Jonathan Lalou's Blog

Posts Tagged ‘OxidizeConf2024’

From Novice to Custom PCB

Embarking on a journey from minimal electronics knowledge to designing a custom printed circuit board (PCB) is a daunting yet rewarding endeavor. At OxidizeConf2024, Josh Junon from GitButler shared his nine-month odyssey of building a PCB with an STM32 microcontroller, powered by async Rust firmware. Josh’s candid narrative detailed his trials, errors, and eventual success in creating a component for kernel CI/CD testing pipelines, offering valuable lessons for software developers venturing into hardware.

With a strong software background but little electronics experience, Josh tackled the complexities of PCB design, from selecting components to soldering hair-thin parts. Using Rust’s async capabilities, he developed firmware that leveraged interrupts for efficient communication, integrating the PCB into a larger project. His story underscores Rust’s versatility in bridging software and hardware, enabling developers to create reliable, high-performance embedded systems without extensive hardware expertise.

Practical Lessons in Hardware Development

Josh’s presentation was a treasure trove of practical advice. He emphasized the importance of verifying component sizes early, as datasheets often understate their minuteness. For instance, selecting appropriately sized parts saved costs and prevented assembly errors. He also advised against prioritizing aesthetics, such as costly black solder masks, in favor of affordable green ones. These lessons, born from trial and error, highlight the importance of aligning hardware choices with project constraints, particularly for budget-conscious developers.

Rust’s async ecosystem, including libraries like embassy, facilitated Josh’s firmware development. The STM32F4 (or possibly F7) microcontroller, though potentially overpowered, provided a robust platform for his needs. By sharing his GitHub repository, Josh invites community feedback, fostering collaboration to refine his approach. His experience demonstrates how Rust’s safety guarantees and modern tooling can empower software developers to tackle hardware challenges effectively.

Balancing Cost and Learning

Cost management was a recurring theme in Josh’s journey. He cautioned against over-purchasing components and investing in expensive equipment early on, noting that basic tools suffice for initial projects. Custom stencil sizes, while tempting, added unnecessary costs, and Josh recommended reusing standard boards for versatility. Despite these challenges, the learning outcomes were profound, equipping Josh with skills in microcontrollers, interrupts, and embedded programming that enhanced his broader project.

Josh’s success highlights Rust’s role in democratizing hardware development. By leveraging Rust’s ecosystem and community resources, he transformed a side quest into a valuable contribution to kernel testing. His call to “just do it” inspires developers to explore hardware with Rust, proving that persistence and community support can yield remarkable results in unfamiliar domains.

Links:

• GitButler company website

Orchestrating Complex Systems with Rust

In the realm of industrial automation, managing fleets of autonomous mobile robots (AMRs) demands precision and reliability. At OxidizeConf2024, Andy Brinkmeyer from Arculus shared his experience developing a deterministic fleet management system using Rust, orchestrating over 100 robots in warehouse and manufacturing environments. Andy’s presentation highlighted how Rust’s performance, safety, and expressive type system enabled Arculus to tackle order coordination, route planning, and traffic management with a robust, maintainable codebase.

Arculus’s fleet management system handles the intricate task of transporting goods in confined spaces like distribution centers. Andy explained how Rust’s ecosystem facilitated a re-simulation framework, allowing developers to replay recorded logs to debug and validate system behavior. By combining synchronous deterministic components with an async I/O runtime, Arculus created a mockable system design that ensures consistent outcomes, critical for mission-critical applications where predictability is non-negotiable.

Leveraging Rust’s Concurrency Primitives

Rust’s concurrency model played a pivotal role in Arculus’s system. Andy detailed the use of synchronous components for core logic, processing fixed-size input messages to advance the system state. This deterministic approach eliminates the need for async within the main event loop, simplifying the architecture. However, async I/O was employed for external communication, using Rust’s tokio runtime to handle network interactions efficiently. This hybrid design balances performance with flexibility, enabling re-simulation without altering core logic.

When questioned about intra-task async operations, Andy noted that Arculus found no need for such complexity, as the deterministic state machine sufficed for their use case. The system’s ability to mock I/O components during re-simulation allows developers to isolate issues, though Andy acknowledged challenges in replaying new messages due to state dependencies. This approach underscores Rust’s ability to support complex industrial systems with clear, maintainable code.

