This sounds very good. Rust has inherent "x-th mover" problems in spaces where C or C++ is dominant and hard to replace, like automotive and aerospace. These are also the spaces where a language with stronger guarantees and which can target embedded real time devices, is more useful than almost everywhere else.
For rust to succeed in those spaces a "community compiler" is just simply not an option. Having a standardized language (which is still not there yet) with a qualified compiler toolchain would be a significant step forward and actually makes it perspectively possible to use rust on projects for commercial aviation.
IMO a standardize language isn't necessary. Pretty much no C compilers actually follow the C standard exactly (including verified ones). Also it's not like the C standard actually prescribes behavior in lots of cases. Tons of C is UB or implementation defined behavior.
To some extent you certainly need a standardized language and I don't think having rustc as the "defacto" standard is in any way acceptable to use it on an airplane.
A compiler not complying with the standard is also not that problematic, as long as the deviation is known. UB should be avoided under all circumstances, but it is inherent to any language as spread out as C.
> To some extent you certainly need a standardized language
Because we're talking standards, precise wording is important. You do not need a standardized language in order to produce a qualified compiler.
> I don't think having rustc as the "defacto" standard is in any way acceptable to use it on an airplane.
This is true but not because it's a "defacto standard," it is because rustc does not fulfill the requirements to be qualified. Ferrocene, on the other hand, does.
> A compiler not complying with the standard is also not that problematic, as long as the deviation is known.
You're correct here, but that's directly in conflict with the "you need a standardized language," which is why I'd disagree with that portion of what you've said here.
On the specific point of standardization. I do not see how you could get a language without a standard into an aircraft.
The Ferrocene guy mentioned that they worked on some formalization of rust, probably because tracability without it seems sonewhat impossible and maybe that is already enough for the FAA/EASA.
But you said it yourself: deviation from a standard is fine. There is no requirement that there is some sort of upstream standard that must be adhered to.
I do not think it is possible to use rust on a commetcial airplane, above DAL E. See the DO-178(B) 11.8 a.
"For a programming language, reference the data that unambigously defines the syntax, the control behaviour, the data behaviour and side-effects of the language".
If the language has no standard, like rust, you have to essentially create a standard. Afaik rust has no documentation which satisfies those requirements in any way.
I don't think that we're understanding each other, so I'm going to leave it for this post. But this supports what I am saying. This does not say "For a programming language, it must have an ISO standard, and the implementation must be in full compliance with the standard."
> Afaik rust has no documentation which satisfies those requirements in any way.
That is correct, Rust does not. Ferrocene does. And that's perfectly fine according to the requirements.
Is there FAA/EASA certified rust SW on a commercial airplane above DAL E? If not ferrocene potentially does.
>For a programming language, it must have an ISO standard
Which is also not what I am saying. It is obviously not important that it is an ISO standard (the DO certainly has no such Requirement), but you need some documentation which specifies the language. For C/C++ that is trivial, as it is standardized, for rust it isn't.
I fully agree that you can conform to the DO by having a company like Ferrocene which provides that documentation. And that has a compiler toolchain which states how it complies with the specification. And I am glad that they are doing this, as this is a step in the right direction.
I am glad that we are in agreement. Your final paragraphs are what I have been saying, in response to you saying "I do not see how you could get a language without a standard into an aircraft."
> Is there FAA/EASA certified rust SW on a commercial airplane above DAL E?
> Lynx Software Technologies (Lynx) the leader in delivering solutions for the Mission Critical Edge, today announced that its LynxOS-178 operating system and LynxElement unikernel will include support for Rust... LynxOS-178 is a native POSIX, hard real-time partitioning operating system developed and certified to FAA DO-178C DAL A safety standards.
So the interest is there, at least, but given that Ferrocene is currently only qualified for ISO 26262 and IEC 61508, with DO-178C, ISO 21434, and IEC 62278 being listed as "in the future," I am guessing that's something desired, but not true yet.
> If not ferrocene potentially does.
Yes, to be clear I meant conceptually, in a way that the Rust Project does not, and I would be willing to bet money that it never will. Not that it has passed that bar presently.
For rust to succeed in those spaces a "community compiler" is just simply not an option. Having a standardized language (which is still not there yet) with a qualified compiler toolchain would be a significant step forward and actually makes it perspectively possible to use rust on projects for commercial aviation.