Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.cerulion.com/llms.txt

Use this file to discover all available pages before exploring further.

A segfault in your camera node crashes your camera node. A segfault in the middleware crashes everything. Your middleware is the runtime that all other code depends on. When it has undefined behavior, failures are intermittent and unreproducible. When it has data races, your system works in testing and fails in deployment. ROS2’s C++ backend is exposed to all three. Cerulion’s Rust backend eliminates them at compile time. Memory safety, fearless concurrency, no undefined behavior — enforced by the compiler.

Three Safety Dimensions

Memory safety — no segfaults

Rust’s ownership system guarantees that memory is always valid when accessed. No use-after-free, no double-free, no null pointer dereferences. The compiler enforces these rules — they can’t be circumvented by mistake.Why this matters for middleware: A segfault in your camera node crashes your camera node. A segfault in the middleware crashes every node on the machine. The middleware is the last place you want memory safety bugs.
// Rust prevents use-after-free at compile time
let publisher = create_publisher("image");
let message = Image::new();
publisher.send(message);
// message is moved — can't accidentally use stale data
// Compiler error if you try to access message after send
In C++, the equivalent code compiles and runs — until it doesn’t. The message object might be valid, or it might be freed. You won’t know until production.
Undefined behavior in C++ means the compiler can do anything — optimize away safety checks, reorder operations, or produce code that works on your machine and fails on your customer’s.Why this matters for middleware: UB makes failures non-reproducible. A bug that manifests on one platform, one compiler version, or one optimization level but not another is nearly impossible to diagnose. When your middleware has UB, you can’t trust any of its guarantees.Rust’s type system and borrow checker make UB impossible in safe code. The only way to introduce UB is through explicitly marked unsafe blocks, which are minimal and auditable in Cerulion’s codebase.
Rust’s type system prevents data races at compile time. If two threads can access the same data, the compiler requires explicit synchronization. You can’t accidentally share mutable state between the publisher thread and the network background thread.Why this matters for middleware: Cerulion’s dual-transport architecture has inherent concurrency — local publishing, network background threads, subscriber callbacks, and the scheduler all run simultaneously. In C++, each interaction point is a potential data race. In Rust, the compiler verifies correctness.
// Rust enforces thread safety at compile time
let publisher = topic_manager.create_publisher::<Image>("camera/frame");

// The compiler guarantees no data races between:
// - The scheduler calling publisher.send()
// - The background thread serializing for network
// - The subscriber reading from shared memory

Middleware Is Different

This isn’t about Rust being a better language in general. It’s about what properties matter for a specific category of software: a runtime that all other code depends on.
PropertyWhy It Matters for Middleware
🛡️ Memory safetyA middleware crash takes down every node on the machine
🔒 No undefined behaviorNon-reproducible bugs in the middleware undermine all guarantees
🔄 Fearless concurrencyDual-transport architecture requires correct concurrent code by construction
⏱️ Runs continuouslyLong-running processes accumulate the cost of memory bugs
The argument is narrow: the middleware layer specifically benefits from compile-time safety guarantees because it runs continuously, all other software depends on it, failures are catastrophic rather than isolated, and concurrency is inherent to its architecture.
Today, nodes are written in Rust via the cerulion_core_v2 crate. Coming Soon Python SDK and C++ SDK are in development — so you’ll be able to write nodes in your language of choice without the middleware runtime requiring Rust.
Ready to try Cerulion? Start with the quickstart and have a working camera-to-display pipeline in 5 minutes — or schedule a 15-min call with the team.