CHANNELS

Aerospace

Automotive

Automated & Autonomous Vehicles

Battery & Electrification Technology

Defense

Drone TV

Electronics

Manufacturing & Prototyping

Materials

Medical

Motion Control

RF & Microwave Technology

Robotics & Automation

Sensors & IoT

Test & Measurement

Aerospace
Automotive
Automated & Autonomous Vehicles
Battery & Electrification Technology
Defense
Drone TV
Electronics
Manufacturing & Prototyping
Materials
Medical
Motion Control
RF & Microwave Technology
Robotics & Automation
Sensors & IoT
Test & Measurement
Aerospace & Defense
Search Results

Accelerating Rust Adoption for Maintaining Safety and Security of External Code

As embedded systems in safety-critical industries become increasingly complex, the demand for reliability, security, and maintainability has never been higher. The need for safer, efficient, and more reliable solutions is now an urgent necessity. Rust, coupled with the qualified Ferrocene toolchain, is poised to meet this need. As regulatory requirements tighten and software complexity grows, Rust is poised to become increasingly integral in safety-critical domains. In this interview, Florian Gilcher, Managing Director and Co-Founder, Ferrous Systems, discusses the benefits and challenges of Rust adoption.

Topics:
Automation Automotive Medical Robotics
Transcript

00:00:01 Hello and welcome to our expert insight video series. I'm Chadra Setti, editorial director at SA Media Group. As embedded systems in safety critical industries become increasingly complex, the demand for reliability, security, and maintainability has never been higher. Rust coupled with the qualified Ferosine tool chain is poised to meet this need. Joining us today is Florian

00:00:24 Gilchshire, managing director and co-founder at fair systems, who will discuss the benefits and challenges of Rust adoption. Welcome Florian. Hello. Thanks for having me. So for how are regulations uh shaping software practices and and why is rust gaining traction? I think these two things go hand in hand a little. I'll start with the second

00:00:47 part first. Why is Rust gaining traction? There's an increased desire in software stability but also in efficiency. And Rust has arrived at the right moment to present a programming language that is both energy saving, efficient, close to the metal as people say, but is very much on the safe side of programming. So you can't do any

00:01:12 accidental nefarious things with the language and open up security holes. Regulation is kind of a counterpart to that. So what we're seeing is because regulators first of all are looking more at software. Software bugs are becoming an increasingly bigger problem at a grand scope even at a national scope or an international scope. And so they're looking at what the current baseline of

00:01:39 technology is and they're saying, "Oh, we're now seeing that even in tiny devices, memory constraint devices, there's now solutions uh available that are as safe as things that we uh are using on the servers for like 20 years. So why not actually mandate that those solutions should be used or that if you're not using them, you're at least putting equivalent checks in place that

00:02:04 you're raising your quality bar to at least that level. And how does Rust support secure software supply chains? So Rust is more than just a programming language in the sense that um when it was constructed um it was not only just the compiler tooling but also the whole tooling around it. It comes out of a generation of programming languages where management of for example all all

00:02:28 of the libraries that you're using is part of the scope. So Rust comes with tooling for example that's there's a tool called cargo that manages all of your dependencies. That means you have a whole list of what you're depending on and can then for example do additional vetting on them. and the whole language and the whole tool set is aware of that process and can do cross checks between

00:02:51 all of those libraries and see if calling from this library into this library properly works. So it has this whole picture in mind and additionally it comes with by default with tooling that is usually third party tooling in languages we like for example C and C++ where you adding where there's for example a tool shipped with the Rust compiler called

00:03:13 Clippy that will check your code for for example patterns that could be improved or whe there's a better pattern available or whether there's a more performant pattern available. the thing that's usually called the llinter. One thing I have to say though is um this talked about C and C++. One of the things is that this habit of Rust shipping a whole tool chain is actually

00:03:37 now something that is also coming up in the C and C++ world. So for example, LLDM also ships uh such warnings and and checks with that for C and C++. Got it. And Rust is often coupled with ferosine. What is ferroine and why does it matter? So, Ferosine is the tool chain that Ferris systems ships which is completely based on the Rust compiler tool chain, the one that the Rust project ships, but

00:04:07 with additional work being done on it to do a so-called qualification, which I always describe as this is a process of making sure that your gut feeling that you have something that is safe and good to use is actually correct. So the standards I always say like they serve as an inspiration and also kind of as a mandate to make a case for okay the Rust

00:04:31 compiler is well tested. It actually does what it claims and um this is how you deploy it safely in an industrial setting because there are features in the Rust compiler that for example very rarely exhibit bugs. Uh so to take one of them the Rust compiler has a speed optimization that is called incremental compilation which means that during development you don't need to recompile

