DR-001-Arch: Rust Readiness for Safety-Critical Components#
Date: 2026-03-06
Rust Readiness for Safety-Critical Components
|
status: accepted
|
||||
Context / Problem#
At the Architecture F2F in November 2025, the project deferred the Rust readiness decision to individual modules with a February 2026 assessment deadline. Key gaps included coverage, compiler qualification, and libcore/libstd qualification.
The Technical Lead Circle meeting on 2026-03-06 reviewed evidence and concluded that Rust is ready for ASIL-B safety-critical use in S-CORE 1.0.
Decision#
Rust is approved for use in ASIL-B safety-critical components.
Rationale#
Critical tooling (compiler, linting, formatting) is complete. Remaining mandatory gaps (coverage qualification, libcore/libstd extensions) have commercial mitigation paths available.
Evidence Basis#
The evidence was gathered by the S-CORE Rust Community and documented in Weekly RUST Meeting, 2026-03-04:
# Rust ASIL-B end of 2026 - feasibility overview
Overall tracking board: https://github.com/orgs/eclipse-score/projects/34/views/7
Mandatory scope: https://github.com/orgs/eclipse-score/projects/34/views/8
## Mandatory Scope
### β
Code formatting
Bazel integration + CI/CD integration ready and rolled out in few Rust repositories that ensures code is aligned by same S-CORE wide configuration
- Verification report (https://eclipse-score.github.io/score/main/score_tools/tools_static_analysis_code_quality/clippy.html#doc_tool__clippy)
### β
Static code analysis - linting
- Bazel integration + CI/CD integration ready and rolled out in few Rust repositories that ensures code is aligned by same S-CORE wide configuration
- tool have available report verification with confidence HIGH, meaning no qualification needed. (https://eclipse-score.github.io/score/main/score_tools/> ols_static_analysis_code_quality/clippy.html#doc_tool__clippy)
### π Code coverage
Bazel integration + CI/CD integration ready and rolled out in few Rust repositories
- Using build in Rust test framework for writing and running TC
- Tool for coverage calculation used from Ferrocene
- Ferrocene provided offer for tool qualification - β
offer available at https://github.com/eclipse-score/score/issues/2020
### π Certified `libcore` and `libstd` subset
- `libcore` certified as ASIL-B in quite big scope already
- Ferrocene provided commercial offer for extension of those two in required timeline. - https://github.com/eclipse-score/score/issues/2020
### β
Qualified Rust compiler
- Ferrocene and QNX announced qualified compiler being available at Q3 2025 (QNX Funded)
- OEM/TIER1 can contact ferrocene for compiler offer with maintenance (around ~~25euro/mth/seat)
### Good to have
#### π Coding guidelines
- Plan to use SCRCG (https://github.com/rustfoundation/safety-critical-rust-coding-guidelines)
- Planned availability of first version mid 2026 (not confirmed but there is good progress there)
### Dynamic analysis
`Miri` tool can be used, requires integration with bazel (some repos run it via cargo already) - planned to be done soon (**weeks**), currently no chnical > blockers
Consequences#
Feature teams can use Rust for safety-critical components without additional project-level approval. Module-level architecture decisions should document language choice rationale but donβt need to re-justify Rustβs safety-critical readiness.
Remaining Risks#
Qualification timeline: Coverage and libcore/libstd work must be ordered latest by July 2026 to make the referenced timeline
Assessment is specific to QNX 8 with Ferrocene compiler; other platforms need to be evaluated via the OS onboarding process when promoting to the Certifiable Level