My Long Term Vision for the D programming language

Imperatorn johan_forsberg_86 at hotmail.com
Wed Nov 17 14:18:04 UTC 2021 

On Wednesday, 17 November 2021 at 07:04:54 UTC, Paulo Pinto wrote:
> On Tuesday, 16 November 2021 at 21:59:19 UTC, Imperatorn wrote:
>> On Tuesday, 16 November 2021 at 21:00:48 UTC, Robert Schadek 
>> wrote:
> It has won, time to accept it,
>

Sorry, to clarify I meant in the embedded space / functional 
safety.

I have not seen any Rust anywhere in safety-critical appliations 
yet.
(Not D either of course)

Since there is no certified compiler for Rust (yet) or toolchain 
or acknowledged coding standard.
I guess there will come something similar like (a proper) MISRA-C 
for Rust

Reading through the coding standards ISO, only very recently (10 
years ago) even C++ have been mentioned that it *might* be ok to 
use. It's a very conservative space.

I have no doubt that in about 10 years or so, Rust could be used 
(maybe?) in these applications, but it all depends on the system 
at hand and how you build it.
Like for example what a safe state is, what level you have on 
certain parts etc etc.

For example you could in theory even use QBASIC to control some 
critical part of a system if there are no requirements on for 
example (I don't know the English term) SIL "monitored movements" 
and only have requirements that the stop function has a certain 
level. It all depends on the system and requirements.

For example, our company has a product from 1986 which is still 
in use today because it took us about 7-8 years to get all the 
documentation and testing in place (that one uses assembly 
though).

It's not only software requirements, there are RED, LVD, EMC, EMI 
etc etc, dual architecture, monitoring of outputs, watchdog 
requirements (ASIL D), latency requirements, active vs passive 
stop, data integrity requirements (think CRC), bit flip 
requirements etc (yes, during the validation and verification 
process we introduce random bit flips to simulate an external 
memory corruption event, such as cosmic backround radiation) etc.

It is a very conservarive space. In some aspects it might seem 
dumb (ilke, why would a language with higher guarantees be 
worse?), but I guess it comes from a sense that you want to be 
sure all parts work as expected and it's partly driven by 
fear/being cautious.

Gotta work now, but just a quick summary

https://www.iar.com/products/requirements/functional-safety/iar-embedded-workbench-for-arm-functional-safety/

https://www.highintegritysystems.com/

https://www.ghs.com/products/industrial_safety.html

More information about the Digitalmars-d mailing list