Safety critical Rust (finally) qualified

Rust is one of the prime candidates for safety-critical systems.

And it looks like it is finally coming of age πŸ™‚

After long and arduous work, Ferrous systems have released open source safety-critical qualified Rust compiler.
Check below announcement for more information:

https://ferrous-systems.com/blog/ferrocene-open-source/

But what is qualified tool

Those who are involved in safety critical work β€” and I claim no expertise here β€” know that one of the bigger ‘pains’ is to have qualified safety-critical tools to use.

For a ‘regular’ developer most of the tools are taken for granted like compilers, operating systems, frameworks, etc. Bugs and undefined behaviors1 are expected to exist and even used as ‘optimizations’2.

While determinism, quality, and reliability are desired, they often take a back seat to features, speed of delivery, and user experience.

But if you work on safety critical systems, it is vice-versa.
One of your biggest needs is a proof of deterministic behavior.

And there is a simple analogy.
If a houseβ€” or even more critically, a skyscraper β€” lacks a stable foundation, it’s only a matter of time before something catastrophic occurs.
You need and want proof (as much as feasible) that your foundations are stable. And you generally want that reputable company with reputable build process makes your foundations.

That is what qualification means in practice.
You want a tool that you can rely on where you will not be nasty surprised in a worst possible moment3.

And now Rust got its ‘reputable’ badge for use in safety critical systems.

Speed-up move to modern languages

There is also another reason why I’m Optimistic on Rust and new modern languages.

C and C++ are great languages for their uses, performance and low-level. C is a glorified assembly, and C++ gives you million ways to write bad or wrong code and only few good ones.

To use C and C++ in safety critical environment, you are severely restricted how you can apply those languages. Just check MISRA or AUTOSAR4 rules for writing automotive-grade quality code.

And even then you must use different set of tools (static and dynamic analyzers, linters, etc) just to make sure that you haven’t done offset +1 in memory access, or to implicitly do wrong typecast.

Long time ago I considered myself as a ‘quite good’ at C++, but then the more I learned, the less I knew 5 πŸ˜€

If you need to put so many restrictions and constantly invent different ways how to stop people making almost invisible mistakes in a language, that means that you need to reconsider do you really need to step into that mine-field6.

And all of the hoops significantly slow the actual development time.

So lets see what future will bring7 πŸ™‚

  1. https://en.cppreference.com/w/c/language/behavior β†©οΈŽ
  2. https://alexpolt.github.io/undefined.html β†©οΈŽ
  3. https://www.motortrend.com/news/nhtsa-tesla-autopilot-investigation-shutoff-crash/ β†©οΈŽ
  4. https://www.autosar.org/news-events/detail?tx_news_pi1%5Baction%5D=detail&tx_news_pi1%5Bcontroller%5D=News&tx_news_pi1%5Bnews%5D=39&cHash=e4f521f7b674bdfd7c1fade308cf2ea8 β†©οΈŽ
  5. “Within C++, there is a much smaller and cleaner language struggling to get out” – Bjarne Stroustrup β†©οΈŽ
  6. Of course, C and C++ are highly used languages and have a great applications (just look in CERN or Linux kernel). But they should be not and are not applicable everywhere as the learning curve is high and space for errors even higher β†©οΈŽ
  7. Greetings to team Trust at VCC doing great work for production grade Rust in actual car πŸ™‚ β†©οΈŽ

Old is new again (at least on the web)

I came across a comprehensive analysis of all the β€˜inovations’ in full-stack development, which can be found at https://www.bitecode.dev/p/hype-cycles. It brought back some fun memories πŸ™‚

Every few years, I found myself needing or wanting to create a website. This involved trying to use “best” tools and frameworks for the job that everyone was hyping at the time

Yet, each time, I found myself gravitating back to good old WordPress, with a sprinkle of jQuery or a lightweight framework.

Why?

Well, I felt β€˜stupid’ that it took so much time to set up a simple CRUD website using these supposedly “modern” tools.

The rule: simple task needs simple tools, always πŸ™‚

Weekly breakdown – 22w49d1

Programming

https://faultlore.com/blah/c-isnt-a-language/

Have you ever had luck/cry/luck to maintain C++ ABI compatibility between different linkable codebases, and found it fun? πŸ™‚

The more I worked with C, the more quirks popped up. Some fun, some not-so-much.

This text is a must read to anyone trying to maintain compatibility between platforms with useful insights from the wild.

And very rare praise to Microsoft as de-facto kings in platform backward compatibility.

https://stackoverflow.com/questions/7825055/what-does-the-operator-do-in-c

While we are still on C language and its quirks, what ??!??! operator does in C? πŸ™‚

I would not be surprised if this popped up as a question on ‘good’ interviews, which I would like to steer clear.

Recommended Tools

https://github.com/include-what-you-use/include-what-you-use

I came across this tool long time ago and found it quite handy, especially when working in C++ codebase.

Why? It has potential to one-time reduce your compile time insanely, by just removing include lines that have zero references from current code.
This is quite handy in C++ to limit number of translation units to be compiled, especially when small change in one header triggers big-but-unnecessary re-compilation chain.
And there is insane amount of header-only libraries or code-heavy headers that will exponentially fast increase compile time if not being careful what you include.

News

https://www.theregister.com/2022/10/31/opinion_column_relevance_in_business/

Interesting opinion about staying relevant with FOSS.

Weekly breakdown – 22w32d1

Programming

https://nnethercote.github.io/2022/07/27/twenty-years-of-valgrind.html

For the ones writing low-level and/or in ‘unsafe’ languages, Valgrind is one of the tool suites to use regularly.

Linked text from one of the creators of Valgrind provides brief of its interesting history, and more importantly, links to high quality papers describing how Valgrind actually works under the hood and is able to to what it does.

Note that Valgrind is not the only good tool that Nicholas and Julian have made.

Security

https://arstechnica.com/information-technology/2022/07/researchers-unpack-unkillable-uefi-rootkit-that-survives-os-reinstalls/

This is expected development since obfuscation-as-a-security method failed spectacularly in hack of Intel Management Engine in the motherboard chip-sets.

News

https://www.bloomberg.com/news/articles/2022-07-25/porsches-postponed-by-buggy-software-cost-vw-s-ceo-his-job

One of the first big names in car industry to be ‘eaten’ by software.

As all modern car manufacturers are moving to become software first company, they are also learning hard lessons that:

Current state of software engineering is less engineering and more craftsmanship, with all its implications on quality, planning, timelines and ‘manufacturing’.

The software craftsmanship is a separate topic for another day πŸ™‚