Enhancing Maintainability with Procedural Macros

Procedural macros were a cornerstone of Arculus’s development process, enhancing code readability and maintainability. Andy described how macros derived state representations for complex types, reducing boilerplate and ensuring consistency across the fleet manager’s modules. This approach streamlined debugging and integration testing, with a Rust-based test framework enabling developers to recreate issues efficiently. By stepping into problematic states with a debugger, Arculus could pinpoint errors without simulating the entire system.

The talk also addressed limitations, such as the inability to fully replay new messages due to circular dependencies with robot communications. Andy suggested that future work could explore vehicle simulation to address this, though current methods—leveraging integration tests and deterministic logs—prove effective. Rust’s ecosystem, including tools like cargo, empowered Arculus to build a scalable, reliable system, setting a benchmark for industrial automation.

Links:

• Arculus company website

Pioneering Rust in Automotive Middleware

The automotive industry demands robust, reliable software to manage complex communication protocols, particularly for software-defined vehicles. At OxidizeConf2024, Sebastian Rietzscher from CARIAD, alongside Simon Gasse and Morgen Mey from Accenture, delivered an insightful exploration of SommR, a Rust-based implementation of the Scalable Service-Oriented Middleware over IP (SOME/IP) protocol. This trio from Volkswagen’s software arm and Accenture’s consulting expertise showcased how Rust’s safety and performance features enable a modern approach to automotive communication, addressing challenges in serialization, testing, and documentation.

SOME/IP, a standard for remote procedure calls and service discovery in automotive electronic control units (ECUs), is typically implemented in closed-source stacks. Sebastian, Simon, and Morgen presented SommR as a fully Rust-based alternative, focusing on its daemon—the central hub for communication. The daemon facilitates publish-subscribe patterns and service discovery over TCP or UDP, critical for rich OS ECUs running Linux or real-time embedded systems. By leveraging Rust, SommR ensures type safety and memory guarantees, vital for meeting ISO 26262 safety standards.

Simplifying Communication with Serde

A key challenge in SOME/IP is its flexible serialization, which allows varied string encodings and tag-length-value formats, complicating deserialization. Simon detailed SommR’s use of a specialized serde data format to handle this complexity. Unlike eager deserialization, which loads entire payloads into memory, SommR explores limited borrowing to optimize performance, though Sebastian noted constraints due to SOME/IP’s inconsistent struct layouts. This approach enhances efficiency in resource-constrained ECUs, ensuring robust communication between applications and the daemon.

The team also introduced cloneable connections, enabling multiple applications to share communication channels without compromising safety. This design simplifies app-to-app interactions across the network, a critical feature for automotive systems where scalability is paramount. By integrating serde with Rust’s type system, SommR provides a clean, safe API that reduces errors and enhances maintainability, aligning with the industry’s push for reliable software in safety-critical environments.

Enhancing Testing with Custom Macros

Testing in automotive software requires rigorous coverage to meet quality standards, yet debugging complex macros can be daunting. Morgen shared how SommR extended Rust’s #[test] macro to create a custom testing framework, making it more accessible and engaging. Using tools like cargo-expand, quote, and syn, the team simplified macro development, while trybuild sanitized error messages, improving developer experience. This effort resulted in an impressive 80% test coverage, satisfying quality departments and encouraging broader test adoption among developers.

The custom macro approach streamlined testing for SommR’s daemon and applications, ensuring compliance with automotive standards. However, challenges like macro debugging complexity were acknowledged, with Morgen advising reliance on established tools to avoid manual token stream manipulation. This testing strategy not only enhances code reliability but also fosters a culture of quality within the development team, a critical factor for SommR’s planned transition to mass production.

Addressing Versioning and Observability

Versioning and observability posed significant hurdles for SommR, particularly in maintaining compatibility across frequent updates. Sebastian highlighted the team’s detours in managing versioning, where Rust’s strict type system required careful handling to avoid breaking changes. Observability, crucial for monitoring communication flows in automotive systems, was improved through enhanced logging and tracing, leveraging Rust’s ecosystem tools to provide actionable insights.

