Announcement

**fitzie** · 05 October 2023, 05:26 PM

"safety-critical" is the new buzzword to get your products into highly regulated industries.

I will not use it unless it's has a formal proof.

**kpedersen** · 05 October 2023, 05:48 PM

Before anyone gets too excited:

It is a proper downstream of the main Rust compiler - rustc

So not a "proper" vendor implementation.

So far there is still only one full implementation. The GCC one is coming along but I believe is missing the key feature of the borrow checker.

**jacob** · 05 October 2023, 07:29 PM

Originally posted by kpedersen View Post

Before anyone gets too excited:

So not a "proper" vendor implementation.

So far there is still only one full implementation. The GCC one is coming along but I believe is missing the key feature of the borrow checker.

Why should it have to be a full clean-sheet reimplementation? It seems to me that being a downstream version of rustc is a much better solution, it minimises compatibility issues, reduces the development and maintenance costs for them (and thus for the users), and ultimately the target users don't care about a separate compiler, they care about the certification documentation.

**domih** · 05 October 2023, 07:54 PM

Originally posted by fitzie View Post

"safety-critical" is the new buzzword to get your products into highly regulated industries.

I will not use it unless it's has a formal proof.

Yes but a formal proof of security includes validating the handling of all the data coming from the "outside" across all the execution paths.

Plus something kinda of SQL-PreparedStatement-like thingy but at the language compiler or interpreter level.

Quite a challenge.

**piotrj3** · 05 October 2023, 07:58 PM

Originally posted by fitzie View Post

"safety-critical" is the new buzzword to get your products into highly regulated industries.

I will not use it unless it's has a formal proof.

such thing doesn't exist.

There is always "trust me" moment on boundary layers with operating system or hardware.

Also "formal proof" most people is only formal proof of some kind of safety not safety entirly in all means.

**Quackdoc** · 05 October 2023, 08:03 PM

glad to see this finally releasing, I know a lot of work went into this and around it for the validation

**Ironmask** · 05 October 2023, 08:33 PM

Originally posted by kpedersen View Post

So not a "proper" vendor implementation.

So far there is still only one full implementation. The GCC one is coming along but I believe is missing the key feature of the borrow checker.

This instance of a standards-approved safety critical language is a bit different than your usual one. Whereas most language toolchains are riddled with bugs and undefined behavior, either entirely missed or, if someone did find it, it's marked as "TODO" or "WONTFIX", Rust by default cannot express undefined behavior (outside of unsafe blocks). As the Ferrocene project itself stated, the standard Rust implementation is already plenty safe by virtue of being Rust combined with the efforts of the project team, they're basically just doing the whole song-and-dance to make it industry-approved with a proper vetting, although one far less required than anything written in other languages.

**fitzie** · 05 October 2023, 10:01 PM

Originally posted by jacob View Post

Why should it have to be a full clean-sheet reimplementation? It seems to me that being a downstream version of rustc is a much better solution, it minimises compatibility issues, reduces the development and maintenance costs for them (and thus for the users), and ultimately the target users don't care about a separate compiler, they care about the certification documentation.

this is just a tax on software development, pushed by big cyber for revenue, and gov't for lobbying dollars. and this is all knocking on the door of opensource, there's discussion of making opensource developers liable for security of projects, and this is starting to pop up more and more in conversation, including on lkml.

that being said, this shop seems to be a bunch of solid rust guys trying to offer a decent offering, but look at their pitch:

For its first release, Ferrocene 23.06 is a ISO 26262 (ASIL D) and IEC 61508 (SIL 4) qualified version of the existing open-source compiler, rustc, based on Rust 1.68.

We plan to work on standards like DO-178C, ISO 21434, and IEC 62278 in the future.

Does this sound like a technical offering? Nope, it's just certifications to make paper pushers happy. As long as the money raised goes into the technology and programmers pockets, and not some lobbying interest I'll be happy, but this slope is getting slippery.

**Quackdoc** · 05 October 2023, 11:09 PM

Originally posted by fitzie View Post

this is just a tax on software development, pushed by big cyber for revenue, and gov't for lobbying dollars. and this is all knocking on the door of opensource, there's discussion of making opensource developers liable for security of projects, and this is starting to pop up more and more in conversation, including on lkml.

that being said, this shop seems to be a bunch of solid rust guys trying to offer a decent offering, but look at their pitch:

Does this sound like a technical offering? Nope, it's just certifications to make paper pushers happy. As long as the money raised goes into the technology and programmers pockets, and not some lobbying interest I'll be happy, but this slope is getting slippery.

not quite. when it comes to actual safety critical, as in one bug, one behavior that isnt perfectly replicable, can and in many cases, will kill people, you need to go to absurd lengths, things need to be tighter then a nuns cunt. you need to go to extereme lengths for validation and verification, which is what ferrocene is for. think things like airplanes

Announcement

Ferrocene Safety-Critical Rust Compiler Code Published

Ferrocene Safety-Critical Rust Compiler Code Published

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment