Rust4Safety - Comparison of Software-Implemented Hardware Fault Tolerance Techniques between C and Rust Programming Languages

In recent years, embedded system have faced a rise of their application in different fields, from industrial to automotive and avionic, increasing also their utilization in safetycritical application. Random Hardware Failures (RHFs) are unavoidable errors, which can lead to various effect such as data corruption that can lead to disruption of the application instructions execution order and in Control Flow Errors (CFEs), potentially resulting in unpredictable and catastrophic consequences. Ensuring the elimination of systematic errors can be achieved by adhering to the guidelines and a well-designed code but these measures does not prevent the application to be prone to RHFs. To mitigate Random Hardware Failures it is possible to apply Software-Implemented Hardware Fault Tolerance, like the Control Flow Checking (CFC). Control Flow Checking adds extra instruction inside the code, assuring the correct control flow of the application and the correct function. This work of thesis is inserted in a bigger study aimed at evaluating and validating the use of Rust as a programming language in automotive application, as a valid alternative to C. C language is currently the industry standard and is widely accepted within the automotive functional safety standard ISO 26262, which mandates the use of high-level programming languages for developing safety-relevant software components. In any case, concerns on security of embedded applications are raising. This, together with the increasing complexity of the applications, makes development of robust applications more challenging, leading to the need for a new programming language that can address some of these issues. Rust was selected for its features that provides a robust memory protection, addressing a critical vulnerability encountered in C-based application. In this work, an application code is developed using a model-software design approach, which is widely adopted in the automotive field. This approach involves generating C/C++ code directly from the model developed with graphical programming environment. The generated code is then hardened with two distinct CFCs: Yet Another Control-flow Checking using Assertion (YACCA) and Random Additive Control Flow Error Detection (RACFED). These two CFC methods add in the code extra instruction. They assign an unique signature to each Basic Block of the code and then check if the code has been executed sequentially, following the signatures previously assigned. Then, the application is translated into Rust for a direct comparison. The application in Rust has been hardened with the same CFC methods of the C-based one. The hardened code is subjected to a campaign of fault injection in an Instruction Set Architecture (ISA) emulation environment. The target processor for this study is 32 bit RISC-V, and the campaigns perform fault injection of the type stuck-at-bit targeting the program counter register. The purpose is to provide a back-to-back comparison the effectiveness of the CFC algorithms implemented in the two programming languages. All the experimental results are presented in compliance with ISO 26262, computing the Diagnostic Coverage, and allow readers to evaluate the performances of the Rust-based code in comparison with the C-based one.