►
Description
Florian Gilcher and Sabree Blackmon
B
A
In
this
powerpoint
now
has
ai
generated
design
that
works
well,
yeah,
I'm
gonna!
I
got
in
touch
last
year
actually
about
talking
about
industry,
interest
in
safety,
critical,
rust
and
methods
to
provide
that-
and
this
is
so.
This
is
the
the
talk
from
last
year
updated
for
this
year.
Who
are
we
we're
simply
who's?
It's
about.
Joining
he's
been
a
little
bit
held
up.
Sabri
has
been
working
in
safety
and
security,
critical
systems,
military
robotics,
high
assurance
and
connected
devices
and
yeah
me.
A
I'm
part
of
the
rust
core
team.
I've
joined
the
project
through
the
community
team
and
I'm
currently
one
of
the
project
directors
in
the
rust
foundation,
and
I
have
a
history
in
software
development,
high
reliability,
backend
systems
and
the
company
that
I
got
in
touch
with
is
called
first
systems
as
introduced.
We
have
since
then
in
september,
formed
a
subsidiary
called
critical
section
and
which
helps
high
reliability
industries
to
adult
costs.
A
So
the
background-
this
is
probably
the
least
rigorous
talk
in
this
workshop,
but
our
intention
is
to
break
some
common
assumptions
about
like,
what's
out
there
and
present
a
couple
of
pathways
on
how
the
things
were
presented
and
that
just
had
a
with
viewing
are
also
very,
very
useful
in
the
current
path
and
in
the
current
development
of
rus.
A
So
we
want
to
summarize
the
feedback
that
we
got
from
around
three
years
of
consulting
on
rust
adoption
and
also
especially,
through
our
background
in
safety
critical
with
some
some
of
the
customers.
We
were
interviewing
or
especially
interested
companies
and
then,
as
it
turns
out,
there's
actually
a
lot
of
subtle
opinions
around
around
industry
and
use.
So
this
is
basically
an
accidental
interview
study.
We
sometimes
blog
about
this
and
get
a
lot
of
replies
from
people
who
we
can
interview
and
which
we
usually
use
a
lot
on.
A
One
thing
that
we
figured
out
is
that
there's
an
interest
in
rust
from
two
sides.
First
of
all,
what
is
now
coming
up
as
a
term
which
is
called
mission
critical,
which
are
places
where
higher
confidence
levels
in
a
programming
language
are
actually
needed.
But
where
there's
no
regulatory
concerns
where,
for
example,
no
iso
standards
or
something
apply
and
safety
critical,
where
extreme
long-term
developments
are.
A
A
Rust
is
not
there
yet,
but
we
found
that
a
lot
of
companies
in
germany
are
trying
it
out
and
they're
tracking
the
progress
of
rust
and
pretty
often
they're
tracking
from
year
to
year
did
the
things
that
we
feel
missing,
get
better
or
worse,
and
the
feedback
that
we're
getting
is
oh,
actually,
it's
getting
better
and
a
large
part
of
that
is
also
the
verification
story
around
that,
and
there
are
multiple
projects
that
we
are
aware
of,
that
are
actively
being
implemented
with
us
that
are
targeting
those
industries
so
estimators,
actually
that
russ
could
be
there
in
one
or
two
years,
like
the
upper
end
of
that,
where
we
could
see
first
deployments
in
lower
safety,
criticalities
just
to
be
clear
so
to
address
a
couple
of
elephants
in
the
rooms
and
the
first
one
is:
whenever
we
talk
about
it,
everyone's
immediately
about
okay:
let's
talk
about
a
rust
specification.
A
A
Is
it
possible
for
us
to
acquire
a
version
of,
for
example,
rust
c
that
is
well
understandable
and
where
we
know
where
the
bugs
are
and
all
the
these
things
and
so
needs
for
qualification,
actually
much
more?
The
inspection
of
the
organization
that
ships
the
software,
the
creation
of
the
workflows
and
how
those
qualification
artifacts
are
built
and
the
assessment
of
what
is
the
current
level
and
how
much
we
can
trust,
for
example,
rest
c,
and
that
is,
for
example,
also
often
not
reachable
without
previous
use
in
lower
criticality
levels.
A
So,
if
you're
talking
things
like
acell
a
to
asl
d,
you
should
spend
some
day
some
year
sometime
in
a
and
b
and
but
there's
a
strong
need
for
understanding.
A
So
trust
levels
come
with
the
understanding
of
the
software
at
hand,
and
that
is
something
that
we
think
is
currently.
