There’s a Lot More to Rust Than Memory Safety
In the last couple of years the Rust programming language has gained an ever-growing mind-share amongst developers, companies and even government agencies. Rust’s popularity is largely based on its focus on memory safety and the increased awareness and requirements for computer security.
Rust was not the first memory-safe language – other languages with automatic memory management like Java can be memory safe too. But Rust focuses on the same application areas that C and C++ cover, it was created at Mozilla, and it is backed by a large and active community. This combination has quickly put Rust into the spotlight of the embedded and systems programming communities.
Memory safety violations are one of the most significant contributors to vulnerabilities [see Daniel Stenberg’s blog]. While there are tools and methods to mitigate these kinds of bugs in other programming languages with unsafe manual memory management – most notably C and C++ – they take more work.
Compared to this, Rust enforces a safe programming style by default and therefore provides stronger safety guarantees. This structure comes at the cost of a slightly steeper learning curve.
However, once you adapt to and learn from the warnings and errors of the Rust compiler, the workflow becomes smoother. Also, it allows you to focus your attention on the core of the problem you want to solve – not only constantly focusing on memory safety issues. Rust errors are nearly always on-point and extremely helpful which further supports the positive learning experience.
At MINRES we explore how Rust can help us complement our offering of reliable IP solutions to empower better SoC design. This especially includes Rust Real-Time Operating Systems (RTOS), for use with, e.g., Moonlight – the MINRES configurable subsystem built around The Good Core. Rust’s domain stretches from running bare-metal applications at the lowest level to Rust applications on Linux.
I find Rust language has a lot of beneficial features – not just its guarantees of memory safety. It’s a relatively young language which means it incorporates a lot of the recent progress in programming language research and far less of the historical baggage of other, older languages.
Powerful pattern matching or result types are absolutely integral to Rust and, in my opinion, invariably and dependably enable developers to write high-quality code. Rust also has a great ecosystem of tools including Cargo, Rust’s build tool; or Clippy, a linter that provides valuable hints (more so than its famous namesake) to make sure your code follows best practices.
Compared to more mature languages Rust obviously does have a few limitations or drawbacks.
I would highlight three areas:
Firstly, to guarantee memory safety, Rust has to follow rules and this means the developer sometimes needs to think differently about memory organization as navigating them can feel cumbersome at times. The Rust rules are there for a reason though: they underpin its strong safety guarantees.
Secondly, Rust’s extensive and easy-to-use package (or crate, as they are called in Rust parlance) library can quickly lead to numerous dependencies on third-party code.
Finally, as a new language, Rust knowledge is not yet as common as C++ of course. But the Rust community is growing and I personally expect that many future graduates with a focus on embedded or low-level work will start out with a strong knowledge of Rust.
At MINRES we always explore exciting new developments that might benefit our products and our customers’ requirements. Rust is a natural match to The Good Folks Series of MINRES IP and we will continue to seek opportunities where its focus on safety and quality can be most usefully applied.
Are you already using embedded Rust or are interested in exploring it?
Contact us to learn more about The Good Folk Series