Blog coding article

Qualifying Rust without forking

Florian
Article

Qualifying Rust without forking

Published on 3 min read
Ferrocene icon
Ferrocene
A Rust compiler toolchain for safety- and mission-critical environments.

    Ferrocene is a qualified downstream of the main Rust compiler, rustc, which is built and maintained for safety-critical and security use.

    Many vendors fork such compilers - they take a current version of the compiler, change it, qualify it, and then release this version to their customers. This often happens in the name of vendor-locked conveniences.

    This comes with a number of disadvantages, especially the dangers of being stuck on an old version with a vendor being unable to update, as the main project moved on or chose different paths. While staying on a version is fine and a very valid choice, an update must be equally available and smooth.

    Ferrocene is not a fork

    Ferrocene is the upstream Rust compiler, rustc, unmodified - thoroughly tested on targets that are not supported by upstream. It comes with all tools you expect and are accustomed to from using the Rust toolchain. Additionally, it comes with long term support by a team of experts that have being doing Rust since before Rust 1.0.

    The Rust project has invested a lot of effort to get usability right. Ferrocene users should have the same conveniences as the upstream toolchain, regarding installation, build system, and tooling. If that experience is lacking, there's one correct place to fix it: by contributing those fixes upstream.

    See our blog post, How Ferrocene improves Rust, for details on changes we've done to improve the compiler testing for everyone.

    Oxidizing the qualification process

    Ferrocene uses a modern, but battle-tested quality measure for ensuring safety, strongly avoiding ever merging code with bugs in the first place. First written down as The Not Rocket Science Rule Of Software Engineering, it is - again - the quality measure that the Rust project uses every day. This validations strategy has recently passed review of our assessor, with no outstanding questions.

    Using the same methodology as the Rust project itself also means there is no disruption between the two codebases that may introduce bugs. The fewer the divergences, the better.

    We extended this methodology to constantly - daily - merge changes from the main project into our branches. As such, we're the only safety compiler vendor that can readily ship you known-good compilers that ran through our full qualification pipeline on every build. While we may not fully qualify each and every version (because that still needs quite some human effort in the loop), we can ship you all versions of Rust with our extended validation.

    This comes with the benefit that Ferrocene is easy to integrate into any system - it's just what you know already. You can use Ferrocene in all of your contexts - for cybersecurity reasons in your backend services down to safety use cases in your vehicle.

    Building a virtuous feedback loop

    Good downstreams build a virtuous feedback loop that's easy to build for us. With our strong committment and years-long involvement in the main Rust compiler, we fix issues where they should be fixed - upstream, in a way that has all Rust users in mind. At the same time, we cover gaps that are hard to address for the main Rust Project - hard-to-test platforms, committed support cycles, and custom long term support. All that while remaining on the tip of the main branch.

    Ferrous Systems is one of the largest contributors to the Rust Project and particularly their quality measures, and aims to improve this.

    And this leaves us with just one more (the biggest!) announcement to make, for which we invite you to our A Decade of Rust birthday party.