Article Details

Rust core library partly polished for industrial safety spec. Ferrous Systems achieves IEC 61508 (SIL 2) certification for systems that demand reliability. Memory-safe Rust code can now be more broadly applied in devices that require electronic system safety, at least as measured by International Electrotechnical Commission (IEC) standards. The latest update to Ferrocene, an open source Rust compiler toolchain for safety-and mission-critical systems, comes with IEC 61508 (SIL 2) certification for portions of the core library. "Rust is impractical to run in embedded or safety-critical environments without core, and core can't be certified without rigorous validation using toolchains like Ferrocene," said Florian Gilcher, managing director at Ferrous Systems, in a blog post. "This release reaffirms our commitment to providing modern Rust compilers – and now certified libraries – to meet the needs of the safety-critical world." Stamping out memory safety bugs has become a priority for those concerned with the security of public and private sector systems. But developing for embedded systems still largely involves the use of C or C++ code, which face memory safety challenges – an issue that a new C/C++ compiler called Fil-C may address. The certification of a portion of the Rust core library has the potential to bring more Rust code to regulated industries. The programming language's strong memory safety guarantees should help reduce memory-related errors and improve the stability of associated applications, assuming new bugs aren't introduced along the way. SIL represents Safety Integrity Level, a measure of system safety performance. It summarizes the probability of failure on demand, where SIL 4 represents the most dependable and SIL 1 represents the least. The SIL 4 designation is appropriate for systems that require maximum reliability because failures have the potential for mass casualties – think nuclear reactor controls or railway systems. SIL 3 tends to be applied to systems that pose a high risk during failure, such as chemical engineering kit, medical devices, or oxygen sensors. SIL 2 might be applied to industrial robots. And SIL 1 would work for CCTV cameras or building lighting. Certification firm TÜV SÜD has already blessed the Ferrocene toolchain for safety-focused development based on ISO 26262 (ASIL D), IEC 61508 (SIL 3), and IEC 62304 (Class C). The outfit also supports qualification efforts to reach assurance levels SIL 4 and DO-178C (DAL C). With the help of partners Sonair and Kiteshield, Ferrocene devs have certified a substantial subset of the core library so that it meets the IEC 61508 (SIL 2) standard. The Ferrocene-certified core subset provides developers with access to types and functions such as: Option, Clone, str, pointers, and most primitives, such as slices. It's intended to be used for qualified development targets like x86_64 Linux, x86_64 or Armv8-A QNX Neutrino, or RTOS on Armv8-A or Armv7E-M. Sonair is using Ferrocene for acoustic detection and ranging (ADAR) in robots sporting Armv8-A and an Armv7E-M subsystem. Kiteshield is developing a Rust-based Ultra-Wideband safety system for mining that's designed to prevent collisions between manually operated and autonomous machinery.