Rust Week 2025

Niko Matsakis - Our Vision for Rust

hard to define what rust is for, as you can use it for everything
it’s the foundation other things are built on
rust is for “foundational software”
- foundational software is not inaccessible
Amazon dsql was built in kotlin, performance in data layer wasn’t good enough so rebuilt in rust. Then didn’t work with control plane well, so also rebuilt that in rust
historical takeaway
- Amazon bet on java and it paid off
- allows them to get juniors in and not mess up the system with memory bugs
- rust has that similar property
risks
- well maintained is not a single maintainer
- are security fixes backported to version 0.0.2 crates
- rust upgrades make me nervous

intro
- “for decades we have been trying keep rust out of cars, now we are trying to get it back in” ace opening joke
- low power processor team
- first automotive to have ECU in rust
- previous setup was basically raspberry pi 4 with infotainment system
- first VHAL in Rust → when it compiled it worked
core computer low power component
- always powered on, needs low power consumption
Team
- team of 4, engineers
- embedded engineer with curiosity mindset
- external help with drivers and issues
ci
- new platform was stackable
- stack of boards runs all of the patches
stats proeict
- 170kloc
- 70 3rd party libraries
experiences like Google survey
- 2-4x productivity
- high confidence in correctness
- code easier to review
- 100x less bugs per developer per year
safety critical space
- “compliance by construction”
- 90% if effort is spent on verification
- 2% of revenue spent on warranty costs
safety vs security
- safe to use → avoid modifications
- safe from hacking → keep it up to date
- these are fundamentally opposing forces, but rust can be solution

Kiesraad software tools
calculated totals get computed
data is input twice
air gapped software
- backend written in rust
why rust
- open source
- run on open source
- easy to deploy
libraries
- sqlx
- typst for pdf
experiences
- helped to attract senior developers
- medior developers were able to learn

can we make fewer tradeoffs with better tools, like rust?
exponential decay pattern in vulnerabilities → young code has the most vulnerabilities
the best thing we can do is work on prevention
Google Development
- started in q3 in 2020
- In q4 2024 more rust going in than c/c++
- exponential transitioning feels very slow at the beginning
published results
- new memory unsafe code correlates highly to the amount of vulnerabilities, and have both been decreasing rapidly
- security improved while security costs went down
- reviewers are spending less time ok reviews, and the code is better
introduction is non trivial
- stage 0: customer focused rust team: assemble team that make sure that rust teams are successful
- stage 1: initial support. Build integration, language interop. Progress fast, start deploying
- stage 2: pilot phase, low risk. Make sure the project result Validates the support, address the gaps
- stage 3: rust by exception, grow teams
- stage 4: rust general availability, organic demand is create
- stage 5: generate more demand,
- stage 6: c/c++ by exception. This needs Organisational alignment, if not required do not chase this step
next steps
- repeat these steps in other areas of domains, e.g. rust for Linux
questions
- elaborate on training?
- started with teams that were intrinsically motivated, they figured that out themselves
- GitHub “comprehensive rust” internal training at Google

takeaways
- convincing developers is not that hard
- lateral movement to architects and business is harder
- data source for metrics
  - rust survey
  - roxis from meetup talks
  - cisa
momentum
- leverage the fact you don’t have any embedded experience yet
- replacing software reaching end of life to allow maintenance
projector case
- use of Axum as webserver
- replace something, show results, move on

training
- large companies very conservative
juniors
- both wo and hbo ict technology
- c++ csharp projects
- c++ and go background are very compatible
- functional programming
hire consultant to review code from juniors
training with support chat afterwards
interviewmethodology
- get a repo and perform a task within x hours

Hiring and training
- find people that are willing to learn on the job rather than experience
- there are some holes in documentation, testing, design patterns in async → room left to create training materials
Rust adoption first steps
- look for natural momentum
- spread organically
- speed up proces with data and evidence that rust brings value
Rust’s tooling
- sanitation tools
- static analysis tools that are still missing
- there is no mokito for rust
Using Rust in existing projects
- human side of integrating → bottom up vs top down decisions
- all sorts of combination of languages used
- have a test and benchmark suite already
- create a boundary around pieces of code
How to plan your rust migration
- come in early in projects
- let people know you help companies in this phase
- companies don’t always advertise they use rust
The Rust Foundation & Rust Project
- we can do a better job at communicating what the foundation does
Rust for embedded software development (James munns)
- interest in running wasm in sandbox
- embedded folks don’t share that much on their stack
Setting up Rust in a semiconductor company
- reliable and tested peripheral access crates and hal’s
- missing tools for testing, documentation and postprocessing
- fast update of certificatied libraries
Rust for frontend development
- native ui van browser based ui,
  - browser easier to hire and deploy
  - more bloat, less security
- upgrade hardware to increase performance
- android UI