Jonathan Lalou's Blog

Posts Tagged ‘OxidizeConf2024’

The Evolution of GUI Development

In the ever-evolving realm of graphical user interface (GUI) development, the quest for robust, safe, and efficient tools is paramount. David Vincze, a senior software engineer at Felgo, presented a compelling exploration of Slint as a Rust-based alternative to QML at OxidizeConf2024. With a background steeped in C++ and Qt, particularly in automotive instrument clusters, David shared his insights into how Slint offers a fresh perspective for developers accustomed to QML’s declarative approach within the Qt framework. His presentation illuminated the potential of Slint to address the limitations of QML, particularly its reliance on C++ and JavaScript, which can introduce runtime errors that challenge developers in safety-critical environments.

QML, a mature language with over a decade of use, has been a cornerstone for cross-platform GUI development, enabling developers to write a single codebase that runs on embedded, mobile, desktop, and web platforms. Its JSON-like syntax, coupled with reactive property bindings and JavaScript logic, simplifies prototyping and maintenance. However, David highlighted the inherent risks, such as performance bottlenecks due to JavaScript’s runtime interpretation and the dependency on the extensive Qt ecosystem, which can entail licensing costs. Slint, a newer toolkit built with Rust, emerges as a promising alternative, compiling to native code to catch errors at build time, thus enhancing reliability for embedded systems.

Comparing Slint and QML

David’s analysis centered on a practical comparison between Slint and QML, drawing from a demo weather application and home automation UI developed at Felgo. This project, available on Felgo’s GitHub as the Rusty Weather App, reimplemented a QML-based application in Slint, showcasing its multiplatform capabilities on desktop, embedded Raspberry devices, and Android. The comparison revealed striking similarities in their declarative syntax, with both languages using component-based structures to define UI elements. However, Slint’s code is notably more compact, and its components can be exported to native code, offering greater integration flexibility compared to QML’s C++-centric approach.

A key differentiator is Slint’s compilation to native code, which eliminates runtime errors common in QML’s JavaScript logic. This is particularly advantageous for embedded systems, where performance and reliability are critical. David demonstrated how Slint’s lightweight runtime and reactive property bindings mirror QML’s strengths but leverage Rust’s memory safety to prevent common programming errors. However, Slint lacks some of QML’s advanced features, such as multimedia support, 3D rendering, and automated UI testing, which are still in development. Despite these gaps, Slint’s rapid evolution, with frequent releases, signals its potential to rival QML in the future.

Challenges and Opportunities in Transitioning

Transitioning from QML to Slint presents both opportunities and challenges. David emphasized Slint’s benefits, including its integration with Rust’s ecosystem, which offers a robust package manager (Cargo) and seamless cross-compilation. The Slint VS Code extension, with its live preview feature, accelerates development by allowing real-time UI modifications without recompilation. This contrasts with QML’s reliance on tools like Qt Creator, which, while comprehensive, tie developers to the Qt ecosystem. Slint’s open-source nature and multi-language APIs (supporting Rust, C++, JavaScript, and Python) further enhance its appeal for diverse projects.

However, David acknowledged challenges, particularly in areas like internationalization, where Slint’s reliance on the Gettext library complicates translation processes compared to Qt’s well-established framework. Features like multi-window support and internal timers are also underdeveloped in Slint, posing hurdles for developers accustomed to QML’s mature ecosystem. Despite these, David advocated for Slint’s adoption in Rust-centric projects, citing its predictability and performance advantages, especially for embedded development. The community’s active development and planned UI testing support suggest that Slint’s limitations may soon be addressed, making it a compelling choice for forward-thinking developers.

Links:

• Felgo company website

Understanding OxidOS and ISO 26262

Georgiana Vlădulescu and Alexandru Radovici, representing OxidOS, shared their journey of certifying an operating system written entirely in Rust for ISO 26262 ASIL-D compliance at OxidizeConf2024. OxidOS, a professional derivative of the open-source Tock operating system, is designed for safety-critical applications in small electronic control units (ECUs). Their presentation provided a deep dive into the challenges and innovative solutions encountered while aligning OxidOS with the stringent requirements of ISO 26262, a standard that defines functional safety for automotive components.

ISO 26262 categorizes safety requirements into Automotive Safety Integrity Levels (ASILs), ranging from QM (Quality Management) to ASIL-D, based on factors like severity, exposure, and controllability. Georgiana and Alexandru explained that OxidOS aims to achieve ASIL-D certification out of context, meaning it can be used across various automotive applications, from infotainment to critical systems like airbags. This ambitious goal requires meticulous documentation and process adherence, which their team has approached with a focus on automation and open-source tools.

