C has long been the dominant programming language for embedded systems due to its efficiency, portability, and close-to-hardware capabilities. However, C's low-level memory management and absence of strong safety guarantees expose it to common vulnerabilities such as out-of-bounds accesses, null or invalid pointer dereferencing and memory leaks. To mitigate risks associated with C's flexibility and potential for misuse, the MISRA guidelines became a de facto standard in all sectors where safety and security are crucial. Nonetheless, the embedded systems community, following a trend common to the entire IT world, has been exploring alternatives like Rust. Rust's design inherently reduces the likelihood of common programming errors seen in C, making it an appealing choice for safety- and security-critical embedded software. However, transitioning from C to Rust is not without challenges and hence proposals, such as C-rusted, that can provide a gradual migration path with the same guarantees of Rust but in standard C, are particularly interesting. This presentation features a comparative analysis of C, Rust, C-rusted and the MISRA guidelines (including the potential for a possible MISRA Rust coding standard), with a focus on their implications for embedded software safety and security. We discuss the respective strengths, limitations and use cases, offering insights into how organizations can choose and apply these tools and methodologies based on specific project requirements.
C, Rust, C-rusted and MISRA for Safe and Secure Embedded Software / Bagnara, Roberto; Vetrini, Nicola; Ciucci, Luca; Bagnara, Abramo; Serafini, Federico. - (2025), pp. 343-364. (Intervento presentato al convegno embedded world Conference 2025 tenutosi a Nuremberg, Germany nel March 11-13, 2025).
C, Rust, C-rusted and MISRA for Safe and Secure Embedded Software
Roberto Bagnara;Federico Serafini
2025-01-01
Abstract
C has long been the dominant programming language for embedded systems due to its efficiency, portability, and close-to-hardware capabilities. However, C's low-level memory management and absence of strong safety guarantees expose it to common vulnerabilities such as out-of-bounds accesses, null or invalid pointer dereferencing and memory leaks. To mitigate risks associated with C's flexibility and potential for misuse, the MISRA guidelines became a de facto standard in all sectors where safety and security are crucial. Nonetheless, the embedded systems community, following a trend common to the entire IT world, has been exploring alternatives like Rust. Rust's design inherently reduces the likelihood of common programming errors seen in C, making it an appealing choice for safety- and security-critical embedded software. However, transitioning from C to Rust is not without challenges and hence proposals, such as C-rusted, that can provide a gradual migration path with the same guarantees of Rust but in standard C, are particularly interesting. This presentation features a comparative analysis of C, Rust, C-rusted and the MISRA guidelines (including the potential for a possible MISRA Rust coding standard), with a focus on their implications for embedded software safety and security. We discuss the respective strengths, limitations and use cases, offering insights into how organizations can choose and apply these tools and methodologies based on specific project requirements.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
