Safe, efficient, and robust automotive software development in environments where multiple programming languages coexist.
By Nicolas Amringer and Stefan Pruisken
The landscape of automotive software is undergoing significant transformation, driven by growing system complexity, stringent safety standards, and the need for streamlined development cycles. Virtual ECUs (vECUs) have become indispensable for accelerating both development and validation processes. In this context, the adoption of Rust within AUTOSAR Classic environments is unlocking new opportunities for innovation. While starting a new project with Rust may appear simple, the real challenge—and value—lies in integrating Rust into established, C-based AUTOSAR Classic stacks. Most production-ready automotive software is deeply rooted in C, and a full-scale migration to Rust is often impractical due to the extensive effort, supply chain considerations, and uncertain return on investment. Fortunately, Rust’s compatibility with C allows organizations to retain core AUTOSAR Classic components like RTE, BSW, and MCAL, while selectively introducing Rust for new or gradually migrated software components (SWCs).
This hybrid approach empowers teams to harness the benefits of Rust without disrupting proven workflows. In the realm of vECU development, this adaptability is especially impactful when paired with advanced solutions such as Synopsys Silver. By supporting Rust-based SWCs within AUTOSAR Classic projects, Silver paves the way for safer, more efficient, and robust automotive software development in environments where multiple programming languages coexist.
Traditionally, software development for AUTOSAR Classic platforms has been heavily dependent on the C programming language. While C is known for delivering top-tier performance, Rust offers similar efficiency while also reducing risks in mission-critical environments. Rust achieves this by incorporating features that help prevent common memory-related issues, such as out-of-bounds access. Detecting memory errors in C can be challenging, and sometimes these issues go unnoticed, which is particularly concerning for systems that must adhere to stringent safety and security standards like ISO 26262 and ISO 21448. It’s important to note that a large percentage of security vulnerabilities are linked to memory management problems1,2,3,4.
Recognizing the potential benefits of Rust for the automotive sector, the AUTOSAR consortium initiated an exploration in 2022—through its Working Group Safety—into how Rust could be integrated with AUTOSAR Adaptive5. This effort culminated in the R23-11 release in November 2023, which introduced a preliminary framework for developing AUTOSAR Adaptive applications using Rust6. This move highlights Rust’s growing importance for POSIX-based software architectures. Rust’s ownership model and borrowing principles help prevent concurrency issues in multi-threaded AUTOSAR Adaptive applications. Given these advantages and Rust’s current applicability to AUTOSAR Adaptive, extending its use to AUTOSAR Classic software components is a logical progression.
While rewriting entire legacy stacks in Rust is rarely feasible, Rust’s interoperability with C allows for a hybrid approach. Developers can maintain proven C-based modules—such as Runtime Environment (RTE), BSW, and MCAL—while gradually introducing new or migrated AUTOSAR SWCs in Rust. This incremental strategy minimizes risk, leverages existing investments, and accelerates adoption.
A notable milestone came in November 2023, when the AUTOSAR consortium released its first guidelines for writing AUTOSAR Adaptive applications in Rust. This move signals growing confidence in Rust’s suitability for safety-critical automotive systems, especially as the language matures and gains industry support.
vECUs have revolutionized automotive software development by enabling rapid prototyping, testing, and validation—often before physical hardware is available. Tools like Silver allow developers to simulate AUTOSAR Classic environments, run Software-in-the-Loop (SiL) simulations, and validate both C and Rust-based SWCs in a virtualized setting.
In 2024, Synopsys published a white paper7 detailing vECU levels for AUTOSAR Classic and POSIX-based stacks. Level 1 vECUs provide a virtualized RTE that can execute AUTOSAR Classic SWCs—regardless of whether they’re written in C or Rust—on standard PCs or in the cloud. This flexibility is a game-changer for continuous integration/continuous deployment (CI/CD) pipelines and SDV-focused workflows.
Major automotive software vendors are now supporting the integration of Rust-based SWCs into existing C-based AUTOSAR Classic stacks. Synopsys is collaborating with early adopters to validate Rust SWCs through SiL simulation. For example, a recent project involved generating a Level 1 vECU with a virtualized RTE, enabling seamless communication between Rust and C SWCs. This approach not only accelerated development but also improved defect detection and overall software quality.
Rust’s presence in the automotive sector is steadily increasing. Recently, leading suppliers of automotive production software have announced plans to support the integration of Rust-based SWCs within established C-based AUTOSAR Classic environments8.
As a leader in automotive testing and simulation, Synopsys is collaborating with early adopter customers to validate Rust-based software using SiL simulation. Furthermore, Synopsys is contributing to the AUTOSAR WG-SAF-Rust working group to align the usage of Rust within AUTOSAR. This blog presents a specific example where Silver facilitates the validation of Rust-based AUTOSAR Classic SWCs by generating a Level 1 vECU utilizing virtualized RTE. Additional applications are being explored, which are expected to further advance Rust’s adoption and success in the automotive industry.
Stefan Pruisken is a senior director of product management in the Systems Software line of business at Synopsys and manages the Synopsys Silver product.
 |
 |
 |
 |
 |
 |
 |
Leave a Reply