00:04:55 the whole program all the time you can recompile it in slices. This is something that is sometimes introduces subtle bugs during development that doesn't matter. It's incredibly rare and usually your program crashes. But it is still useful to say in a safety minded environment, please make sure if you do the final build that you don't do it using incremental compilation. So it's

00:05:16 also an exercise in informing the user what the tool actually does and what this option is there for. It's just there for development. It's not there for your final uh for for your final deployment. It sounds so easy, but one of the problems that programming language tooling is incredibly complex. So, it's very useful in these kinds of settings that someone has written down,

00:05:39 hey, these and these and these and these and these things are generally high quality. But if you want to be actually paranoid, don't do this. Do it like this. Yeah, thanks for explaining that. How does Rust benefit developers and teams? So, Rust is a more rigid language and that may sound a little bit more counterintuitive. Um, so it comes out of

00:06:02 a drift that we've seen in the recent years that languages get stricter. They don't get give you that many options any more. So, they tell you, hey, this is the way we do, for example, um, handle memory. This is the way we do IO and things like that. Um the reason why that happens is if everyone has total freedom, you get a problem if you have 20 artists trying to build a coherent

00:06:30 and sound um program. So it comes out of that lineage. But on the other hand, so now you have the system that's a little bit harder to use and that has more rules around it. But the good thing that Rust has done is then that comes back to the tooling. It tries to give you very good advice on which direction you go if you're for example confused. If you made an error, the Rust compiler will usually

00:06:54 tell you this is an error. It will not fix it for you because that may introduce subtle problems where you're disagreeing with what the compiler is actually saying and so on so forth. And um the but it it tells you, hey, by the way, have you considered doing this? Is this what you wanted? So there's an there's a counterdrift to um a we're now working in a stricter system um that is

00:07:19 easier to analyze and easier to gro once you understood that. Um but on the other hand we have tooling that tries to make it as nice as possible for you. Um so there's quite a lot of thought that went into making the rush tooling well one of the best in its uh in its segment. Got it. And what does Ferris systems offer to organizations interested in adopting Rust and which industries do you

00:07:47 typically work with? Okay, that's a broad question. Uh let me take a step back. The I started training Rust personally in 2015, so 10 years ago and Ferris systems comes out of the observation that in the first 3 to four years that was a nice site business for me personally next to my old company. But in about 2018, a lot of people came along and had

00:08:12 actual serious projects they wanted to build. And so we were like, okay, there is a need for a company that helps other companies adopting Rust. And that's how we formed first systems. And that was kind of like the early mission statement. So for those couple of years the environment being new and um the needs changing all the time that was basically training and consulting and

00:08:37 tools development for example we built uh the current rust IDE rust analyzer and make sure that that is improved all the time. So um so that was kind of a phase where to be blunt like the customers didn't quite know what they need. So it was more sensing into you get a call with someone who says like I heard about this rust thing what do we um what do we do and then you figure out

00:09:02 what the service is. So this was really flexible company back then. Um nowadays um that has structured itself more so we can now do the whole set between training consulting but also tools development and actually tool shipping. So we have all of these segments so we can help companies with everything they need. We're going a little bit back on the classic consulting where we're

00:09:27 basically people for hire that join you join your project. But for example, a classic way on how we're dealing with companies that adopt Rust is an initial training first and then an assigned engineer who helps you um succeed in your project over the next couple of months. So you'll have a weekly or twice a week call um checking in on problems. The one thing that we're very focused on

00:09:53 is we want to enable people to do Rust by themselves. So we're not the company that you would hand things over all the time and then well in the end you'll get a block of 20,000 lines of Rust and you don't know what to do with it because they don't have the engineers for it. So we're really in the business of empowering companies. That is still changing every

00:10:21 one to two years of what the actual need is and it's going quite fast. We're 6 years old and 3 years in a customer came to us and said safety qualified compiler we have really need we have a real need for that could you build that for us and we're like okay yeah safety critical compiler let's do that um on your second question which industries are adopting Rust all of them it comes in waves very

00:10:44 early on between 2015 2018 it was all over the place but kind of niche um from 2018 on which is kind of the inflection point where Rust became a mature industry accepted language. Um it was adopted at basically all hyperscalers Google, Amazon and Microsoft are big big supporters of Rust and are using it heavily internally but also small companies startups quite a lot of AI

00:11:11 systems nowadays back then quite a lot of blockchain systems are written in Rust. So it's really hard to say which industry doesn't do Rust. It's much more there's industries that are a little bit more conservative and slower in their adoption phase and then there's places where there's just a still so much work to do within Rust where people are not sure if they can adopt it yet. I give an

