My Long Term Vision for the D programming language
Imperatorn
johan_forsberg_86 at hotmail.com
Wed Nov 17 14:18:04 UTC 2021
On Wednesday, 17 November 2021 at 07:04:54 UTC, Paulo Pinto wrote:
> On Tuesday, 16 November 2021 at 21:59:19 UTC, Imperatorn wrote:
>> On Tuesday, 16 November 2021 at 21:00:48 UTC, Robert Schadek
>> wrote:
> It has won, time to accept it,
>
Sorry, to clarify I meant in the embedded space / functional
safety.
I have not seen any Rust anywhere in safety-critical appliations
yet.
(Not D either of course)
Since there is no certified compiler for Rust (yet) or toolchain
or acknowledged coding standard.
I guess there will come something similar like (a proper) MISRA-C
for Rust
Reading through the coding standards ISO, only very recently (10
years ago) even C++ have been mentioned that it *might* be ok to
use. It's a very conservative space.
I have no doubt that in about 10 years or so, Rust could be used
(maybe?) in these applications, but it all depends on the system
at hand and how you build it.
Like for example what a safe state is, what level you have on
certain parts etc etc.
For example you could in theory even use QBASIC to control some
critical part of a system if there are no requirements on for
example (I don't know the English term) SIL "monitored movements"
and only have requirements that the stop function has a certain
level. It all depends on the system and requirements.
For example, our company has a product from 1986 which is still
in use today because it took us about 7-8 years to get all the
documentation and testing in place (that one uses assembly
though).
It's not only software requirements, there are RED, LVD, EMC, EMI
etc etc, dual architecture, monitoring of outputs, watchdog
requirements (ASIL D), latency requirements, active vs passive
stop, data integrity requirements (think CRC), bit flip
requirements etc (yes, during the validation and verification
process we introduce random bit flips to simulate an external
memory corruption event, such as cosmic backround radiation) etc.
It is a very conservarive space. In some aspects it might seem
dumb (ilke, why would a language with higher guarantees be
worse?), but I guess it comes from a sense that you want to be
sure all parts work as expected and it's partly driven by
fear/being cautious.
Gotta work now, but just a quick summary
https://www.iar.com/products/requirements/functional-safety/iar-embedded-workbench-for-arm-functional-safety/
https://www.highintegritysystems.com/
https://www.ghs.com/products/industrial_safety.html
More information about the Digitalmars-d
mailing list