[electromech]

No mention of Ferrocene other than a "further reading" bullet point at the end. Are they using it? Does that help with respect to getting a device safety certified?

From https://ferrocene.dev:

> ISO26262 (ASIL D), IEC 61508 (SIL 4) and IEC 62304 available targetting Linux, QNX Neutrino or your choice of RTOS.

The article also mentions one of those standards:

> Sonair is developing a safety-certified device (IEC 61508 and SIL2).

[Xylakant]

Disclaimer: I’m one of the founders of Ferrous Systems, the company behind Ferrocene.

One of the goals when certifying Ferrocene was that it serves as a drop in replacement for rustc. So while we’re happy if you start out building your product with Ferrocene (and have made our pricing model compatible with that) - going the route of “rustc first, then slot in Ferrocene” is entirely supported. There are also sometimes good reasons to pick that approach - Ferrocene is much more limited in terms of target support and while we may have a timeline to deliver the target you need in the qualification level you need, we might not ship it yet (though we usually can enable Support relatively quickly)

That said, I’m quite confident that using Ferrocene gives you a faster route to certification than trying on your own. I’d not be surprised if we hear from them.

[jdiez17]

Thank you for your work on Ferrocene! I particularly appreciate that you're open about the price, at least for a starter license.

We're using Rust for space applications, and while we don't have a need to certify our software yet, we'll keep Ferrocene in mind for the future.

EDIT: Oh, the Ferrocene compiler is fully open source. I didn't expect that!

[Xylakant]

We’d also be more open about the rest of the plans, but it’s a hard information design problem more than anything else - the website desperately needs an update. Too much to do and too little time. If I just didn’t spend so much time around here ;)

The compiler being open source is not the big thing - it’s mostly upstream rustc with very little modification. However, all of the safety manuals are open too, so you can see what you’ll get.

I see that you’re from Berlin - if you’re interested in a chat, ping us.

[jdiez17]

> Too much to do and too little time. If I just didn’t spend so much time around here ;)

Heh, very relatable :)

> I see that you’re from Berlin - if you’re interested in a chat, ping us.

I also just saw you're based in Berlin. Will definitely ping you when I'm back. Particularly interested in your "Rust Experts" offering.

One question about Rust safety certification in general:

How do you deal with dependency sprawl? For example, if you write a basic async program with Tokio and friends you may end up depending on >200 crates. Would you our your clients certify them one by one? Are they much more picky with which dependencies they "take on"?

[Xylakant]

Dependencies. Hard topic. The question is less about the numbers, but rather in the amount of code you pull in. In the end, every line needs to be certified. The team that wrote sudo-rs blogged about their approach here https://www.memorysafety.org/blog/reducing-dependencies-in-s...

Essentially, expand your use for initial development and whittle down later as much as possible.

That said, Tokio is not going to be a good certification candidate - but that’s a topic for a longer conversation. (TL;DR: The Tokio project has aims and goals that are good for their use, but problematic when it comes to writing safety certified software)

[jdiez17]

That makes a lot of sense, thanks!

[nostradumbasp]

Really glad you all are out there doing what you do. In my opinion it is the most important thing for Rusts long term success and longevity. No clue what the costs are like for running on Ferrocene but maybe one day I will have a project that'd benefit from it.

[Xylakant]

So the cost for the basic level (quality managed, one target architecture) are pretty low - about 240 EUR/human per year. CI runners are free. Certification material is billed separately to allow speculative and experimental usage. You only pay for it if and when you need it.

A lot of projects can benefit from that level of assurance since we have a different support tier policy than upstream Rust, that is: we treat different targets as Tier 1. And you get signed installers for windows etc.

Also, with the upcoming CRA legislation, using a quality managed toolchain will make your life easier - one part you don’t have to manage.

[nostradumbasp]

That is incredibly reasonable pricing thank you for being open to sharing. Hoping one day we talk from a business perspective. Cheers

[torotime]

We are already talking :)