🌐
GitHub
github.com › rustfoundation › safety-critical-rust-coding-guidelines › issues › 75
MISRA vs CERT · Issue #75 · rustfoundation/safety-critical-rust-coding-guidelines
May 14, 2025 - MISRA may seem more popular in certain circles, but this is misleading. MISRA has been around much longer and has been successfully tested in court as a liability defense, while the Safety Critical Rust Coding Guidelines have not.
Published   May 14, 2025
Author   rcseacord
🌐
Parasoft
parasoft.com › blog › misra-c-2025-rust-challenges
MISRA C 2025: Safer Embedded Code for AI and Rust - Parasoft
February 8, 2026 - While addendum 6 explores how existing C/C++ rules could map to Rust, its ownership model and memory safety features require new language-specific rules. The Rust community is actively working on safety standards, potentially leading to a future MISRA Rust guideline.
Discussions
Let's create a MISRA-like ruleset for Rust
Please checkout https://ferrous-systems.com/blog/sealed-rust-the-pitch/ that has a similar goal. More on reddit.com
🌐 r/rust
43
24
October 18, 2019
Sealed Rust: A plan to bring Rust to safety critical software domains
That sounds like it would still be necessary to standardize, specify and prove a lot about Rust and its compiler, to exploit those facets of Rusts' behaviour · Also, please let the community know how we can help. Whether that involves writing code, unit tests, or financial contributions with ... More on news.ycombinator.com
🌐 news.ycombinator.com
38
186
June 6, 2019
Arguments to use Rust over C++ in Embedded Computing Project

You seem to be grossly underestimating maintenance efforts for this project. Let's say you get fired or quit or shifted to another project. They pretty much won't be able to find anyone else to work on this project for maintaining it, and then your boss are going to ask "why the hell can't we find anyone?".

The response is going to be that the previous employee wrote it in a language that is still very new and has a miniscule number of active developers relative to other languages. Then they will ask why the hell did he did that, and you will be left on the hook.

Furthermore, if you are going for rust for its safety features, why? Is this a tool that can kill or seriously injure someone if it goes wrong? If so, you shouldn't be using rust, you should be using a framework that already exists such as iso262626 with its mirsa guidelines. If it kills someone and you get sued, you will have to show the judge that you did your due diligence, and showing that via a framework with precedence is far easier than something as new as rust.

More on reddit.com
🌐 r/rust
29
27
July 18, 2016
Inherently unsafe C/C++ vs. Rust
I wish people would stop reciting talking points and saying "C/C++ are bad, rust is good" and just work on proving it by writing good, useful projects. Companies don't want to use unproven technologies and the only way to improve Rust use and adoption is to cut away at the use cases for other lower level languages by making the appropriate tools, libraries and resources available. More on reddit.com
🌐 r/rust
15
2
June 8, 2020
Videos
03:19
🌐 YouTube
What's the Difference in MISRA C and MISRA C++? - YouTube
March 13, 2025
227
05:41
🌐 YouTube
Delving Into MISRA C/C++ - YouTube
March 12, 2025
245
53:04
🌐 YouTube
C++/Rust Interop: A Practical Guide to Bridging the Gap Between ...
February 24, 2025
View all
View all
🌐
GitHub
github.com › PolySync › misra-rust
GitHub - PolySync/misra-rust: An investigation into what adhering to each MISRA-C rule looks like in Rust. The intention is to decipher how much we "get for free" from the Rust compiler.
Each rule corresponds to a source file in tests/compile-fail. A "passing" test is a test that fails to compile. Passing tests can indicate that Rust enforces a specific MISRA-C rule or that the rule does have a Rust equivalent.
Starred by 132 users
Forked by 20 users
Languages   Rust 100.0% | Rust 100.0%
🌐
BUGSENG
bugseng.com › home › resource library › c, rust, c-rusted and misra for safe and secure embedded software
C, Rust, C-rusted and MISRA for safe and secure embedded software - BUGSENG
June 14, 2025 - To mitigate risks associated with C’s flexibility and potential for misuse, the MISRA guidelines became a de facto standard in all sectors where safety and security are crucial. Nonetheless, the embedded systems community, following a trend common to the entire IT world, has been exploring alternatives like Rust.
🌐
Electronic Design
electronicdesign.com › blogs › altembedded › article › 21270124 › electronic-design-delivering-reliable-rugged-rust
Delivering Reliable, Rugged Rust | Electronic Design
July 24, 2023 - MISRA C also uses static analysis, ... used in markets such as automotive, although Rust is much more robust in allowing programmers to define how memory references are manipulated....
🌐
Reddit
reddit.com › r/rust › let's create a misra-like ruleset for rust
r/rust on Reddit: Let's create a MISRA-like ruleset for Rust
October 18, 2019 -

A couple of days ago a repo was posted which showed which MISRA-C rules are already covered by Rust/rustc. Also there is a related clippy issue that discusses MISRA-C rules that could be implemented in clippy.