Challenges in Certification

The certification process for OxidOS revealed significant hurdles, primarily due to the automotive industry’s reliance on legacy tools and processes. Georgiana noted that traditional expectations, such as exchanging Excel documents, felt archaic to a team accustomed to modern software development practices. These manual processes were not only time-consuming but also prone to errors, as they lacked integration with development workflows. Additionally, the absence of Rust-specific tools in the certification domain posed a challenge, as most existing solutions cater to C-based systems.

Another significant obstacle was maintaining team motivation, as developers often prefer coding over documentation. To address this, the OxidOS team transformed the certification process into a challenge, encouraging developers to innovate by creating custom tools and workflows. This approach empowered the team, fostering a sense of autonomy and reducing burnout by allowing developers to switch between projects during downtime.

Innovative Solutions with Rust

Rust’s ecosystem proved instrumental in overcoming these challenges. The team adopted Sphinx Needs, an extension of the Sphinx documentation tool, to implement a “document as code” philosophy. This approach allowed them to version control requirements using GitHub, enabling asynchronous collaboration and historical tracking. By integrating tools like Cargo Doc, they automated the generation of certification documents from Rust code, significantly reducing manual effort.

Alexandru emphasized the importance of minimizing transitive dependencies in OxidOS, relying solely on libcore to maintain control over the codebase. This policy, coupled with Rust’s safety guarantees, ensured that the operating system remained robust and compliant. The team also developed custom scripts to link code changes to documentation, ensuring that updates to Tock’s upstream repository could be seamlessly integrated into the certification process without requiring extensive manual rework.

Future Directions and Industry Impact

Looking ahead, Georgiana and Alexandru outlined plans to enhance automation further, particularly in tracking code changes and their impact on certification requirements. By creating a link between code and documentation, they aim to streamline the process of updating requirements as Tock evolves. This approach addresses a critical industry challenge: certifying open-source software that lacks the controlled development environment of proprietary systems.

The presentation also highlighted broader industry implications. Alexandru noted that many automotive companies face similar tool-related challenges, often duplicating efforts due to non-disclosure agreements. By open-sourcing their tools in the future, the OxidOS team hopes to foster collaboration and reduce redundancy, potentially transforming how open-source software is certified in the automotive sector.

Links:

• OxidOS company website

Introduction to Automotive Compliance

The automotive industry, with its intricate blend of mechanical and electronic systems, demands rigorous standards to ensure safety and reliability. Vignesh Radhakrishnan from Thoughtworks delivered an insightful presentation at OxidizeConf2024, exploring the concept of continuous compliance in automotive software development using Rust. He elucidated how the shift from mechanical to software-driven vehicles has amplified the need for robust compliance processes, particularly in adhering to standards like ISO 26262 and Automotive SPICE (ASPICE). These standards are pivotal in ensuring that automotive software meets stringent safety and quality requirements, safeguarding drivers and passengers alike.

Vignesh highlighted the transformation in the automotive landscape, where modern vehicles integrate complex software for features like adaptive headlights and reverse assist cameras. Unlike mechanical components with predictable failure patterns, software introduces variability that necessitates standardized compliance to maintain quality. The presentation underscored the challenges of traditional compliance methods, which are often manual, disconnected from development workflows, and conducted at the end of the development cycle, leading to inefficiencies and delayed feedback.

Continuous Compliance: A Paradigm Shift

Continuous compliance represents a transformative approach to integrating safety and quality assessments into the software development lifecycle. Vignesh emphasized that this practice involves embedding compliance checks within the development pipeline, allowing for immediate feedback on non-compliance issues. By maintaining documentation close to the code, such as requirements and test cases, developers can ensure traceability and accountability. This method not only streamlines the audit process but also reduces the mean-time-to-recovery when issues arise, enhancing overall efficiency.

The use of open-source tools like Sphinx, a Python documentation generator, was a focal point of Vignesh’s talk. Sphinx facilitates bidirectional traceability by linking requirements to code components, enabling automated generation of audit-ready documentation in HTML and PDF formats. Vignesh demonstrated a proof-of-concept telemetry project, showcasing how Rust’s cohesive toolchain, including Cargo and Clippy, integrates seamlessly with these tools to produce compliant software artifacts. This approach minimizes manual effort and ensures that compliance is maintained iteratively with every code commit.

