The growing complexity of embedded software in cars pushes the automotive industry to focus on software safety. Introduced to ensure reliability, standard ISO 26262 requires software components to meet safety requirements according to their level of criticality, which can range from ASIL A (not extremely critical, such as rear lights) to ASIL D (extremely critical, such as airbags).

Automotive systems are often modeled using Simulink and Stateflow, which can produce ISO 26262-compliant C code. Yet, the generated code is sometimes not efficient enough, does not meet deadlines, uses too much memory and requires hand modifications.

ISO 26262 also requires code analysis to ensure safe behavior. The Rust programming language detects many memory errors at compile time. However, memory safety is insufficient for vehicle reliability. Critical systems must also guarantee bounded memory and execution time, the absence of division by zero and overflow.

We propose the GRust programming language as a solution to automotive system modeling. It generates Rust implementations of systems that guarantee the above safety properties, and execution strategies that address the issue of efficiency.