The
more
useful
debate
to
have
is
like
how
can
we
improve
trust
in
rust,
step
by
step,
because
that's
a
much
easier
to
achieve
goal
and
we've
already
done
that
in
some
ways,
so
feedback
that
we
got
was
also
okay,
there's
no
form
of
specification,
but
there's
the
rfc
process.
A
It
is
an
open
source
project,
but
it
has
a
security
response
group
since
day.
One
and
all
of
these
kind
of
things
actually
build
these
kinds
of
trust
things
and
our
check
boxes
there
and
there's
an
industry
need
to
improving
those
levels.
Given
that
these
industries
start
adopting
rust
so
there's
also
a
kind
of
a
an
existing.
A
An
existing
wipe
there
that
has
a
life
on
its
own.
One
thing
that
is
often
discussed
is
yeah
evolution,
speed
the
other
elephant
in
the
room.
How
much
is
it
a
problem
that
rust
is
released
every
six
weeks
and
their
the
opinions
are
actually
split?
I
was
surprised
that
they're,
not
all
conservative,
the
the
conservatives
option
is
a
view
is
obvious.
A
That
could
be
improved
because
and
that's
the
other
thing
we
are
moving
into
a
space
where
safety
critical
systems
are
not
fully
disjointed
from
from
the
rest
of
the
software,
for
example,
on
a
car,
and
so
there's
a
need
to
actually
increase
the
updated
patch
cycles
and
not
work
with,
for
example,
the
programming
language
edition
from
six
years
ago
that
later
went
went
to
qualification
and
stability
was
also
something
that
people
took
a
subtle
stance
on
programming
language
stability
is
very
much
of
the
interest,
but
when
you
go
down
to,
for
example,
a
lot
of
the
things
that
people
here
are
doing
on
verifying
mirror
and
all
of
these
kind
of
things
there's
much
more
an
error
of
yeah,
we
can
deal
with
breakage
there,
but
the
problem
that
we
currently
have
and
that
we
have
across
the
board
with
all
compilers
is
we
would
like.
A
We
would
like
to
have
an
intermediate
representation
that
would
break
every
every
a
couple
of
weeks
or
even
worse,
like
basically
at
random.
So
we
struggle
to
find
a
good
word
for
this
concept.
For
now
we
settle
to
addressable
so
being
looking
at
the
artifact
and
being
able
to
say
okay.
This
was
generated
by
russ
152
and
we
know
the
we
know
the
intermediate
representation
of
that
one
and
possibly
with
documentation
on
what
breaks
from
from
version
to
version.
A
A
There's
a
couple
of
strings
there,
an
actually
well
architected,
modern
compiler,
and
that
has
something
that
we
actually
got
as
feedback
without
telling
people,
and
that
was
interesting.
That
people
were
looking
at
rust
in
that
kind
of
detail
and
also
and
more
in
social,
effective
curiosity
for
methods
that
are
within
reach,
but
a
little
out
of
the
ordinary
on
on
what
the
current
state
is
and,
for
example,
compiler
vendors
that
we
spoke
to
we're
very
surprised
that
rust
already
has
facilities
for
back
ends.
A
That
seems
like
that
are
a
defined
interface,
not
a
stable
interface,
but
a
defined
interface
that
you
could,
for
example,
plug
into,
and
I
don't
know
for
what
reason
some
weren't
expecting
that
the
other
elephant
in
the
room.
Other
compilers.
A
Surprisingly,
many
said
that
it
is
a
strengths
that
currently
rust
is
the
rough
c
is
the
only
major
implementation
we
are
talking
about
in
10
years
here,
but
the
everyone
is
okay
with
that
a
growing
programming
language
at
the
beginning
just
has
one
implementation
and
but
there's
also
a
high
interest
in
little
as
little
divergence
as
possible.
A
What
that
is
in
form
of
is
that,
especially
in
the
embedded
industries
for
a
lot
of
niche
targets,
there
was
a
habit
to
fork
gcc
and,
at
some
point,
lose
the
chance
to
follow
the
main
gcc
or
just
lose
track
of
the
main
gcc.
So
a
lot
of
people
are
running
on
very
old
compilers,
but
there
is
interest
in
targeted
compilers
for
high
criticality
use
cases
very,
very
niche
use
cases
where
you,
for
example,
what
a
maybe
fully
verified,
compiler
something
concert-like,
for
example,.
A
So
the
whole
topic
of
the
specification
comes
up
again
and
again
right
that,
and
there
it
comes
up,
comes
up
more
and
more
so
do
we
need
a
specification
at
some
point,
maybe
to
an
extent,
maybe
for
parts
of
the
language,
because
at
some
point
what
is
rust
compatible
like?