Documentation emerged as a final theme, with the team emphasizing its role in ensuring SommR’s usability and maintainability. By prioritizing clear, comprehensive documentation, they aim to support developers integrating SommR into production systems. While currently a demonstrator, Sebastian expressed confidence in SommR’s path to series production, driven by Rust’s safety guarantees and the team’s collaborative efforts with CARIAD and Accenture.

Links:

• CARIAD company website
• Accenture company website

Overcoming Barriers to Adoption

The promise of memory-safe programming has positioned Rust as a leading candidate for industrial applications, yet its adoption in traditional sectors faces significant hurdles. At OxidizeConf2024, a panel moderated by Florian Gilcher from Ferrous Systems, featuring Michał Fita, James Munns from OneVariable UG, and Steve Klabnik from Oxide Computer Company, explored strategies to enhance Rust’s uptake in industrial companies. The discussion, enriched by audience questions, addressed cultural, technical, and managerial barriers, offering actionable insights for developers and organizations.

Michał highlighted the managerial perspective, noting that industrial companies often prioritize stability and cost over innovation. The challenge lies in convincing decision-makers of Rust’s benefits, particularly when hiring skilled Rust developers is difficult. James added that industrial users, rooted in mechanical and electrical engineering, are less likely to share challenges publicly, complicating efforts to gauge their needs. Florian emphasized the role of initiatives like Ferrocene, a safety-compliant Rust compiler, in opening doors to regulated industries like automotive.

Technical and Cultural Shifts

Steve underscored Rust’s technical advantages, such as memory safety and concurrency guarantees, which align with regulatory pressures from organizations like the NSA advocating for memory-safe languages. However, he cautioned against framing Rust as a direct replacement for C++, which risks alienating skilled C++ developers. Instead, the panel advocated for a collaborative approach, highlighting Rust’s total cost of ownership benefits—fewer bugs, faster debugging, and improved maintainability. James noted that tools like cargo-deny and cargo-tree enhance security and dependency management, addressing industrial concerns about reliability.

Cultural resistance also plays a role, particularly in companies reliant on trade secrets. Michał pointed out that Rust’s open-source ethos can clash with proprietary mindsets, requiring tailored strategies to demonstrate value. The panel suggested focusing on high-impact areas, such as safety-critical components, where Rust’s guarantees provide immediate benefits. By integrating Rust incrementally, companies can leverage existing C++ codebases while transitioning to safer, more modern practices.

Engaging Stakeholders and Building Community

Convincing stakeholders requires a nuanced approach, avoiding dismissive rhetoric about legacy languages. Florian stressed the importance of meeting developers where they are, respecting the expertise of C++ practitioners while showcasing Rust’s practical advantages. Steve highlighted successful adoptions, such as Oxide’s server stack, as case studies to inspire confidence. The panel also discussed the role of community efforts, such as the Rust Foundation, in providing resources and certifications to ease adoption.

Audience input reinforced the need for positive messaging. A C++ developer cautioned against framing Rust as a mandate driven by external pressures, advocating for dialogue that emphasizes mutual benefits. The panel agreed, suggesting that events like OxidizeConf and open-source contributions can bridge gaps between communities, fostering collaboration. By addressing technical, cultural, and managerial challenges, Rust can gain traction in industrial settings, driving innovation without discarding legacy expertise.

Links:

• Ferrous Systems company website
• Oxide Computer Company website
• OneVariable UG company website

Embracing Rust’s Cross-Platform Versatility

Rust’s ability to operate seamlessly across diverse platforms—from embedded devices to web applications—positions it as a uniquely versatile language for full-stack development. At OxidizeConf2024, Anatol Ulrich, a freelance developer with extensive experience in web, mobile, and embedded systems, presented a compelling vision of the “fullest stack” built entirely in Rust. Anatol’s talk demonstrated how Rust’s “write once, compile anywhere” philosophy enables low-friction, vertically integrated projects, spanning embedded devices, cloud services, and web or native clients.

