I read in the linked article on the Qt blog that it is certified for a bunch of ISO standards.
Is Qt the only widget library that fulfills these "Safe Renderer" criteria? Those ISO standards?

I don't know how Qt does all this, or what makes it special, or what all those ISO standards require.
Is this just formal thing like the UNIX trademark that other toolkits such as GTK could pass if it were to go through such a process, or is it some special technical things that are required?

And are there any drawbacks to it such as poor performance or something? I guess it is just part of Qt, a subset that is certified so that developers must explicitly use the "Safe Renderer" component(s). I guess normal Qt apps won't use any of this.

While I am no expert on this particular code. It look like the Safe Renderer is a separate module with separate functionality. Probably with rewritten limited code to be able to certify it for its specific purposes, instead of trying to certify the normal desktop Qt. I don't think there would be any way to certify a normal full featured rendering toolkit, so instead it is written/rewritten for the purpose.

See here for proposed use cases: https://doc.qt.io/QtSafeRenderer/qts...html#use-cases

I was wondering that, too. Does anything else, open or closed, meet those standards? I tried Googling the standard.....it didn't help as much as I thought it would.

I imagine many widget toolkits alongside OpenGL|SC will fulfill this in terms of renderer.

Some additional info here:
https://www.qt.io/press/qt-receives-...-safety?page=1

However the last widget toolkit I have seen with formal safety critical certifications was Motif.

I don't know if this is the case here, but "functional safety" certifications often have more a requirement that the manufacturer is liable for any damages caused by failure of the component. Of course, only commercial software will apply for such a certification, because it means that they can sell the product at a significant premium.

I’m definitely biased by my experience of “unsafe” Linux on consumer hardware, but the idea that my life might depend on Linux working flawlessly is terrifying. I can’t help feeling that it’s not suited for this use-case.

Special technical things are required - in general memory consumption, time taken between a message from its display, etc. must be provably (in the "formal proof" sense) bounded. Here are some rules that one has to follow to comply with ASIL rules:

- One entry and one exit point in subprograms and functions

- No dynamic objects or variables, or else online test during their creation

- Initialization of variables

- No multiple use of variable names

- Avoid global variables or else justify their usage

- Limited use of pointers

- No implicit type conversions

- No hidden data flow or control flow

- No unconditional jumps

- No recursions

Good luck making GTK fit into this

In general you would use this on QNX, not Linux.

That's a fair point, but I was also including the (admittedly unrelated) real-time Linux kernel in my comment.

Its not about Realtime or not.

To fit saftey requirements the whole development process must be included. Requirement Mangement, Change Management, Testing, Tracebility(!), Documentation, Responsebilities, stakeholders.. all must be included, the real implemention will be just one of many parts of your effort. In case of bugs to fix something you cant even send any Update over night... Your implementation is not "just coding", it has to fit many code requirements too like @doom_Oo7​ listed. Just look for MISRA.

Btw, the Linux kernel is very far away from MISRA code guidelines.

For MCU solutions there are multiple safety solutions available. They are just less famous outside of these safety context. Guess QT will support them. What will be the safety relevant part of QT? Display the velocity and some status informations? Here is the point again.. lot of effort for only some usecases.