AdaCore and Ferrous Systems partner to develop mission critical Rust -

AdaCore and Ferrous Systems partner to develop mission critical Rust

AdaCore and Ferrous Systems have joined forces to develop a safety-qualified Rust toolchain for mission- and safety-critical applications.


AdaCore has formed a strategic partnership with Rust programming language specialist Ferrous Systems, in order to further develop Ferrous Systems’ Ferrocene Rust toolchain to support embedded mission and safety critical applications, and to qualify it under relevant industry software safety standards.

Interest in and usage of Rust is growing in industrial applications, but for safety-critical markets, such as automotive, aerospace, and defense, there is currently no safety-certified Rust toolchain. The Ferrocene partnership will support the qualification needs of customers who would like to integrate the emerging Rust language technology into their safety-critical applications.

Rust emerged about a decade ago with the goal of improving industry-wide programming practices towards higher reliability. Over the years, the technology evolved and is now appealing to the high-integrity embedded markets such as automotive. Hence Ferrous Systems was formed in Germany by a number of Rust community members, aimed at providing safety-critical and certified toolchains for Rust users through its Ferrocene technology.

Quentin Ochem - Adacore
Quentin Ochem

AdaCore has been supporting the safety and mission critical industries with Ada as well as other programming languages and toolchains for over 25 years. In a joint blog, Quentin Ochem, product management and business development lead at Adacore, and Florian Gilcher, managing director of Ferrous Systems said their two separate approaches were solving the same problem, and they realized the two companies shared a fundamental understanding and approach both from a technical and business standpoint. They said Ferrous Systems and Adacore have the same desire to support programmers with better languages, the same commitment to open-source software, the same drive towards facilitating software certification, all with very similar technologies. They added, “And both companies came to the same conclusion: by working together, we could more quickly bring a safety-certified Rust toolchain to the high integrity market.”

Hence the newly formed partnership aims to jointly develop Ferrocene, a safety-qualified Rust toolchain aimed at supporting the needs of various regulated markets, such as automotive, avionics, space, and railway. For Ferrous Systems, Ferrocene is an opportunity to leverage its Rust technical expertise and their relationship with the Rust community to turn the language into a “first-class citizen for mission- and safety-critical embedded software development”. For AdaCore, this effort complements its long-standing Ada commitment and offers an opportunity to extend to the Rust community the expertise developed around safety-certified Ada toolchains.

Florian Gilcher - Ferrous Systems
Florian Gilcher

Gilcher said, “During our investigations and interviews with potential partners, we spoke to a lot of organizations evaluating their future programming stack. In many of those evaluations, Ada is on the table. We see two reasons: Ada’s approach of structured, down to the detail and ultimately safe programming is a tradition that Rust puts itself in. The second is that Ada has things to bring to the table that Rust is not yet able to provide. Ferrous Systems has the core ethos of trusting our clients to make good engineering decisions. Our job is to help them make those decisions even better. We serve those organizations better by providing them with the freedom to choose, without compromise.”

He adds, “Rust is successful through a lot of ambition. There’s trust and track record that even in the places where it isn’t quite there yet, it will eventually be. Ada is also an ambitious language: through careful maintenance and additions, it is currently the best language for highly safe development – particularly through the formally verifiable SPARK subset. Enabling a bridge between two ecosystems with such overlapping ideas brings a lot of value. Working with AdaCore allows us to close gaps very fast. Imagine a library being written and validated in SPARK being used in Rust code transparently. Beyond that, AdaCore brings a lot of experience and tools for ensuring the safety of C and C++ code, and code generators such as QGen.”

Specifically, the joint work means qualifying the Ferrocene Rust compiler according to various safety standards, an effort that will eventually include the development and qualification of the necessary dynamic and static analysis tools. Ferrous Systems and AdaCore are also looking at safety-certified libraries, including language support (libcore) or additional user libraries. They are aiming at targeting various architectures and operating systems relevant to these markets. This vision will take time to come to fruition, and Ferrous Systems and AdaCore said they are poised to start by focusing on some specific aspects. “Eventually, our objective is to support Rust as comprehensively as any other programming language relevant for high integrity application development,” they conclude in their blog.

While their initial work will be focused on pure Rust applications, the companies said their long-term commitment to Rust and Ada extends to developers who will be using both languages at the same time. Hence, they will be looking at interoperability between them, including, in particular, the idea of developing bi-directional binding generators. They added, “We are also looking at using that interoperability ourselves, perhaps by developing formally proven and certified libraries in SPARK to be used by both Ada and Rust users.”

Related Content:

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.