Anatol showcased a project integrating a fleet of embedded devices with a cloud backend and a web-based UI, all written in Rust. Using the postcard crate for serialization and remote procedure calls (RPC), he achieved seamless communication between an STM32 microcontroller and a browser via Web USB. This setup allowed real-time data exchange, demonstrating Rust’s ability to unify disparate platforms. Anatol’s approach leverages Rust’s type safety and zero-cost abstractions, ensuring robust performance across the stack while minimizing development complexity.

Streamlining Development with Open-Source Tools

A key aspect of Anatol’s presentation was the use of open-source Rust crates to streamline development. The dioxus crate enabled cross-platform UI development, supporting both web and native clients with a single codebase. For embedded communication, Anatol employed postcard for efficient serialization, agnostic to the underlying transport layer—whether Web USB, Web Serial, or MQTT. This flexibility allowed him to focus on application logic rather than platform-specific details, reducing friction in multi-platform projects.

Anatol also introduced a crate for auto-generating UIs based on type introspection, simplifying the creation of user interfaces for complex data structures. By sprinkling minimal hints onto the code, developers can generate dynamic UIs, a feature particularly useful for rapid prototyping. Despite challenges like long compile times and WebAssembly debugging difficulties, Anatol’s open-source contributions, soon to be published, invite community collaboration to enhance Rust’s full-stack capabilities.

Future Directions and Community Collaboration

Anatol’s vision extends beyond his current project, aiming to inspire broader adoption of Rust in full-stack development. He highlighted areas for improvement, such as WebAssembly debugging and the orphan rule, which complicates crate composition. Tools like Servo, a Rust-based browser engine, could enhance Web USB support, further bridging embedded and web ecosystems. Anatol’s call for contributors underscores the community-driven nature of Rust, encouraging developers to collaborate on platforms like GitHub and Discord to address these challenges.

The talk also touched on advanced techniques, such as dynamic type handling, which Anatol found surprisingly manageable compared to macro-heavy alternatives. By sharing his experiences and open-source tools, Anatol fosters a collaborative environment where Rust’s ecosystem can evolve to support increasingly complex applications. His work exemplifies Rust’s potential to deliver cohesive, high-performance solutions across the entire technology stack.

Links:

• Postcard crate
• Dioxus crate

Understanding PGO and Its Relevance

In the realm of high-performance software, optimizing applications for speed and efficiency is paramount. At OxidizeConf2024, Alexander Zaitsev, a seasoned developer with a background in C++ and extensive experience in compiler optimizations, delivered a comprehensive exploration of Profile-Guided Optimization (PGO) in Rust. PGO leverages runtime statistics to enhance software performance, a technique long supported by the Rustc compiler but fraught with practical challenges. Alexander shared his insights from applying PGO across diverse domains—compilers, databases, game engines, and CLI tools—offering a roadmap for developers seeking to harness its potential.

PGO operates by collecting runtime data to inform compiler optimizations, enabling tailored code generation that aligns with actual workloads. Alexander emphasized its applicability to CPU-intensive applications with complex branching, such as parsers, databases, and operating systems like OxideOS. By analyzing real-world benchmarks, he demonstrated significant performance gains, with speedups observed in open-source projects. These results, derived from practical workloads rather than synthetic tests, underscore PGO’s value in enhancing Rust applications, making it a vital tool for developers prioritizing performance.

Practical Applications and Performance Gains

Alexander’s presentation highlighted concrete examples of PGO’s impact. For instance, applying PGO to libraries like Serde resulted in notable performance improvements, with benchmarks showing reduced execution times for JSON parsing and other tasks. He showcased results from various applications, including databases and game engines, where PGO optimized critical paths, reducing latency and improving throughput. These gains were achieved by enabling PGO’s instrumentation-based approach, which collects detailed runtime profiles to guide optimizations like inlining and branch prediction.

However, Alexander cautioned that PGO’s effectiveness depends on workload representativeness. For databases, he used analytical workloads to generate profiles, ensuring optimizations aligned with typical usage patterns. This approach contrasts with manual optimization techniques, such as annotating hot paths, which Alexander argued are less adaptable to changing workloads. By automating optimization through PGO, developers can achieve consistent performance improvements without the maintenance burden of manual tweaks, a significant advantage in dynamic environments.

