Hacker News new | ask | show | jobs
by steveklabnik 338 days ago
A language specification is not required to be qualified. The behavior of the compiler needs to be described.

https://rust-lang.github.io/fls/

This is effectively a fork of the Rust Reference, made by Ferrous, and laid out in a way that allowed the compiler to be qualified. It now lives at this URL, because it's being adopted by upstream as the spec.
1 comments
MaxBarraclough 337 days ago
Sounds like progress is being made on the language spec front, that's good to see.

I'm not following what you meant by this though, it seems like a contradiction:

> A language specification is not required to be qualified. The behavior of the compiler needs to be described.

But they're putting work into reviving the language spec, to enable certification? Also, if the source language hasn't been described, then surely the compiler's behaviour hasn't been described.

Or did you mean that their documentation is for the Ferrous flavour of Rust and might not reflect the latest version of the Rust language?

link
steveklabnik 336 days ago
> to enable certification

It has already been qualified. Upstream has always wanted a spec. It’s being worked on because it’s desirable, not because it’s blocking safety critical cases.

You’re always going to need to have more than a language spec because you qualify compilers not languages.

> Also, if the source language hasn't been described, then surely the compiler's behaviour hasn't been described.

It has. At least to the degree that regulators find it acceptable.

> Or did you mean that their documentation is for the Ferrous flavour of Rust and might not reflect the latest version of the Rust language?

There is no difference in flavors, but it is true that each version of the spec is for a specific version of the compiler, and so sometimes that will lag a bit. But that’s just how this process works.

link
eggy 333 days ago
I considered two things when choosing SPARK2014 over Rust: field-proven legacy apps and a language spec tied to the tooling AND the compiler.

A qualified compiler doesn't speak to the tooling built around it and how those need to be tied to the spec.

link
steveklabnik 333 days ago
> A qualified compiler doesn't speak to the tooling built around it and how those need to be tied to the spec.

I don’t understand. That’s a requirement for qualification.

link
eggy 330 days ago
Yes, but a qualified compiler is but one of many pieces in having an ecosystem/tooling for creating, testing, and having high-integrity applications reviewed and certified. A couple of the industries we are elbowing in on, are already familiar with the type of reports generated by the AdaCore tooling. Ada has a decades-long history in safety-critical systems (e.g., Boeing, Airbus, NASA), with proven reliability in real-time, embedded applications.

AdaCore’s GNAT Pro suite includes qualified tools (e.g., GNAT Pro, CodePeer, GNATcheck) that support traceability, code coverage, and certification evidence for standards like MISRA, DO-178C, and EN 50128. These are battle-tested in aerospace, defense, and medical applications.

Ada is defined by an ISO standard, specifically ISO/IEC 8652. The latest revision, as of 2025, is Ada 2022 (ISO/IEC 8652:2023), which includes updates to the language features. Ada is also recognized as an ANSI standard through its adoption by the American National Standards Institute, aligning with the ISO specification. The standard defines the language’s syntax, semantics, and features, ensuring consistency across implementations including compilers.

Rust’s safety guarantees prevent many runtime errors, but its approach relies more on programmer discipline vs. Ada/SPARK2014's "correct by construction" methodology. Ada is designed for real-time systems, with built-in features like tasking, protected objects, and precise control over timing (e.g., Ravenscar profile), optimized for cyber-physical systems.

Excuse my verbosity, but I pulled a few things from our tech pitch deck, and a little of the above is in our business plan as well that I copy/pasted.

Two great books if you're interested:

Analysable Real-Time Systems: Programmed in Ada (2016)

Building High Integrity Applications with SPARK (2015)

link
steveklabnik 330 days ago
Ah, I thought we were talking about the language, not the broader way it fits into everything else.

I am familiar with all of this stuff :) I think you may be under-estimating Rust a bit. But that’s fine.

Incidentally, you can also get a Rust qualified compiler from AdaCore. I haven’t kept up with what specific standards they’ve qualified it against though.

link
MaxBarraclough 336 days ago
Thanks for the reply. Interesting developments for the language.
link