Ferrous Systems, a technical consultant agency, recently announced in a blog post that they plan to qualify the Rust language and compiler for use in safety critical software domains. These include the automotive, industrial, robotics, medical, and avionics industries. The company calls their project Sealed Rust. Because the aforementioned industries require strict safety standards, Rust’s current build cannot compete with the likes of C, Ada, and C++. These three languages have already gone through the necessary specifications, paper work, and certifications required to be recognized as a viable language for critical systems development. The thrust of the team’s pitch for Rust as a critical systems language is not directly written in their blog post, rather you’ll find it in Rust’s ethos.
What Rust proposes, based on an article we wrote on the topic, is:
C++ control without all of the safety issues like segfaults, null pointers, buffer overflows, and many other security nightmares that C++ developers have to wrestle with. Its unique selling point is the checking system that yells out error messages on compilation time, which the aging C++ language does not do. Errors seem like a minor enhancement from the viewpoint of web developers, but for low-level programmers, being warned about improper memory allocation can mean the difference between broken code and production-ready code.
Allowing Rust to gain exposure in fields that have been predominantly known for C/C++ , would allow it to validate what the language sets out to do. Rust was first announced in 2010 as an alternative to C, but 9 years later it’s not gained much traction. Based on recent stats, Go has long supplanted Rust as the most popular C++ alternative. The slow adoption caused the Rust community to reflect about the state of Rust in 2019, and a slogan of “slow and steady progress” began to emerge.
Ferrous Systems seems to have taken on this mantle with gusto because the team outlined a plan that they readily admit will take years to come to fruition. The team stated:
We believe that this is a process that will take a significant amount of time and effort to see realized, but something we choose to do for the long term value we believe this will provide to both the Rust Programming Language, as well as industries developing safety critical software. We also see this process not only as a theoretical possibility, but a task that can be realized in the scale of the next few years.
One can also look at this pitch from a cynical standpoint. Ferrous Systems is a for-profit Rust consultant company that may boost their revenues if they gain clients in industries that will require their expertise. But there’s nothing wrong with proving a language’s commercial viability and making a few bucks on the side. Success in gaining the proper safety compliance can put Rust ahead of Go and cement Rust as a language concerned about safety in a world where safety is constantly in jeopardy.
Whether or not the company will ever make money from this endeavor is a moot point if they don’t have any to start with in the first place. The company plans to fund this project through public funding grants, investments, and loans. This will not be a self funded project, as one of the founders claimed in a Hacker News comment, “…people doing the organizational legwork (such as running the company, keeping the office tidy, making sure there’s enough coffee) need to be paid. Standards documents need to be paid. This isn’t something we as a 6-people company can self-fund…”
The biggest question, aside from funding, is if Rust will ever be in demand once the Sealed Rust operation is completed. Is the investment in learning a new language worth the benefits that Rust offers? In the same Hacker News comment, one of the founders of Ferrous Systems both assuaged this concern and echoed the Rust community’s current slow-and-steady ethos:
On the other side, we’ve been at embedded conferences (even before ferrous as a company was a thing), talking to people in the automobile, robotics and aerospace sector and the question of “is this certified/certifiable” has come up quite a few times. There’s definite interest in finding a replacement for C in that space, and that’s where rust could shine. It’s certainly early, but this is not a project that will come to fruition in the short run. It’s something that rust could profit from in a decade.