Navigating PGO’s Challenges and Ecosystem

While PGO offers substantial benefits, Alexander detailed several pitfalls. Common traps include profile mismatches, where training data does not reflect production workloads, leading to suboptimal optimizations. He also highlighted issues with link-time optimization (LTO), which, while complementary to PGO, is not universally adopted. To mitigate these, Alexander recommended starting with release mode optimizations (level three) and enabling LTO before applying PGO. For advanced users, sampling-based PGO or continuous profiling, as practiced by Google, can further enhance results.

The Rust ecosystem’s PGO support is evolving, with tools like cargo-pgo and community contributions improving accessibility. Alexander pointed to his “Awesome PGO” repository as a comprehensive resource, offering benchmarks and guidance across ecosystems, including C++. He also noted ongoing efforts to integrate machine learning into PGO workflows, citing tools like LLVM’s BOLT and Intel’s Thin Layout Optimizer. These advancements signal a bright future for PGO in Rust, though challenges like build system integration and community tooling maturity remain.

Links:

• Awesome PGO repository

Bridging Legacy and Modern Systems

The push for memory-safe software has highlighted the limitations of C++ in today’s data-driven landscape, prompting organizations to explore Rust as a modern alternative. At OxidizeConf2024, Til Adam from KDAB and Florian Gilcher from Ferrous Systems presented a strategic approach to migrating from C++ to Rust, emphasizing an “Aloha” philosophy of compassion and pragmatism. With decades of experience in C++ development, Til and Florian offered insights into integrating Rust into existing codebases without requiring a full rewrite, ensuring efficiency and safety.

Drawing an analogy to music, Til compared C++ to a complex electric guitar and Rust to a simpler, joy-inducing ukulele. While C++ remains prevalent in legacy systems, its complexity can lead to errors, particularly in concurrency and memory management. Rust’s memory safety and modern features address these issues, but Florian stressed that migration must be practical, leveraging the C Application Binary Interface (C ABI) as a lingua franca for interoperability. This allows Rust and C++ to coexist, enabling incremental adoption in existing projects.

Practical Migration Techniques

The speakers outlined a multi-level migration strategy, starting with low-level integration using the C ABI. This involves wrapping C++ code in extern C functions to interface with Rust, a process Florian described as effective but limited by platform-specific complexities. Tools like cxx and autocxx simplify this by automating bindings, though challenges remain with templates and generics. Til shared examples from KDAB’s projects, where Rust was integrated into C++ codebases for specific components, reducing security risks without disrupting existing functionality.

At a higher level, Florian advocated for a component-based approach, where Rust modules replace C++ components in areas like concurrency or security-critical code. This strategy maximizes Rust’s benefits, such as its borrow checker, while preserving investments in C++ code. The speakers emphasized identifying high-value areas—such as modules prone to concurrency issues—where Rust’s safety guarantees provide immediate benefits, aligning with organizational goals like regulatory compliance and developer productivity.

Balancing Innovation and Pragmatism

Migration decisions are driven by a balance of enthusiasm, regulatory pressure, and resource constraints. Til noted that younger developers often champion Rust for its modern features, while executives respond to mandates like the NSA’s push for memory-safe languages. However, budget and time limitations necessitate a pragmatic approach, focusing on areas where Rust delivers significant value. Florian highlighted successful migrations at KDAB and Ferrous Systems, where Rust was adopted for new features or rewrites of problematic components, improving safety and maintainability.

The speakers also addressed challenges, such as the lack of direct support for C++ templates in Rust. While tools like autocxx show promise, ongoing community efforts are needed to enhance interoperability. By sharing best practices and real-world examples, Til and Florian underscored Rust’s potential to modernize legacy systems, fostering a collaborative approach to innovation that respects existing investments while embracing future-ready technologies.

