Embedded software is used in safety-critical systems such as medical devices and autonomous vehicles, where software defects, including security vulnerabilities, have severe consequences. Most embedded codebases are developed in unsafe languages, specifically C/C++, and are riddled with memory safety vulnerabilities. To prevent such vulnerabilities, RUST, a performant memory-safe systems language, provides an optimal choice for developing embedded software. RUST interoperability enables developing RUST applications on top of existing C codebases. Despite this, even the most resourceful organizations continue to develop embedded software in C/C++. This paper performs the first systematic study to holistically understand the current state and challenges of using RUST for embedded systems. Our study is organized across three research questions. We collected a dataset of 2,836 RUST embedded software spanning various categories and 5 Static Application Security Testing ( SAST) tools. We performed a systematic analysis of our dataset and surveys with 225 developers to investigate our research questions. We found that existing RUST software support is inadequate, SAST tools cannot handle certain features of RUST embedded software, resulting in failures, and the prevalence of advanced types in existing RUST software makes it challenging to engineer interoperable code. In addition, we found various challenges faced by developers in using RUST for embedded systems development.

翻译：嵌入式软件广泛应用于医疗设备、自动驾驶等安全关键系统中，这类系统中的软件缺陷（包括安全漏洞）会引发严重后果。当前多数嵌入式代码库采用C/C++等不安全语言开发，普遍存在内存安全漏洞。为杜绝此类隐患，兼具高性能与内存安全特性的系统级语言Rust，为嵌入式软件开发提供了理想选择。通过互操作性设计，开发者可在现有C语言代码库基础上构建Rust应用。然而，即便是资源最充足的组织机构，仍持续使用C/C++开发嵌入式软件。本文首次开展系统性研究，全面揭示Rust在嵌入式系统中的应用现状与挑战。研究围绕三个核心问题展开：我们收集了涵盖多类别的2836个Rust嵌入式软件数据集及5款静态应用安全测试（SAST）工具，通过系统化数据分析与225名开发者的问卷调查，研究发现：现有Rust软件支持存在不足，SAST工具无法处理Rust嵌入式软件的特定特性导致测试失败，现有软件中高级类型的普遍存在使得互操作代码设计困难重重。同时，我们识别出开发者在嵌入式系统开发中使用Rust时面临的多重挑战。