verify for safety, such as raw pointer manipulation.
vectorized execution
A query execution approach that processes batches of values at once instead of one row at a time.
yacc
Yet Another Compiler Compiler, a tool for generating parsers from grammar definitions.

Reference links

Project and benchmark references

Related database projects and proposals

Author background and methodology

Testing and validation resources