Links:

• KDAB company website
• Ferrous Systems company website

Transitioning to Rust’s Ecosystem

The Rust programming language is renowned for its memory safety and performance, but its tooling ecosystem is equally transformative, particularly for developers transitioning from other platforms. James McNally, an independent software consultant, shared his journey from LabVIEW to Rust at OxidizeConf2024, highlighting how Rust’s tools enable reliable and performant industrial measurement systems. With a decade of experience in custom systems for scientists and engineers, James emphasized the productivity and flexibility of Rust’s tooling, drawing parallels to LabVIEW’s integrated environment.

LabVIEW, a visual programming language since the 1980s, offered James a single tool for desktop, real-time controllers, and FPGA development, with built-in UI capabilities. However, its limitations in modern software engineering tools prompted him to explore Rust. Rust’s ecosystem, including Cargo, Clippy, and Criterion, provided a cohesive environment that mirrored LabVIEW’s productivity while addressing its gaps. James’s transition underscores Rust’s appeal for solo developers needing to deliver high-quality systems with limited resources.

Building Robust CI Pipelines

A key focus of James’s presentation was his standard continuous integration (CI) pipeline for client projects. Using Cargo, Rust’s package manager, he automates building, testing, and formatting, ensuring consistent code quality. Clippy, Rust’s linter, plays a pivotal role by enforcing strict coding standards and preventing panics through targeted lints. James demonstrated how Clippy’s checks catch potential errors early, enhancing reliability in measurement systems where precision is critical.

For performance optimization, James relies on Criterion, a benchmarking tool that provides detailed performance metrics. This is particularly valuable for industrial applications, such as a concrete testing system for a university, where performance directly impacts data accuracy. By integrating these tools into CI pipelines, James ensures that his systems meet client requirements for reliability and efficiency, reducing the need for external dependencies and simplifying project management.

Community-Driven Tooling Enhancements

Rust’s open-source community is a driving force behind its tooling ecosystem, and James highlighted tools like cargo-deny for license checking and vulnerability alerting. He acknowledged challenges, such as false positives in large workspaces, but praised tools like cargo-tree for dependency analysis, which helps identify unused dependencies and resolve security issues. These tools empower developers to maintain secure and compliant codebases, a critical consideration for industrial applications.

James also addressed the potential for visual programming in Rust, noting that while LabVIEW’s visual paradigm is effective, text-based languages like Rust benefit from broader community support. Future enhancements, such as improved security tools like semgrep, could further streamline Rust development. By sharing his practical approach, James inspires developers to leverage Rust’s tooling for diverse applications, from one-off test systems to commercialized particle detectors.

Links:

• Quantum Detectors company website

Reusing Rust Code in Web Applications

WebAssembly (WASM) has emerged as a transformative technology for reusing backend code in web applications, offering portability and performance across platforms. At OxidizeConf2024, Georg Semmler and Jonas Klein from Giga Infosystems presented a compelling case study on leveraging Rust and WebAssembly to enhance a geological subsurface modeling system. Their project, developed for a German federal agency, involved reusing computationally intensive Rust code for generating virtual boreholes in both backend systems and a 3D web viewer, showcasing WebAssembly’s potential to bridge backend and frontend development.

The GST system, comprising a Rust-based backend, a TypeScript-based web application, and a desktop client, manages large geological models with millions of triangles. Georg and Jonas explained how the virtual borehole feature, which calculates intersections between a cylindrical probe and subsurface layers, was initially implemented in Rust for the backend. By compiling this code to WebAssembly, they enabled the same functionality in the web viewer, allowing users to validate models against real-world data in real time, a critical requirement for geological analysis.

Implementing WebAssembly Workflows

The implementation process involved several key steps, which Georg detailed with clarity. The team used the wasm32 target to compile Rust code into WebAssembly binaries, leveraging Rust’s robust tooling, including Cargo and wasm-bindgen. This library facilitated seamless integration with JavaScript, enabling type-safe communication between the Rust code and the web application. To avoid blocking the main thread, the team employed web workers and Comlink, a library that simplifies worker communication, alongside shared array buffers to minimize data copying.

Performance comparisons underscored WebAssembly’s advantages. For a small model with 300,000 triangles, the Rust-WebAssembly implementation computed intersections in 7 milliseconds, compared to 100 milliseconds for an unoptimized TypeScript version. For larger models, the performance gap widened, with WebAssembly significantly outperforming TypeScript due to its native execution speed. However, Jonas noted challenges, such as WebAssembly’s 2GB memory limit, which required careful optimization of data structures to handle large geometries.

