Is there any aerospace/military companies claimed to use Rust as their main programming language in the future?

Already saw many comparisons between Rust and Ada/Spark, since the later two are the conventional proved lanuages by these industries. But it seems no conclusions are drawn. But I guess, except for us hobbiests, these big companies must have evaluated Rust, the potential new commer. I am wondering what is their opinions about Rust?

Rust claimed its safety and usage in embedded systems, what if Rust take down these big companies? I believe Rust ecosystem will become unshakable. Many people said Spark got ranged arithmetics. Is that very hard to implement in Rust? I mean Rust can provide some subsets especially designed for extreme safety.


You might be interested in the Ferrocene project. They aim to qualify (a version) of the compiler for safety-critical code.


It's almost never about "hard to implement". If there is a barrier to the adoption of Rust for safety-critical systems, it's certainly not such trivial, one-off features. Rust already has checked arithmetic in std, too, and you can turn on various Clippy lints in hardcore aka #![forbid(…)] mode, which catch potential overflows.

The problem of adoption is usually of a societal nature. Big companies have invested who knows how many millions of dollars into lawyers for obtaining a signature and a seal that says "you are legally allowed to program this jet engine in any language as long as it's Fortran", and they will not exactly be pleased if they have to repeat the whole procedure just in order to use some shiny new language. Inertia in the industry is enormous – there are banks still using COBOL and Mumps, languages from the 50's and 60's; imagine what it would take to migrate a safety-critical system to Rust.

So my humble and completely outsider opinion is that it's just Not Gonna Happen™, and that it's not the fault of Rust or its features or any sort of technological reason.


Thanks. that looks interesting.

I am also wondering these industries, or regulation administrations, like FAA. Do they pick software programming languages? like aircrafts with their softwares programmed in SPARK is easier to get airworthiness certificate?

Not at the FAA's level, I don't think (not my area of expertise). But it really doesn't matter. The industry momentum far, far outweighs any amount of regulatory paperwork that would be needed. For companies like this, paperwork is their bread and butter. If one really wanted to make a jet that ran on Rust, they could do it. But they'd be going it alone, because their subcontractors don't know Rust, the programmers they have working on other projects don't know Rust, their middle management thinks it's a video game, and their upper management thinks it's something you don't want to find on a jet. Which raises the issue of who, exactly, is advocating for writing their jet software in Rust?

Anecdotally, a lot of aerospace programming is actually done in C++, which is awful. But it's easier to find C++ programmers than Spark programmers and probably still easier to find those than Rust programmers. Bear in mind also that projects like this last for decades. This isn't a space with a lot of greenfield projects (arguably, none at all). If somebody started using Rust in the last 5 years that would still be quite a young project. And if the project is 10 years old, Rust wouldn't have been an appropriate choice at the time.

If you want to make inroads in that space, the way to do it is make a startup. Bid on some government projects and gamble that you can use Rust to finish in a smaller budget than a big company using C++ would. Use your success to get acquired by Boeing or somebody. Over time, if you can consistently show that Rust offers an advantage over C++ (or whatever language), and when most of your former coworkers have died and can no longer overrule you, you'll have seniority to dictate what language everyone else should use.

I expect Rust to have made serious inroads into the defense & aerospace industry no later than 2050.


If you want to be truly horrified then look here.
These are guys who are developing software for ISS. Russian segment, of course.
Using PL/I which is more than half-century old (but it was new when they started… that was before two Steves popularized personal computer idea with their Apple I thingie and years before IBM popularized 8086.
They are still using PL/I (using their own compiler because, you know, DRI was kinda sold to Novell and stopped supporting it… so they reverse engineered compiler and continued from there).
Meanwhile DOS kinda disappeared, too, thus they were forced to turn to Windows 7. They turned it into RTOS by patching kernel and continued.
And… I wish that story was some kind of elaborate hoax. But no, it's real. They are proud that they did that.

Anecdotally, a lot of aerospace programming is actually done in C++, which is awful.

Feh. C++ is just too new and not battle-tested. But yeah some of their colleagues switched. Not all ISS software is written in PL/I.

I expect Rust to have made serious inroads into the defense & aerospace industry no later than 2050.



LOL, the start up and PL/I 2050 thing, I got you guys' point.

You guys are just a little bit too over pessimistic, I guess..

Although, I knew there are many old systems coexists in aerospace field, very old, like use 21 to express 2021 for just saving bits. But I am hoping it will be used in new projects soon as long as the frontline programmer starting to find its advantages and bend the management layer.

As long as Rust has the potential, or Rust foundation board has this will, I believe it will come soon.

2050 is absolutely "soon" by defense industry standards. That's less than 30 years away! Most successful projects last at least that long.


And, by the way, I wasn't joking about the startup. That's absolutely how a lot of innovations make it into big companies. It's easier for small companies to innovate because they have less momentum and less overhead. Moreover, for big companies like the one I used to work for, it's often more cost effective to acquire startups when they already have achieved a degree of success than to sponsor in-house skunkworks projects most of which will not be profitable in the long run.


I guess you are right, C++ and Ada camp got FAA qualified compilers like GreenHills and WindRivers. The Ferrocene you mentioned must be expensive proprietary compiler in the future. But it also means the process already started.

My understanding is that they are partnering with multiple companies who are collectively funding the cost to qualify a specific version of rustc. They are certainly not writing their own compiler. Ferrous Systems is a pretty small company. There may still be a cost to access all of the qualification documents, but I wouldn't call that a proprietary compiler.

1 Like

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.