C, Rust, C-rusted and MISRA for safe and secure embedded software

Authors. R. Bagnara, A. Bagnara, N. Vetrini, and F. Serafini.

In DESIGN&ELEKTRONIK, editor, embedded world Conference 2025 — Proceedings, pages 343–364, Nuremberg, Germany, 2025. WEKA FACHMEDIEN, Richard-Reitzner-Allee 2, 85540 Haar, Germany.

Abstract:

C has long been the dominant programming language for embedded systems due to its efficiency, portability, and close-to-hardware capabilities. However, C’s low-level memory management and absence of strong safety guarantees expose it to common vulnerabilities such as out-of-bounds accesses, null or invalid pointer dereferencing and memory leaks. To mitigate risks associated with C’s flexibility and potential for misuse, the MISRA guidelines became a de facto standard in all sectors where safety and security are crucial. Nonetheless, the embedded systems community, following a trend common to the entire IT world, has been exploring alternatives like Rust. Rust’s design inherently reduces the likelihood of common programming errors seen in C, making it an appealing choice for safety- and security-critical embedded software. However, transitioning from C to Rust is not without challenges and hence proposals, such as C-rusted, that can provide a gradual migration path with the same guarantees of Rust but in standard C, are particularly interesting. This presentation features a comparative analysis of C, Rust, C-rusted and the MISRA guidelines (including the potential for a possible MISRA Rust coding standard), with a focus on their implications for embedded software safety and security. We discuss the respective strengths, limitations and use cases, offering insights into how organizations can choose and apply these tools and methodologies based on specific project requirements.