From C++ to Rust: The Changing Landscape of Automotive Programming

12-06-2023 | By Paul Whytock

Paul Whytock, a seasoned technology correspondent with over thirty years of experience in the electronics industry and a former design engineer with Ford Motor Company, explores the shift from C++ to Rust in automotive software. 

Automotive Software's Evolution 

Today’s cars can be likened to a computer on wheels because of the amount of data that has to be handled to ensure that all onboard electronic systems function properly.

Engineer using 3D CAD software on a computer, testing an electric car chassis prototype with wheels, batteries, and engine in a high-tech development lab.

Some cars now run more lines of code than, for example, the 1,300mph Lockheed Martin F-22 Raptor stealth fighter aircraft, which runs nearly 2 million lines of code and the 6.8 million lines run by Boeing’s 787 Dreamliner. 

So when it comes to automobile software languages, programmers and vehicle engineers know just what the computational pressures of modern car design are. And those pressures will continue to escalate as designers work towards creating truly autonomous vehicles.

C++ to Rust: A New Era

The automotive software of choice by car makers for decades has been C and C++, but that is starting to change. As a programming language, C++ is very successful. Developed back in the early 1980s by Danish computer expert Bjarne Stroustrup, it’s a very strong practical language that handles real-world applications extremely well.

For instance, C++ is known for its efficiency and control over system resources. It allows low-level manipulation of memory, a feature that is crucial in systems programming and to run large applications. 

Having said that, it has its critics, and one of the commonly expressed negatives is that it has become overly complicated by trying to be a jack-of-all-trades programming option.

But now, for car makers, there is a relatively new kid on the programming block that is going to have a big influence on how future cars operate and how and securely their complex electronic systems function.

Why Rust? Exploring Benefits

It’s called RUST, which became fully available in 2015, and it has some aspects that make it highly suitable for vehicle applications. Its capability regarding critical safety and security aspects of vehicle functions is prime among these. Not surprising then that automotive associations like Autosar and SAE International (formerly known as the Society of Automotive Engineers with around 130,000 members worldwide) are investigating the use of RUST in automotive software systems.

According to the Society of Automotive Engineers (SAE), Rust's safety and security features make it a promising choice for automotive software systems [1]. 

Initial reaction to RUST was mixed, and there were concerns that adoption of the programme by industry could be slow. This is not surprising. Many engineering projects have existing code in place, and it’s not viable to change all of those in a bid to implement a new language. RUST was, therefore, more likely to be considered for start-up projects where there were no previous code commitments. However, this situation was appreciated by the writers of RUST, who worked to make it compatible with C++.

To illustrate, Rust's compatibility with C++ means that it can be integrated into existing C++ codebases, allowing for a gradual transition rather than a complete overhaul. 

When it comes to working with C++, RUST provides a Foreign Function Interface (FFI) to C libraries.   This facilitates a way for a programme written in one language to interact with functions compiled in a different one.

Consequently, the FFI makes it possible to implement new features in RUST in an application where the principal language is C or C++ or, conversely, use existing C/C++ code in a RUST-supported application.

As explained in the Wikipedia article on Foreign Function Interface (FFI), this feature allows Rust to interact with functions compiled in C++, facilitating the integration of new features [2]. 

As for the concerns about how readily the car makers would embrace RUST, this has been alleviated by its adoption by Volvo, Ford, General Motors, BMW, Bosch, Volkswagen, Toyota and many more.

So why are these companies keen on the RUST language? Simply put, to move forward with more complex electronics systems in cars, the manufacturers require programming languages which can resolve safety and security issues that currently C and C++ are vulnerable to. This needs to happen without losing the runtime strength of C++.

RUST is considered a capable alternative because the Ownership Based Resource Management (OBRM) method employed by RUST for handling data ensures memory safety without negatively impacting runtime. It also ensures the safe sharing of data among multiple execution threads. In addition to these, the RUST compilers are good at highlighting code errors, so developers can quickly remedy these. 

ISO Compliance and Rust

So RUST is showing numerous advantages and in, particularly when it comes to a vehicle’s critical safety items. But there are those in the industry concerned that RUST does not comply entirely with ISO 26262. This is important because this industry standard applies to the safe development and operation of electronic and electrical systems in automotive design. 

Many industry watchers are confident that compliance will soon happen. Both the aforementioned industry bodies, SAE International and Autosar, have groups working on definitions of how RUST can handle critical safety aspects of automotive system programming.

However, when the actual question of which semiconductor manufacturers are using the RUST language is asked, you won’t get many replies.

One semiconductor company that is already implementing the benefits of RUST in embedded systems is German chip manufacturer Infineon. It sees an advantage with the language when it comes to security issues and claims it is the first semiconductor company to support the language.

Rust is being employed in its microcontrollers AURIX TC3 and TRAVEO T2G automotive microcontrollers (MCUs). TRAVEO uses the official RUST tool chain and Arm Cortex-M targets. A dedicated RUST compiler has been developed for AURIX by Infineon’s tool partner HighTec EDV-Systeme. 

HighTec recently joined the RUST Foundation as a silver member to further support the development of RUST. The company developed a RUST compiler based on LLVM technology which is a set of compiler and toolchain technologies that can be used to develop a front-end for any programming language and a back-end for any instruction set architecture.

References:

  1. Society of Automotive Engineers (SAE). (2023). Exploring the Use of Rust in Automotive Software Systems. Retrieved from https://www.sae.org

  2. Wikipedia. (2023). Foreign Function Interface. Retrieved from https://en.wikipedia.org/wiki/Foreign_function_interface

  3. International Organization for Standardization (ISO). (2023). ISO 26262-1:2011 Road vehicles — Functional safety — Part 1: Vocabulary. Retrieved from https://www.iso.org/standard/43464.html

  4. Infineon Technologies AG. (2023). AURIX TC3 and TRAVEO T2G Automotive Microcontrollers. Retrieved from https://www.infineon.com

  5. HighTec EDV-Systeme GmbH. (2023). HighTec Joins Rust Foundation. Retrieved from https://hightec-rt.com/en/news/blog/item/hightec-joins-rust-foundation

  6. Rust Foundation. (2023). Rust Foundation. Retrieved from https://foundation.rust-lang.org

Facebook icon LinkedIn icon
paul-whytock.jpg

By Paul Whytock

Paul Whytock is Technology Correspondent for Electropages. He has reported extensively on the electronics industry in Europe, the United States and the Far East for over thirty years. Prior to entering journalism, he worked as a design engineer with Ford Motor Company at locations in England, Germany, Holland and Belgium.