Adoption of Rust in the automotive industry
To develop automotive software in Rust, you will need to consider a few factors discussed below.
Interoperability with C and C++ code
Adopting a new language in a greenfield project is relatively straightforward. However, most projects start with an existing codebase and prior work already having been done. Clearly, it’s not practical to simply change all of the existing codebase into Rust. Apparently, Rust designers were mindful of this fact, and as a result, the language provides good mechanisms for interoperability with C/C++.
The Foreign Function Interface (FFI) provides built-in support for binding with external C code. Though C++ bindings are not directly supported by FFI, the cxx library provides a safe mechanism for calling C++ code from Rust and Rust code from C++. This makes it possible to implement some new features in Rust in a project where the primary language of development is C or C++, or use existing C/C++ libraries in a Rust application.
It’s worth noting that Rust may not provide the seamless interoperability with C++ that Carbon does. Although Carbon has been spoken of as a natural successor to C++, it is currently in a somewhat experimental phase; it may take a long time to reach a state where it can be used for production grade software development in the automotive industry.
Rust for safety critical systems
Functional safety and cyber security are primary requirements for automotive software. Rust inherently offers memory safety, thread safety and type safety which is a prerequisite for developing functionally safe and secure software.
As mentioned earlier, more than 70% of all common vulnerabilities and exposures at Microsoft are memory safety issues. Several industry-wide studies indicate similar observations about security vulnerabilities. This makes Rust a particularly useful language for developing secure software.
At present, standard Rust tools (rustc compiler) are not ISO 26262 compliant. However, multiple initiatives within the automotive industry indicate that there is interest in adopting Rust for automotive software development. Below are a few projects/initiatives that demonstrate this intent.
- Ferrocene Language Specification (FLS)
AdaCore and Ferrous Systems are building a qualified Rust toolchain for safety-critical systems to cater regulated markets such as automotive, avionics, space and railway.
AUTOSAR formed a subgroup within the Working Group for Functional Safety (WG-SAF) to investigate how Rust could be applied in Adaptive Platform Context.
- SAE forms SAfEr Rust Task Force
SAE International has formed a task force to generate a document describing the guidelines for writing safety critical software in Rust for the automotive and avionics industry.
- Eclipse SommR
SommR is an automotive grade implementation of the SOME/IP specification for embedded Linux systems. This is an Eclipse foundation project which is being developed in Rust.
Rust-for-Linux is a Linux Foundation project which aims to add support for the Rust language to the Linux Kernel. Though this is not an automotive industry specific project, Linux is widely used as an operating system in various industries including the automotive industry.
Further, at the time of writing, it is being reported that Linux kernel from version 6.1 will officially support Rust.
Rust with ROS
ROS (Robot Operating System) is an open source software development kit for robotics applications. It’s backed by several automotive companies as it provides useful tools for autonomous driving. Autoware is an open source project built on ROS which specifically helps to develop software for autonomous vehicles.
ROS doesn’t officially support Rust’s client library, but ros2-rust is a community-driven project which includes a set of projects (the rclrs client library, code generator, examples and more) that helps developers write ROS 2 applications in Rust.
Rust for embedded systems
Rust is suitable for resource constrained bare metal embedded systems (ie. they don’t have an operating system) with limited computation power and onboard memory. Typically, C (and, to a lesser extent, C++) is preferred for such applications; however, the memory safety and type safety offered by Rust can be useful in such applications as well. The Embedded Rust Book discusses in detail how Rust can be used for embedded systems.
Rust adoption strategy
Using Rust for a greenfield project would be straightforward — you just need to choose Rust for your project! However, in many cases, you will have an existing codebase or dependencies written in other languages like C++. With the interoperability features available in Rust for C/C++, it’s possible to develop some components of the project in Rust and then integrate these components with the rest of the C++ code. CXX is a library which provides a safe mechanism for two-way binding between C++ code and Rust code. There are multiple possible approaches; which one you choose will ultimately be based on architecture, project file structure, and primary build tools.
For example, in a C++ project which uses CMake build tools, you may write custom cargo commands to build Rust components.
There could also be a scenario where you started with a Rust project and you want to use an existing C++ component such as a licensed C++ library. Cargo provides different ways to build C++ code or use C++ libraries with Rust code.
Although, technically it’s feasible to combine Rust and C++ components in a project, it nevertheless poses certain challenges for maintenance and project management. The software architecture could, for instance, become a bit complex, and the project team will inevitably require both C++ and Rust developers. If existing C++ developers plan to learn and develop in Rust, it should be noted that there is a significant learning curve — this means it could take some time for them to get up to speed enough to ship Rust code.
Conclusion
Rust matches C++ in terms of performance and, in some quarters, much more, particularly when it comes to memory safety, managing runtime issues and security vulnerabilities. For these reasons, we can be confident in using it in the automotive space. And as automotive software evolves for SDVs, moving to Rust will likely only increase in attractiveness. It could help manage post-release maintenance costs and allow product teams to focus on new features, ultimately reducing the time to market.
The challenges with Rust, such as the lack of an ISO26262 compliant toolchain, its learning curve and the availability of the talent in the industry, are temporary. As the tools available for Rust become certified from a safety perspective and interest in the language grows any sense of trepidation about using it will begin to dissipate. Moreover, because Rust has features that make it interoperable with other programming languages, it should be possible for project managers to develop delivery strategies that minimize delays and spiraling costs.In the current situation, where companies are facing issues handling rising software complexity, many will be tempted to shy away from such a bold move. However, being quick to adopt Rust not only offers a real chance to gain a competitive advantage, it could also trigger a change in the domain. The question is not if Rust, but when!