Personally I don't think that we should try to blindly follow rules that were designed for C. I think it would make much more sense to start compiling a unique set of rules for Rust that makes the language more suitable for safetly related systems.

I don't know if Github issues are the right place to discuss/collect those rules, but I just started a repo containing a few proposals taken from the linked clippy issue.

Opinions?

Top answer
1 of 5
29
Please checkout https://ferrous-systems.com/blog/sealed-rust-the-pitch/ that has a similar goal.
2 of 5
5
Im very much in favor. I write high assurance, but not usually safety critical code in C and I see a need for these kind of rules in Rust. Somewhere I saw a Rust crypto package that enabled a series of restrictive checks (like #![no_panic], but I cant seem to find it now.
🌐
Hacker News
news.ycombinator.com › item
Not really. Source: I use Rust in automotive where MISRA C is required, and the ... | Hacker News
September 1, 2021 - No ISO standard required · We actually also supplied a "fork" of the MISRA C doc, crossing out ~80% of it, since it was just stuff that is just not possible in safe Rust. We covered the remaining 20% with clippy lints
🌐
Wikipedia
en.wikipedia.org › wiki › MISRA_C
MISRA C - Wikipedia
January 9, 2026 - MISRA C is a set of software development guidelines for the C programming language developed by The MISRA Consortium. Its aims are to facilitate code safety, security, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C / C90 / C99.
HistoryAdoptionGuideline classification and categorizationAchieving compliancePublished documentsExample suiteToolsCriticism
Find elsewhere
🌐
Misra
misra.org.uk › publications
MISRA Publications
This document has been produced to assess the applicability of the MISRA C guidelines to the Rust programming language, and will form the basis of future work within MISRA, in collaboration with the wider Rust community. The intended purpose of this document is to highlight which areas of the Rust programming language are and are not subject to issues identified as affecting C projects.
🌐
Embedded Computing Design
embeddedcomputing.com › technology › security › mirsa-c-cert-c-other-standards › the-place-for-misra-c-in-safe-secure-programming-a-comparison-with-spark
The Place for MISRA C in Safe & Secure Programming - A Comparison with SPARK - Embedded Computing Design
Indeed, many memory and safety ... Ada or Rust, which is only slightly better. Looking at kernel patches reveals that many issues could be detected by specifying simple properties on the code, like what calls are legal in which mode, the types of data invariants that should be preserved, and how to verify them statically using appropriate tools. Surprisingly, MISRA C was not ...
🌐
Stack Overflow
stackoverflow.com › beta › discussions › 78239270 › rust-vs-c-c-is-rust-better-than-c-c-or-is-a-skill-issue
Rust vs C/C++: is Rust better than C/C++ or is a "skill issue"? - Stack Overflow
March 28, 2024 - You get a safe subset by setting up a bunch of rules regarding how one is allowed to write code, what is allowed and what is forbidden. The most well-known safe subset is MISRA C, which was developed by the automotive industry for the purpose of writing firmware in cars, but it is nowadays "de facto" standard for pretty much all embedded systems and not just safety-related ones.
🌐
GitHub
github.com › PolySync › misra-rust › blob › master › MISRA-Rules.md
misra-rust/MISRA-Rules.md at master · PolySync/misra-rust
An investigation into what adhering to each MISRA-C rule looks like in Rust. The intention is to decipher how much we "get for free" from the Rust compiler. - PolySync/misra-rust
Author   PolySync
🌐
Hacker News
news.ycombinator.com › item
Sealed Rust: A plan to bring Rust to safety critical software domains | Hacker News
June 6, 2019 - That sounds like it would still be necessary to standardize, specify and prove a lot about Rust and its compiler, to exploit those facets of Rusts' behaviour · Also, please let the community know how we can help. Whether that involves writing code, unit tests, or financial contributions with ...
🌐
Misra
misra.org.uk › app › uploads › 2025 › 03 › MISRA-C-2025-ADD6.pdf pdf
MISRA C:2025 Addendum 6 Applicability of MISRA C:2025 to the
This document provides an assessment of the applicability of the guidelines specified in MISRA C [1] to the Rust programming language [2] (“Rust”), not to the source code of any particular project
🌐
Sumble
sumble.com › tech › misra-c-c++
What is MISRA C/C++? Competitors, Complementary Techs & Usage | Sumble
Go offers memory safety features and different approaches to software development that provide alternatives to using C/C++ and MISRA for safety-critical applications, though it doesn't directly have an equivalent standard. ... Rust's memory safety features and modern language design provide an alternative to C/C++ and MISRA for developing safe and reliable systems, particularly in embedded and systems programming.
🌐
Reddit
reddit.com › r/rust › arguments to use rust over c++ in embedded computing project
r/rust on Reddit: Arguments to use Rust over C++ in Embedded Computing Project
July 18, 2016 -

We are looking at using an Industrial SBC to power a small control system. (ARM based running Linux)

I have been looking at Rust for the past few months and based on my research, it would be ideal for the job. It has all the libraries that we need and is quite safe.

