Rust in critical environments
Reading: Officially Qualified - Ferrocene, Nov 2023.
Rust can now be used to develop software for electronic systems in series production road vehicles [… and also] in electronic programmable systems in the industrial sector.
Ferrocene is the Rust tool chain (for example, the compiler but not the core libraries), except it has been "qualified”.
It’s qualified with two international standards, ISO 26262 (“Road vehicles – Functional safety”) and IEC 61508 (“Functional Safety of Electronic Safety-related Systems”, which is broader than automotive).
It’s similar to Linux distributions, in that Ferrocene is offered with support. It’s a commercial down-stream re-packaging with changes which are themselves open-source, delivered back to the Rust project. Which is cool.
I find this interesting for two reason:
- I’ve very happy someone is looking at this to make computers-on-wheels (a.k.a “cars”) and industrial machines safer; and
- Maybe this will make Rust great for medical / health devices.
Your application stills needs to be certified too, but at least you have a foundation to build on.
What’s different compared to standard Rust? Aside from support, as far as I can tell the only extra bits are targets, namely LynxOS-178 (a proprietary real-time OS) plus the builds and tests around that.
The Rust language spec they’ve qualified is in the Ferrocene documentation.
Update 24 June 2024: There’s a Safety-Critical Rust Consortium.