Rust for CPython

The Python community has long wrestled with the trade‑off between the language’s simplicity and the low‑level bugs that inevitably surface in a C‑based interpreter. A recent discussion on the Python Discourse forum proposes a bold shift: introducing Rust into CPython.

"We propose introducing the Rust programming language to CPython… Rust will initially only be allowed for writing optional extension modules, but eventually will become a required dependency of CPython and allowed to be used throughout the CPython code base." – Source: https://discuss.python.org/t/pre-pep-rust-for-cpython/104906

Why Rust?

Rust’s ownership model guarantees memory safety by preventing out‑of‑bounds accesses and use‑after‑free bugs at compile time. The RustBelt project has formally verified these guarantees for safe Rust code. In practice, large systems such as the Linux kernel, Android, and Firefox have already re‑written critical components in Rust and report fewer crashes and security vulnerabilities.

Beyond safety, Rust enforces thread safety: data races are caught during compilation. With Python’s upcoming free‑threaded GIL‑less runtime, a thread‑safe core becomes essential. Rust’s standard library offers zero‑cost abstractions—Vectors, HashMaps, Mutexes—allowing developers to write high‑performance code without manual memory gymnastics.

A Gradual Migration Path

  1. Optional Rust modules – The first step is to add Rust‑based extension modules to the Modules/ directory, compiled only when a Rust toolchain is available.
  2. cpython-sys crate – A dedicated Rust crate will expose CPython’s C API via bindgen, generating FFI bindings automatically. Unsafe code will be confined to the FFI boundary, while core logic remains safe.
  3. Progressive core refactoring – Over time, performance‑critical or safety‑critical parts of the interpreter (e.g., string hashing, reference counting) can be rewritten in Rust, gradually reducing the C footprint.
  4. Required Rust dependency – Eventually, Rust will become a mandatory build requirement, mirroring how Python already requires a C compiler.

This staged approach gives maintainers time to adapt tooling, training, and documentation. A migration guide and a dedicated Rust experts team are planned to support contributors.

Build System Considerations

Rust’s Cargo brings powerful dependency management and cross‑compilation support. However, CPython’s existing build pipeline (autoconf, Make, distutils) relies on a flexible, script‑driven process. Integrating Cargo will require:

  • Vendoring dependencies to avoid runtime downloads.
  • Build script coordination so that Cargo can communicate ABI information to downstream tools.
  • Incremental builds that keep iteration times low; early experiments show that Rust’s incremental compiler can match C’s speed in many cases.

The proposal acknowledges potential build‑time overhead and suggests keeping the Rust component lean to preserve fast feedback loops.

Community and Ecosystem Impact

  • Extension authors already write a significant portion of new modules in Rust; bringing this into CPython encourages a larger contributor base familiar with Rust.
  • Security: Rust’s guarantees translate directly into fewer segfaults and memory‑corruption bugs, a hard‑to‑prove advantage for a language that often runs in untrusted environments.
  • Performance: Zero‑cost abstractions and efficient concurrency can lead to measurable speedups in CPython’s core, as demonstrated by the proof‑of‑concept _base64 module.

The discussion also touches on concerns about bootstrapping—Rust requires a working compiler, which in turn depends on a Python runtime. The plan is to negotiate with the Rust core team to mitigate this circularity.

Visualizing the Proposal

![Rust for CPython proposal diagram](


alt="Article illustration 1"
loading="lazy">

)

The image above illustrates the layered architecture: Rust modules sit atop the existing C API, interfacing through generated bindings, while the core interpreter gradually moves into Rust.

Conclusion

Adopting Rust does not signal a wholesale rewrite of CPython; it is a strategic augmentation that leverages Rust’s safety and performance without abandoning the language’s heritage. By starting with optional modules and moving toward a required dependency, the Python community can harness Rust’s strengths while preserving the rapid iteration and broad compatibility that have defined Python’s success.

Source: https://discuss.python.org/t/pre-pep-rust-for-cpython/104906