Currently, the development team is just me. While I haven't used Rust yet, I think I will be able to pick it up quite quickly.

We are a small business that mainly programs in PHP. As we are based in a regional town (in Oz), we find it very difficult to find good developers. My manager is concerned that using Rust will make it even more difficult to find additional developers.

My main argument thus far is that C++ would increase the risk that something bad happens compared to the risk of a beginner Rust developer. I would also posit that finding a C++ developer isn't going to be much easier than Rust one based on past success.

Are there any other good arguments or case studies to use Rust over C++? I am interested in other developer's experiences in convincing managers as well.

Note: We are also looking at Python, but I am not sure that is much better than C++.

Top answer
1 of 5
42

You seem to be grossly underestimating maintenance efforts for this project. Let's say you get fired or quit or shifted to another project. They pretty much won't be able to find anyone else to work on this project for maintaining it, and then your boss are going to ask "why the hell can't we find anyone?".

The response is going to be that the previous employee wrote it in a language that is still very new and has a miniscule number of active developers relative to other languages. Then they will ask why the hell did he did that, and you will be left on the hook.

Furthermore, if you are going for rust for its safety features, why? Is this a tool that can kill or seriously injure someone if it goes wrong? If so, you shouldn't be using rust, you should be using a framework that already exists such as iso262626 with its mirsa guidelines. If it kills someone and you get sued, you will have to show the judge that you did your due diligence, and showing that via a framework with precedence is far easier than something as new as rust.

2 of 5
22

We're lacking a lot of context here.

Non-functional requirements:

  • Do you work in an industry where standards are enforced (MISTRA/JSF/...)?

  • What's the impact of a crash? Can the program be restarted?

  • Is performance really an issue? Are we talking hard/soft realtime?

Functional requirements:

  • Is correctness really an issue?

Team requirements:

  • Which languages do you know? And your boss/others likely to have to step in?

  • Which paradigms do you/they know?

  • Are you/they willing to learn?

If performance is not an issue; then there is a whole lot of languages out there which will not crash on you like C or C++ and will probably be easier to recruit for (Java, for example). However, few languages will protect your from an infinite loop...

If correctness is an issue; then C++ is a step up from C and Rust a step up from C++ (as long as you don't need units...) however there are other languages out there: Ada, Haskell, Idris, ...

As for Rust, coming from C++ I find it somewhat easy to grok, as long as I don't delve into unsafe code (where it's back to maintaining the invariants manually and I'm never too clear on what they are...).

Rust definitely has advantages over C++. To cite one: session types. A great tool to model state machines, and what program doesn't contain state machines?

On the other hand, if you want the power of Boost.Units or Eigen, it's going to be an uphill battle in Rust, and the error messages might not be pretty...

🌐
BUGSENG
bugseng.com › home › c-rusted in a nutshell
C-rusted in a nutshell - BUGSENG
June 15, 2025 - Functional safety standards such as ISO ‍26262 prescribe the use of safe subsets of standardized programming languages used with qualifiable translation toolchains. Insofar a C-rusted program is a C program where the presence of annotation does not invalidate MISRA compliance, C-rusted fits ...
🌐
Myrrlyn
myrrlyn.net › blog › misc › rust-2018
On Safety, and How Rust Can Help · Insufficiently Magical
January 28, 2018 - The fact that Rust has known soundness holes and non-thoroughly proven output safety is less so. Now, that may be a bit hypocritical of a position for us to take since we fly C and C++ code, but there is a lot of institutional knowledge, safeguards, practices, and experience surrounding the C spec, the MISRA and NASA guidelines, and GCC, that LLVM and Rust don’t have yet, and they have to compete with those facts.
🌐
Reddit
reddit.com › r/rust › inherently unsafe c/c++ vs. rust
r/rust on Reddit: Inherently unsafe C/C++ vs. Rust
June 8, 2020 - The words "C is unsafe" and "Rust provides stronger safety guarantees" are words that have been repeated ad nauseam. NOTE: I am not claiming there's no truth in this. Things like style guides, Valgrind, AddressSanitizer, proper use of what C++ ...
🌐
LibHunt
libhunt.com › r › misra-rust
Misra-rust Alternatives and Reviews (Dec 2022)
Ferrocene is a qualified compiler. You write any normal Rust code you want: it's still the upstream Rust compiler. There are no restrictions. Incidentally, someone has compared what MISRA does to what Rust does: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
Related queries
autosar rust
misra c
rust vs c performance
misra for c or c++ or rust reddit
misra for c or c++ or rust github
rust vs c for embedded
misra for c or c++ or rust pdf
rust vs c performance benchmark