What you’ll learn:
- What is Rust?
- Where is Rust being used?
- Why Rust support is critical to the compiler’s success.
Rust is a relatively new programming language compared to the likes of C and C++, but it has garnered lots of interest. Rust is one of the few languages that can be written for “acceptable” Linux device drivers. C is the usual choice.
Rust is being used in production applications and, as noted, in Linux. It has a presence in web and cloud applications and services as well. The language works for bare-metal systems and real-time applications. What Rust has lacked up to now is long-term support and certification for use in application spaces such as automotive and medical.
The Ferrocene Compiler
One of the companies working to change that is Ferrous Systems. It’s similar to other vendors in the C programming space that provide a supported version of the compiler. The company has also open-sourced its Rust compiler, Ferrocene. Target applications include security, automotive, and industrial that require ISO 26262 and IEC 61508 certification, which can be handled by its rustc compiler.
Ferrous Systems’ compiler is related to the Rust compiler maintained by the Rust Infrastructure Team. Now both are available as open source, not just the main Rust compiler. Rust is downstream from the Rust project.
When using Rust, the main difference from a company’s perspective revolves around who will maintain and support the tool. With standard Rust, you’re on your own. Of course, you’re in the same boat if using Ferrocene on github.com, but you will need to work with Ferrous Systems if you want long-term support. The advantage is the github version is available for anyone to try.
Like most software tools, Ferrocene is sold on a subscription basis. There are support plans to address certification requirements. This is where Ferrocene differs from the standard rustc compiler. The upcoming Ferrocene 23.06.0 release will be qualified according to ISO 26262 (ASIL D) and IEC 61508 (SIL 4), although 23.06.1 will be the first version that’s completely open source.
I talked with Ferrous Systems’ Jonathan Pallant about using Rust in embedded and bare-metal systems (watch video below).
Ada/SPARK vs. Rust
As many readers know, I’ve long been a supporter of Ada and SPARK. SPARK is a variant of Ada that allows programs to be statically proven correct, addressing many of the issues Rust tries to handle. I still think that SPARK is the best way to go for applications that require high reliability, but Rust would be my second choice. Rust does some things better than Ada/SPARK including checking memory usage.
Both Ada/SPARK and Rust compilers require programmers to be more specific in their code so that the compiler can determine when the programmer is trying to do something that’s not right. Languages such as C and C++ put this onus on the programmer, who tends to make mistakes.
Unlike C++, Rust has its own syntax that’s not compatible with C. Rust can coexist with other programming languages and it works with most popular IDEs and operating systems. I won’t go into more language details, but I do want to note that Rust takes different approaches to things like polymorphism and memory management.
Given that many security- and safety-related problems are related to bugs in applications, the use of a programming language like Rust is critical because it places more of the checking in the compiler’s hands. Having a certified compiler enhances this aspect.
Similar to C, Ferrocence is unlikely to be the only certified solution in the future. C obviously has an embedded base that’s not going away. However, like other technology areas such as RISC-V, the future use of new tools can enhance the solutions we’re trying to develop.