12. Certified subset¶

The Certified core library API docs is the autoritative document stating which items are included in the certified subset of the core library.

12.1. Compliance with subset¶

To prove compliance with the subset, follow these steps:

Ensure that your code successfully compiles with your compilation target.
Ensure that it also compiles with the subset equivalent listed in the table below.
If it succeeds, your code is compliant with the subset.
If it fails, do one of the following:
1. Remove the non-compliant function(s) and rewrite the code to maintain the semantics.
2. Contact Ferrous Systems to discuss the option of adding your desired function(s) to the certified subset.
3. Keep using the function(s), but prove safety yourself. See Use uncertified core functions.

Warning

Subset targets can only be used to verify compliance with the subset. Subset targets cannot be used at runtime as a certified target. When creating a certified production build, use a certified target instead.

Compilation target	Subset equivalent
`aarch64-unknown-none` `aarch64-unknown-nto-qnx710`	`aarch64-unknown-ferrocene.subset`
`thumbv7em-none-eabi`	`thumbv7em-ferrocene.subset-eabi`
`thumbv7em-none-eabihf`	`thumbv7em-ferrocene.subset-eabihf`
`x86_64-unknown-linux-gnu` `x86_64-pc-nto-qnx710`	`x86_64-unknown-ferrocene.subset`

12.2. Use uncertified core functions¶

For functions in the certified subset of the core library, Ferrous Systems proves the safety to use it in all contexts that are in scope of the certification.

For functions outside of the certified subset, this safety is not proven by Ferrous Systems.

Nevertheless, using those functions is still possible for customers if they prove the safety themselves. Often this is even more feasible because only the exact usage of the function has to be proven safe and not all possible uses.