This article is part of the TechXchange: Rusty Programming.
Rust is a somewhat new programming language that’s designed to reduce the number of common errors by providing a more restrictive and descriptive programming environment. It’s built to compete with C in performance while significantly minimizing the number of errors a programmer might accidentally include in an application.
Several aspects of Rust make it more robust than C, such as tracking memory utilization, including pointers. The Rust borrow checker forces the programmer to explicitly control the use of memory references, thereby preventing many of the most common errors found in C programs.
Though Rust is a general programming language, it can also be used for bare-metal and operating system implementations where C is dominant. The challenge in using Rust these days is that the open-source project continues to evolve the language. While that’s great for improving the language, it can wreak havoc on programmers who need to support applications on a long-term basis.
Rust implements much of its error checking at compile time using static analysis. MISRA C also uses static analysis, but C doesn’t provide the ability to describe how things like memory are controlled with respect to pointer usage. MISRA C is used in markets such as automotive, although Rust is much more robust in allowing programmers to define how memory references are manipulated. Rust still lacks features like contracts found in Ada/SPARK, but Rust’s memory reference tracking is superior.
Two companies, Ferrous Systems and AdaCore, are at the forefront of Rust support for applications that need qualified versions of the compiler and tools to meet standards requirements. Standards include ISO 26262 and IEC 61508 as well as the more demanding DO-178C, ISO 21434, and IEC 62278.
Ferrous Systems’ solution is called Ferrocene, and AdaCore has the GNAT Pro for Rust, which is based on its GNAT Pro tool series that supports C, C++, Ada, and SPARK development. These tools target high-quality, high-reliability software applications but are equally suitable for developing any embedded application. AdaCore provides Ada-Rust bidirectional bindings that allow for mixed language application implementations. AdaCore is an ISO 9001-compliant and NIST SP 800-171 organization targeting SLSA Build Level 3 compliance.
The main difference between the open-source version of Rust and the commercial versions are the level of support, including bug fixes and long-term support. Both companies have a track record of supporting safety and security environments from automotive to avionics.
Using Rust can be a challenge given C’s dominance, but there are Rust drivers in Linux now. Rust is ideal for implementing drivers, operating systems, and bare-metal applications where high-quality software is paramount to safety and security.