00:11:38 example um GPU programming in Rust is more of a niche thing. There are people who are doing it but it's currently not the focus that the language is being built for or that the Rust project is building that language for. I totally love to change that. I'm talking to people about that. But this is just a wall that you must climb over before the language is just usable for everyone

00:12:00 except just someone who's really interested in GPUs and really interested in putting Rust on GPUs. Um so that's kind of the the thing where it decides itself on less on the is Rust capable theoretically capable. It's practically is there tooling around are there libraries around and same thing coming back to first scene is like for a lot of people who do safety critical or all the

00:12:25 people who do safety critical the availability of a qualified Rust compiler was just a thing that was strictly necessary and now that they're available now you you can see it blossom in in all of those companies basically Every company I speak to nowadays does rust somewhere. Every larger company. Fantastic. Yeah. Looks like there is a learning curve involved here which is

00:12:52 where the companies are slowly getting into and I guess for assistance helping them. There's actually there's actually one thing I' I'd like to to address there. Rust so a lot of people say Rust has a learning curve and it's a little bit out and I think that's important. If a new programming language were an incremental increase, say it's 5% better, it would

00:13:15 not have a chance of being adopted because essentially when you're saying do your new development in a new programming language or even rewrite some of your existing software in a new programming language, you are asking people the image that I'm always using is the you're asking people to knock down one of the houses in the street and rebuild it. People do that all the time.

00:13:36 It's a common thing, but you don't knock down a house just for the fun of it. Um, and you would certainly not knock it down if if you could build a 5% better house. So, it is actually important that the language is stepping away from what the preceding languages did because otherwise that step would not be worth it. So, I'm not saying it should we should make it easy. That's what we're

00:13:58 giving training for and so on so forth. So we'd like to help across but it's actually important that there is a larger step that you need to take because otherwise just fix your old tooling incremental improvement can just be based on what you're doing all day anyways. Fantastic. How does Ferris systems help the teams succeed in regulated environments?

00:14:20 First of all, by shipping tooling that is pre-qualified. But the other thing in regulated environments is there's often very detailed questions on how the tool that you're using works or the language that you're using works or you need something fixed or implemented in a very strict manner and this is this is what we're helping with. So there's a point where

00:14:41 teams need to deliver their software and that's often not necessary. We need to know all the details of the programming language that we're building it in. But in the end, those details matter because you don't want to run into any kind of problems. So the way we're helping is any kind of knowledge transfer through writing documentation or through um pre-esting things which is essentially

00:15:08 hey these are the tests that have already been done for you. It's also a kind of knowledge transfer. So we help in all the corners where you don't have an expert around because in the end rust expert is not really a job if your job is building a medical device. Your job is being medical device engineer. So we see our role of basically being your your rust expert

00:15:35 sidecar that says okay this is how you do it safely. We can review this. programming languages evolve and young programming languages evolve. So even refreshes like yeah this was something that people did two years ago but because the compiler got better the tooling got better this is what you're doing in say 2027 talking about this this is it's it's a whole bouquet of of

00:15:58 services that we're giving there sometimes it's even which hardware do we pick what is good what is well supported what is what is not well supported got it finally what advice do you have for companies interested in Rust uh but worried about adoption challenges. Start now. Uh the the thing is if if you are convinced that Rust is a technology that will be introduced at your company

00:16:24 eventually be it because you want it or sometimes because it forced on you. This is actually something that uh I've has been coming up in the last one to two years where people are saying our customer insists on implementation in a memory safe programming language is a language we can't use C. We need to figure out how we do this in Rust things like that. That's kind of a forcing

00:16:46 function. If if you think that Rust will be something that ends up in your company in the next coming years, start working on that now because otherwise you'll be under pressure the moment you actually want to deploy this. So say the actual inflection point is 3 years out. Now you have 3 years of starting slowly, maybe having someone implement implement a small tool or

00:17:13 something like that, but like build internal experience while in 3 years you're on a rush. Need to hire external folks and so on. In general, well, start start now is my big recommendation because that allows you to start slowly and on a gradient. And this is actually there's a there's a great talk at Rustfest 2019 on how Microsoft adopted Rust. Um, and this is now a common

00:17:42 engineering industry adoption. The moment you got the hunch, start small investments and uh see how you can uh how you can work with that new technology. It's not not go all go all in. Excellent. Well, thank you for your insights, Florian, and thank you for joining us today. Yeah, thank you as well. Thank you for

00:18:04 having me.