Rust SIG Meeting - 2026-03-17

[PLeVasseur]

Hey folks 👋 welcome to our fifth meeting of 2026.

Rust SIG Meeting 2026-03-17

Agenda

1. Solicitation of notetaker

   • @krucod3

2. Rust Watercooler Chat Topic - What does it take to ship Rust in Safety-Critical?; Pete LeVasseur - Woven by Toyota

3. Review GitHub repo content and discuss how to enrich (Pete)

   1. Issues
   2. Discussions are now active! We'll take meeting notes here based on previous agreement in the SIG.

4. Office hours - Rust + Automotive questions - come chat! (All)

5. Discuss upcoming events / news related to Rust & Automotive (All)

6. Meeting close

Check-in area

(19 total attendees, some not listed with GitHub handles)

• @PLeVasseur
• @felix91gr
• @jordanbailes
• @cpetig
• @perrymcmanis144
• @arvindr19
• @bharatGoswami8
• @krucod3

Housekeeping section, please add

• Document space: https://drive.google.com/drive/folders/1Ub0qTLKvTFilPC9TFVEdTyWn_9qJ-vYD?usp=drive_link
• GitHub repo: https://github.com/rust-sig/rust-sig
• Eclipse SDV Slack channel: #rust-sig

Tasks

Meeting Minutes

Pete LeVasseur - Woven by Toyota: What does it take to ship Rust in Safety-Critical?

The blogpost was put a couple of months back and is based on the work of Pete in a team put together for the 10th anniversary of stable Rust.
Putting up a survey 40k responses, interviews with people about the usage of Rust for safety critical. Very informative and grounding.
Currently looking for a successor for the user research team s.t. it's more sustainable.

A lot of feedback from the blogpost.
If you know when MATLAB/Simulink Rust code generation is coming let Pete know. Or if you think this is not important.

Companies offer OSEK or AUTOSAR first class support. Let Pete know.

There is an analysis about readiness for safety critical Rust usage in the rust consortium.
https://arewesafetycriticalyet.org/docs/iso26262
Feedback is welcome.
Safety critical systems can have effect on human life health and property.
They are decomposed depending on the impact.

Discussion about decomposition and levels of the complete system and what is meant by control systems - https://en.wikipedia.org/wiki/Control_theory
Discussions about data flow programming. Christian will provide a link.
Discussions about ROS and flow-based programming.
Some links from the discussion about trying out:
https://www.etas.com/ww/en/about-etas/newsroom/overview/ascet-developer-community-edition-etas-offers-professional-tool-for-free/
https://www.etas.com/ww/en/products-services/software-development-tools/ascet-developer/

Talk with a firmware engineer working on mobile robotics systems about a mid level safety measures provided by Rust. They could argument as proven in use as libcore is not proven, but proven in use.
This was the state back then. In the meantime libcore is certified.

Talks with engineers in medical that switched from Python to Rust. The resonance was very good. More maintainable code with performance improvements.

Question to the audience about other people working on safety critical projects with no response. Most people are apparently working on QM projects.

When one reached ASIL-B level, mostly one needs to fork the project, strip it and add a lot more testing.
Doing higher levels it's going to involve more effort and a lot of money per line of code.

There is a huge difference in process depending on the critically levels.

Pete telling stories from his experience: Trying to use new OS. No upstream support for the OS. 4th version of the compiler. Huge dependency tree. Not wishing to the worst enemy, but it happens from time to time.
Not maintained for a long time.

Question about Ferrocene support for QNX and limited HW.
Rust targets available for VxWorks. QNX is very common in automotive and this is the common choice.

Discussions about VxWorks and that they are more involved in avionics and space, but are going into automotive too.

Functional safe compilers being worked on by:

• Ferrocene are very opened about what they do.
• HighTec are more closed up.
• AdaCore works on the Rust ecosystem and were involved early on the ferrocene spec. They are not safety qualified and are looking for partners.

An aerospace company building a rocket is using Rust, but they don's announce this openly. Rust is apparently interesting there too.

A lot of things need to be added to other languages which is already build in Rust so Rust is fitting a nice here.

Some company was looking for a highly experienced Rust engineer and searched for 2 years. At the end they hired 3 juniors that could be guided by the tooling and were quire productive at the end.

People find it nice that reviews are easier as a lot of thing just cannot happen.

There are various opinions if exceptions should be used in C++ because of performance. In Rust this is not a problem.

Question about experience after usage of C++. Memory problems and race conditions on data access are just not there.
Discussion about errno in C++

Final thoughts on HW support and help from the community as this is critical for better acceptance.

Contact Pete if you have thoughts or questions on the blogpost.

Discussion about coding guidelines:
https://coding-guidelines.arewesafetycriticalyet.org/
https://github.com/rustfoundation/safety-critical-rust-coding-guidelines
rustfoundation/safety-critical-rust-coding-guidelines#336

Discussions about C/C++ and Rust interoperability and guidelines.

Stuff coming up for Rust

Comment in the chat about upcoming SAE recommendation:
https://www.sae.org/standards/ja1020-recommendations-rust-programming-language-safety-related-systems

Requested topics

• selfishly, iceoryx2 and ipc in general

Material

Any material to read before the meeting should be included here.