How
can
I
check
if
I'm
rust
compatible
will
become
a
question
and
that's
the
point
where
this
becomes
a
relevant
question?
A
What
we
need
to
talk
about
our
specification,
but
one
thing
that
I
would
like
to
note:
there
is
there's
an
interest
in
and
that's
really
fuzzy
as
a
statement
in
modern
specification
practices
and
like
this
will
be
like
if
you
really
start
specifying
the
language
that
will
be
something
that
will
probably
live
on
for
decades
and
the
method
will
live
on
for
decades.
A
But
it's
not
like
any
anyone
has
said
like
this
is
this
is
what
it
would
look
like.
So
that
is.
That
is
a
good
question
and
a
good
research
question.
What
is
that?
What
is
the
specification
information,
yeah
verification?
I
have
accidentally
covered
on
the
site
that
verification
is
often
done
on
mir,
but
I'm
I
am
in
the
room
with
some
people
that
I
that
I
actually
had
chats
about,
and
I
think
this
is
the
the
one
that
is
very
commonly
known
here.
A
So
mir
becomes
a
very
interesting
target
to
invest
in.
I
think
technology
wise
the
whole
area
of
the
compiled
internals
in
the
intermediate
representation
so
and
the
the
thing
that
we
came
away
with
is
where
there's
a
lot
of
rectification,
efforts
around
rust,
but
that
backs
a
little
bit.
The
question
on
whether
the
core
product
of
the
compiler
would
support
it
better.
A
So
essentially,
whatever
c
were
not
just
a
compiler
but
also
appreciated
the
use
cases
presented
here
in
giving
giving
hooks
and
and
interfaces
to
do
these
kind
of
things,
maybe
with
different
different
guarantees
and
not
part
of
the
language
interface,
but
more
as
something
that
yeah
becomes
a
like
becomes
a
normal
normal
thing
to
investigate
in
the
in
the
product
development
yeah.
So
that's
it
for
me.
I
hope
there's
still
time
for
questions.
B
Yes,
thank
you
very
much.
We
do
have
time
for
questions,
so
one
question
that
already
came
up
in
the
chat
was
when
you
talk
about
the
language
specification.
Are
you
talking
about
the
formal
specification
or
just
in
general,
a
document
that
describes?
Maybe
in
plain
english,
this
syntax
and
semantics?
I.
A
Take
no
stance
on
this.
I
have
too
many
hats
to
take
sense
of
this
no
seriously.
This
is.
I
think
this
is
something
when
we're
talking
about
a
specification.
This
is
something
that,
if
we
want
to
endeavor
on
saying,
we
would
like
to
move
rust
towards
a
specification
that
must
be,
in
my
opinion,
something
that
the
project
leads,
and
especially
also
a
lot
of
the
parties
that
actually
consume.
A
That
specification
need
to
be
involved
in
for
that
to
properly
stick
with
my
rust
community
team
hat
on
I
I
would
love
if
that
was
a
a
broad
group
with
with
relevant
representatives
from
industries,
academia
and
and
other
places
that
would
consume
that
first
occasion,
that's.
A
B
Know
that
perfectly
fine,
any
other
questions.
C
A
That's
all
over
the
place
and
that's
also
very
different
on
industries.
A
One
thing,
for
example,
that
is
interesting
interesting,
is
that,
for
example,
aerospace
does
not
care
about
anything
that
the
compiler
does
they
completely
verify
the
artifact
that
falls
out
of
the
compiler
and
don't
care
about
the
tools.
So
a.
C
A
Of
the
discussions
they
had
about,
but
all
of
this
doesn't
actually
matter
and
they
use
they
use
a
lot
of
model
checkers
so
basically
like
this
is
all
that
the
system
can
do
and
then
it
tests
it
that
checks
whether
it
actually
complies
to
the
model
and,
on
the
other
hand,
other
places
rely
more
on
the
tools
and
are
more
interested
in
qualification
and
the
tool
for
being
correct.
A
So
what
you
do
is
you
you
qualify
the
compiler
and
qualify
all
the
libraries
and
pretty
often
vendors
of
libraries
or,
for
example,
operating
systems
then
use
formal
methods
for
that.
So
there's
a
there's,
a
more
of
a
mixed
field
there,
but,
for
example,
we've
seen
cell
four
here
or
other
other
systems
used
in
these
cases
are
using
formal
methods
for
that.