Understanding “Memory Safety”: Guarantees, Limits, and Different Solution Approaches

Memory safety has become a trending topic. The severity of memory errors has been recently demonstrated by the CrowdStrike incident, which resulted in more than $5 billion in damages. Authorities and institutions are calling for a transition to memory-safe programming languages and urging the industry to reevaluate its current software development tools. However, while memory safety is essential for software reliability, it is sometimes tragically misunderstood, leading to conclusions that do not necessarily reduce the risk of software failure.

This paper aims to demystify memory safety, challenge oversimplified notions, and present a nuanced perspective on its implementation. We explore both established solutions (e.g., coding guidelines, such as MISRA C++) and emerging ones (e.g., new languages, such as Rust) and evaluate their mechanisms and guarantees in the context of embedded systems. We argue that memory safety is not a binary property but rather a spectrum with many solutions, each having its own tradeoffs. Overall, we conclude that memory safety cannot be automatically solved with new tools or programming languages; instead, it requires the whole development process to be well-balanced and thoroughly understood.

This paper was presented at Embedded World 2025.