[felix91gr]

felix91gr

[jordanbailes]

@jordanbailes

[cpetig]

@cpetig

[charcoalfrostmetallic]

@perrymcmanis144

[arvindr19]

@arvindr19

[bharatGoswami8]

@bharatGoswami8

[mik90]

@mik90

[krucod3]

Hey folks 👋 welcome to our fifth meeting of 2026.

Rust SIG Meeting 2026-03-17

Agenda

1. Solicitation of notetaker

   • xx

2. Rust Watercooler Chat Topic - What does it take to ship Rust in Safety-Critical?; Pete LeVasseur - Woven by Toyota

3. Review GitHub repo content and discuss how to enrich (Pete)

   1. Issues
   2. Discussions are now active! We'll take meeting notes here based on previous agreement in the SIG.

4. Office hours - Rust + Automotive questions - come chat! (All)

5. Discuss upcoming events / news related to Rust & Automotive (All)

6. Meeting close

Check-in area

• @PLeVasseur
• xx
• xx
• xx
• xx
• xx
• xx
• xx
• xx

Housekeeping section, please add

• Document space: https://drive.google.com/drive/folders/1Ub0qTLKvTFilPC9TFVEdTyWn_9qJ-vYD?usp=drive_link
• GitHub repo: https://github.com/rust-sig/rust-sig
• Eclipse SDV Slack channel: #rust-sig

Tasks

Meeting Minutes

Pete LeVasseur - Woven by Toyota: What does it take to ship Rust in Safety-Critical?

The blogpost was put a couple of months back and is based on the work of Pete in a team put together for the 10th anniversary of stable Rust.
Putting up a survey 40k responses, interviews with people about the usage of Rust for safety critical. Very informative and grounding.
Currently looking for a successor for the user research team s.t. it's more sustainable.

A lot of feedback from the blogpost.
If you know when MATLAB/Simulink Rust code generation is coming let Pete know. Or if you think this is not important.

Companies offer OSEK or AUTOSAR first class support. Let Pete know.

There is an analysis about readiness for safety critical Rust usage in the rust consortium.
https://arewesafetycriticalyet.org/docs/iso26262
Feedback is welcome.
Safety critical systems can have effect on human life health and property.
They are decomposed depending on the impact.

Discussion about decomposition and levels of the complete system and what is meant by control systems - https://en.wikipedia.org/wiki/Control_theory
Discussions about data flow programming.
Discussions about ROS and flow-based programming.
Christian provided a link with some things that can be tried out:
https://www.etas.com/ww/en/about-etas/newsroom/overview/ascet-developer-community-edition-etas-offers-professional-tool-for-free/
https://www.etas.com/ww/en/products-services/software-development-tools/ascet-developer/

Talk with a firmware engineer working on mobile robotics systems about a mid level safety measures provided by Rust. They could argument as proven in use as libcore is not proven, but proven in use.
This was the state back then. In the meantime libcore is certified.

Talks with engineers in medical that switched from Python to Rust. The resonance was very good. More maintainable code with performance improvements.

Question to the audience about other people working on safety critical projects with no response. Most people are apparently working on QM projects.

When one reached ASIL-B level, mostly one needs to fork the project, strip it and add a lot more testing.
Doing higher levels it's going to involve more effort and a lot of money per line of code.

There is a huge difference in process depending on the critically levels.

Pete telling stories from his experience: Trying to use new OS. No upstream support for the OS. 4th version of the compiler. Huge dependency tree. Not wishing to the worst enemy, but it happens from time to time.
Not maintained for a long time.

Question about Ferrocene support for QNX and limited HW.
Rust targets available for VxWorks. QNX is very common in automotive and this is the common choice.

Discussions about VxWorks and that they are more involved in avionics and space, but are going into automotive too.

Functional safe compilers being worked on by:

• Ferrocene are very opened about what they do.
• HighTec are more closed up.
• AdaCore works on the Rust ecosystem and were involved early on the ferrocene spec. They are not safety qualified and are looking for partners.

An aerospace company building a rocket is using Rust, but they don's announce this openly. Rust is apparently interesting there too.

A lot of things need to be added to other languages which is already build in Rust so Rust is fitting a nice here.

Some company was looking for a highly experienced Rust engineer and searched for 2 years. At the end they hired 3 juniors that could be guided by the tooling and were quire productive at the end.

People find it nice that reviews are easier as a lot of thing just cannot happen.

There are various opinions if exceptions should be used in C++ because of performance. In Rust this is not a problem.

Question about experience after usage of C++. Memory problems and race conditions on data access are just not there.
Discussion about errno in C++

Final thoughts on HW support and help from the community as this is critical for better acceptance.

Contact Pete if you have thoughts or questions on the blogpost.

Discussion about coding guidelines:
https://coding-guidelines.arewesafetycriticalyet.org/
https://github.com/rustfoundation/safety-critical-rust-coding-guidelines
rustfoundation/safety-critical-rust-coding-guidelines#336

Discussions about C/C++ and Rust interoperability and guidelines.

Stuff coming up for Rust

Comment in the chat about upcoming SAE recommendation:
https://www.sae.org/standards/ja1020-recommendations-rust-programming-language-safety-related-systems

Requested topics

• selfishly, iceoryx2 and ipc in general

Material

Any material to read before the meeting should be included here.