Rust core library partly polished for industrial safety spec
Summary
Ferrocene, an open-source Rust compiler toolchain maintained by Ferrous Systems, has had a substantial subset of the Rust core library certified to IEC 61508 (SIL 2). The certification covers commonly used types and functions — Option, Clone, str, pointers and many primitives including slices — making memory-safe Rust more accessible for safety-conscious, regulated embedded and industrial systems. TÜV SÜD previously qualified the Ferrocene toolchain for higher assurance contexts (ISO 26262 ASIL D, IEC 61508 SIL 3 and IEC 62304 Class C), and partners Sonair and Kiteshield are already applying the certified core in real-world robotics and mining safety projects.
Key Points
- Ferrocene’s core subset is now certified to IEC 61508 (SIL 2), expanding Rust’s footprint in safety-critical development.
- Certified core items include Option, Clone, str, pointer types and most primitive slices — essential building blocks for embedded code.
- The certification targets qualified development platforms such as x86_64 Linux, x86_64/Armv8-A QNX Neutrino, and RTOS on Armv8-A/Armv7E-M.
- TÜV SÜD has previously endorsed Ferrocene for ISO 26262 (ASIL D), SIL 3 and IEC 62304, and supports qualification toward SIL 4 and DO-178C where needed.
- Industry partners (Sonair, Kiteshield) are using the certified toolchain in acoustic detection & ranging (ADAR) and Ultra-Wideband collision-avoidance systems for mining and robotics.
- Bringing certified core libraries to Rust helps reduce reliance on C/C++ in embedded stacks and mitigates memory-safety risks, though new bugs must still be guarded against.
Context and Relevance
The certification is important because safety standards (SIL/ASIL/DO-178C) drive procurement and regulatory acceptance in industries like automotive, medical, mining and industrial automation. Historically, C and C++ dominate embedded systems despite memory-safety shortcomings. A certified Rust core removes a major barrier to adopting Rust in regulated systems, giving engineers a path to exploit Rust’s memory-safety advantages while meeting required assurance levels for many industrial use-cases.
Why should I read this?
Short version: if you care about writing safer embedded or industrial software (or selling it), this matters. Ferrocene’s SIL 2 certification of core bits means you can now realistically consider Rust for systems where safety standards previously forced C/C++ choices. It’s not the whole core yet, but it’s a big wedge — saves you time and risk by moving memory-safety forward where it counts.