|
|
|
|
|
|
by im_down_w_otp
3118 days ago
|
|
|
We're using Rust in building safety-critical runtime software for autonomous vehicles precisely because we do care about these kinds of things for non-R&D products. We have many experiments showing how trivially easy it is to write MISRA compliant C, that normally passes muster for "safety-critical" in automotive, which is horribly unsafe, but for which analogous Rust fails to even compile. We're also working to go many steps beyond ISO 26262 in terms of process and process verification. To the point that we're going to attempt to have a formally verified development lifecycle in addition to as much of the software that comes out of it being formally verified as well. We're not stopping at formal verification for the software or process either due to fairly glaring gaps/shortcomings in the methods available today. |
|
|