Rust’s Role in Simplifying Compliance

Rust’s inherent features make it an ideal choice for automotive software development, particularly in achieving continuous compliance. Vignesh highlighted Rust’s robust toolchain, which includes tools like Cargo for building, testing, and formatting code. Unlike C or C++, where developers rely on disparate tools from multiple vendors, Rust offers a unified, developer-friendly environment. This cohesiveness simplifies the integration of compliance processes into continuous integration (CI) pipelines, as demonstrated in Vignesh’s example using CircleCI to automate compliance checks.

Moreover, Rust’s emphasis on safety and ownership models reduces common programming errors, aligning well with the stringent requirements of automotive standards. By leveraging Rust’s capabilities, developers can produce cleaner, more maintainable code that inherently supports compliance efforts. Vignesh’s example of generating traceability matrices and architectural diagrams using open-source tools like PlantUML further illustrated how Rust can enhance the compliance process, making it more accessible and cost-effective.

Practical Implementation and Benefits

In his demonstration, Vignesh showcased a practical implementation of continuous compliance using a telemetry project that streams data to AWS. By integrating Sphinx with Rust code, he illustrated how requirements, test cases, and architectural designs could be documented and linked automatically. This setup allows for real-time compliance assessments, ensuring that software remains audit-ready at all times. The use of open-source plugins and tools provides flexibility, enabling adaptation to various input sources like Jira, further streamlining the process.

The benefits of this approach are manifold. Continuous compliance fosters greater accountability within development teams, as non-compliance issues are identified early. It also enhances flexibility by allowing integration with existing project tools, reducing dependency on proprietary solutions. Vignesh cited the Ferrocene compiler as a real-world example, where similar open-source tools have been used to generate compliance artifacts, demonstrating the feasibility of this approach in large-scale projects.

Links:

• Thoughtworks company website

Crafting Safe Interfaces for Embedded Systems

In the domain of embedded systems, where reliability and efficiency are paramount, Rust has emerged as a powerful tool for building robust software. At OxidizeConf2024, Sojan James from Acsia Technologies delivered an engaging presentation on creating Rust bindings for ThreadX, a compact real-time operating system (RTOS) tailored for microcontrollers. With nearly two decades of experience in C programming and a passion for Rust since 2018, Sojan shared his journey of developing bindings that bridge ThreadX’s C-based architecture with Rust’s safety guarantees, offering practical strategies for embedded developers.

ThreadX, known for its lightweight footprint and static memory allocation, is widely used in automotive digital cockpits and other resource-constrained environments. Sojan’s goal was to create a safe Rust API over ThreadX’s C interfaces, enabling developers to leverage Rust’s type safety and ownership model. His approach involved generating unsafe bindings, wrapping them in a safe abstraction layer, and building sample applications on an STM32 microcontroller. This process, completed primarily during a week-long Christmas project, demonstrates Rust’s potential to enhance embedded development with minimal overhead.

Strategies for Binding Development

Sojan outlined a systematic approach to developing Rust bindings for ThreadX. The first step was creating unsafe bindings to interface with ThreadX’s C API, using Rust’s foreign function interface (FFI) to call C functions directly. This required careful handling of callbacks and memory management, as ThreadX’s static allocation model aligns well with Rust’s borrow checker. Sojan emphasized the importance of reviewing the generated bindings to identify areas where Rust’s ownership semantics could expose architectural inconsistencies, though he noted ThreadX’s maturity minimized such issues.

To create a safe API, Sojan wrapped the unsafe bindings in Rust structs and enums, introducing a typed channel interface for message passing. For example, he demonstrated a queue of type Event, an enum ensuring type safety at compile time. This approach prevents common errors, such as mixing incompatible data types, enhancing reliability in safety-critical applications like automotive systems. A demo on an STM32 showcased two tasks communicating via a 64-byte queue within a 2KB block pool, highlighting the practical application of these bindings in real-world scenarios.

Future Directions and Community Engagement

While Sojan’s bindings are functional, challenges remain, particularly with ThreadX’s timer callbacks, which lack a context pointer, complicating Rust’s safe abstraction. He plans to address this by exploring alternative callback mechanisms or additional abstractions. The bindings, hosted on GitHub, are open for community contributions, reflecting Sojan’s commitment to collaborative development. At Acsia, Rust is being integrated into automotive platforms, including an R&D project, signaling its growing adoption in the industry.

Sojan’s work underscores Rust’s potential to modernize embedded development, offering memory safety without sacrificing performance. By sharing his code and inviting contributions, he fosters a community-driven approach to refining these bindings. As Rust gains traction in automotive and other embedded domains, Sojan’s strategies provide a blueprint for developers seeking to integrate modern programming paradigms with established RTOS platforms, paving the way for safer, more efficient systems.

Links:

• Acsia Technologies company website
• ThreadX Rust bindings repository