Real-World Impact and Future Directions

The adoption of WebAssembly in the GST system has profound implications for geological applications, particularly in public communication and geothermal energy exploration. Jonas highlighted use cases like visualizing radioactive waste disposal sites and assessing subsurface potential, which benefit from the system’s ability to handle complex 3D models. The team’s success in reusing Rust code across platforms demonstrates WebAssembly’s potential to streamline development, reduce duplication, and enhance performance.

Looking forward, Georg and Jonas plan to optimize memory usage further and explore additional WebAssembly use cases, such as integrating game logic for interactive visualizations. Their work underscores the importance of community collaboration, with contributions to open-source WebAssembly tools enhancing the ecosystem. By sharing their approach, they inspire developers to leverage Rust and WebAssembly for efficient, reusable code in data-intensive applications.

Links:

• Giga Infosystems company website

Navigating Automotive Safety Standards

The automotive industry’s shift toward software-defined vehicles has intensified the need for robust safety compliance, particularly for software components used in safety-critical applications. At OxidizeConf2024, Amit Dharmapurikar and Gnana Ganesh from Thoughtworks delivered an insightful presentation on qualifying Rust libraries for compliance with ISO 26262, a standard governing functional safety in automotive systems. With Thoughtworks’ expertise in software-defined vehicles, Amit and Gnana provided a comprehensive overview of the processes and tools required to ensure Rust libraries meet stringent safety requirements, focusing on the Rust Core library as a case study.

ISO 26262 mandates rigorous documentation, requirement coverage, and structural code coverage to ensure software reliability in electronic control units (ECUs). Amit emphasized that while the Ferrocene compiler, developed by Ferrous Systems, has already achieved safety compliance, libraries—both standard and third-party—must also be qualified. This involves producing formal specifications, verifying requirements through testing, and generating code coverage reports. The speakers highlighted the collaborative effort with Ferrous Systems to qualify the Rust Core library, underscoring the importance of aligning open-source tools with automotive standards.

Documentation and Requirement Coverage

A cornerstone of ISO 26262 compliance is comprehensive documentation, which serves as a formal specification of software components. Gnana detailed how Thoughtworks approaches this by deriving testable requirements from the Rust Core library’s standard documentation. This process involves translating descriptive text into precise, verifiable requirements, a task that poses challenges due to the library’s frequent updates as an open-source project. To address this, Amit and Gnana proposed developing tools to automate the interpretation of documentation changes, ensuring that requirements remain aligned with the library’s evolution.

Requirement coverage, as mandated by ISO 26262 Part 6, ensures that all functional requirements are tested. The speakers demonstrated a proof-of-concept where requirements for the Rust Core library were linked to test cases, providing traceability essential for audits. This approach leverages open-source tools like Sphinx, which facilitates bidirectional traceability by connecting requirements to code. By integrating these tools into the development pipeline, Thoughtworks ensures that compliance artifacts are generated iteratively, reducing manual effort and enhancing accountability.

Advancing Code Coverage with Rust Tooling

Structural code coverage is another critical aspect of ISO 26262 compliance, requiring developers to measure how thoroughly code is exercised by tests. Amit showcased a demo using the Rust toolchain’s coverage capabilities, specifically the --coverage flag in the test subcommand. This flag, combined with a custom bootstrap command (dotx), embeds profiler builtins into executables, generating profile files that tools like grcov process into coverage reports. The demo illustrated coverage analysis for the Rust Core library, excluding documentation to focus on executable code.

While statement coverage is already supported, Gnana noted that branch coverage is available in draft pull requests, and Modified Condition/Decision Coverage (MCDC) is in progress within the Rust community. These advancements, driven by initiatives like Ferrocene, demonstrate Rust’s growing maturity for safety-critical applications. The speakers acknowledged challenges, such as managing frequent library updates, but emphasized the potential of automated tools to streamline compliance, making Rust a viable choice for automotive software development.

Links:

• Thoughtworks company website
• Ferrous Systems company website