Rust has become a powerful language for embedded systems development due to its safety guarantees and zero-cost abstractions. When I work with embedded Rust, I find that certain features make a significant difference in creating reliable systems. Here’s my experience with the most essential techniques.
Memory-mapped register access is fundamental to interacting with hardware peripherals. I create type-safe interfaces to ensure correct register manipulation:
#[repr(C)]
struct GpioRegisters {
mode: VolatileCell<u32>,
output: VolatileCell<u32>,
input: VolatileCell<u32>,
}
struct Gpio {
registers: &'static mut GpioRegisters,
}
impl Gpio {
fn new(base_addr: usize) -> Self {
let registers = unsafe { &mut *(base_addr as *mut GpioRegisters) };
Gpio { registers }
}
fn set_pin_mode(&mut self, pin: u8, mode: PinMode) {
let shift = 2 * (pin % 16);
let mut reg = self.registers.mode.get();
reg &= !(0b11 << shift);
reg |= (mode as u32) << shift;
self.registers.mode.set(reg);
}
}
This approach provides a safe abstraction over raw memory operations, preventing many common errors while maintaining direct hardware control.
Compile-time resource management is another area where Rust shines. I use the type system to enforce hardware constraints:
struct Pin<Mode> {
port: u8,
pin: u8,
_mode: PhantomData<Mode>,
}
struct Input;
struct Output;
impl<M> Pin<M> {
fn into_output(self) -> Pin<Output>
where M: IntoOutput {
// Configure pin as output in hardware
Pin {
port: self.port,
pin: self.pin,
_mode: PhantomData,
}
}
}
impl Pin<Output> {
fn set_high(&mut self) {
// Set pin high in hardware
}
}
This pattern ensures that certain operations are only available when a peripheral is in the correct state. The compiler catches attempts to use pins incorrectly before the code ever runs.
Interrupt handling requires careful attention in embedded systems. Rust provides safe abstractions for working with interrupt vectors:
static TIMER_INTERRUPT_COUNTER: AtomicUsize = AtomicUsize::new(0);
#[interrupt]
fn TIMER0() {
TIMER_INTERRUPT_COUNTER.fetch_add(1, Ordering::Relaxed);
// Clear interrupt flag
unsafe {
(*TIMER0::ptr()).ifr.write(|w| w.tov().bit(true));
}
}
fn configure_timer() {
interrupt::free(|_| {
// Configure timer hardware
unsafe {
// Enable timer interrupt
(*TIMER0::ptr()).timsk.modify(|_, w| w.toie().set_bit());
}
});
unsafe { interrupt::enable() };
}
The interrupt attribute ensures proper setup while atomic types provide safe access to shared data.
Error handling in embedded systems requires thoughtful approaches since heap allocation is often unavailable. I rely on Rust’s Result type for no-allocation error handling:
enum DriverError {
Timeout,
BusError,
InvalidState,
}
fn initialize_device() -> Result<DeviceHandle, DriverError> {
let mut dev = DeviceHandle::new()?;
match dev.send_command(Command::Reset) {
Ok(_) => {},
Err(DriverError::Timeout) => return Err(DriverError::Timeout),
Err(e) => {
dev.shutdown();
return Err(e);
}
}
Ok(dev)
}
This approach allows for clear error propagation without dynamic memory allocation, which is crucial for deterministic execution.
Static memory allocation becomes essential on constrained devices. I use fixed-capacity collections from crates like heapless:
use heapless::Vec;
fn process_samples(readings: &[u16]) -> [u16; 8] {
// Fixed-capacity vector on the stack
let mut samples = Vec::<u16, 16>::new();
for &value in readings.iter().take(16) {
if value > 100 {
samples.push(value).unwrap_or_default();
}
}
// Return fixed-size array with results
let mut result = [0u16; 8];
for i in 0..8 {
if i < samples.len() {
result[i] = samples[i];
}
}
result
}
These collections provide the flexibility of dynamic structures while maintaining deterministic memory usage.
When creating hardware abstractions, peripheral access traits help me build reusable interfaces:
trait SpiDevice {
fn transfer(&mut self, buffer: &mut [u8]) -> Result<(), Error>;
fn write(&mut self, data: &[u8]) -> Result<(), Error>;
}
struct Flash<SPI> {
spi: SPI,
cs_pin: OutputPin,
}
impl<SPI: SpiDevice> Flash<SPI> {
fn read_id(&mut self) -> Result<[u8; 3], Error> {
self.cs_pin.set_low();
let mut cmd = [0x9F, 0, 0, 0];
self.spi.transfer(&mut cmd)?;
self.cs_pin.set_high();
Ok([cmd[1], cmd[2], cmd[3]])
}
}
This approach allows me to build device drivers that work with any compliant SPI implementation, increasing code reuse across different platforms.
Precise timing control is critical in many embedded applications. I implement accurate delays using hardware timers:
struct DelayTimer {
timer: TIMER0,
}
impl DelayTimer {
fn new(timer: TIMER0) -> Self {
timer.reset();
timer.set_prescaler(Prescaler::Div64);
timer.enable_counter();
Self { timer }
}
fn delay_us(&mut self, us: u32) {
let ticks = us * (CLOCK_FREQ / 64) / 1_000_000;
self.timer.set_counter(0);
while self.timer.counter() < ticks {
// Use WFI (wait for interrupt) to save power
cortex_m::asm::wfi();
}
}
}
This provides more accurate timing than software-based delays while also enabling power-saving during wait periods.
For managing state in interrupt-driven systems, atomic operations provide a safe mechanism without requiring full critical sections:
#[derive(Copy, Clone, Eq, PartialEq)]
#[repr(u8)]
enum DeviceState {
Idle = 0,
Busy = 1,
Error = 2,
}
struct AtomicStateMachine {
state: AtomicU8,
}
impl AtomicStateMachine {
fn new() -> Self {
Self { state: AtomicU8::new(DeviceState::Idle as u8) }
}
fn transition(&self, from: DeviceState, to: DeviceState) -> bool {
self.state.compare_exchange(
from as u8,
to as u8,
Ordering::SeqCst,
Ordering::SeqCst
).is_ok()
}
fn current_state(&self) -> DeviceState {
match self.state.load(Ordering::SeqCst) {
0 => DeviceState::Idle,
1 => DeviceState::Busy,
_ => DeviceState::Error,
}
}
}
This pattern enables safe state management across interrupt contexts without blocking interrupts.
Building hardware abstraction layers (HALs) with traits enables portable device drivers:
trait I2cBus {
fn write(&mut self, addr: u8, data: &[u8]) -> Result<(), Error>;
fn read(&mut self, addr: u8, buffer: &mut [u8]) -> Result<(), Error>;
}
struct TemperatureSensor<I2C> {
i2c: I2C,
address: u8,
}
impl<I2C: I2cBus> TemperatureSensor<I2C> {
fn read_temperature(&mut self) -> Result<f32, Error> {
let mut buffer = [0u8; 2];
self.i2c.write(self.address, &[0x01])?;
self.i2c.read(self.address, &mut buffer)?;
let raw = ((buffer[0] as u16) << 8) | buffer[1] as u16;
Ok(raw as f32 * 0.0625)
}
}
This approach means I can write drivers once and reuse them across different microcontrollers.
Finally, code size optimization is crucial for devices with limited flash memory. I use several techniques to minimize binary size:
#![no_std]
#![no_main]
use panic_halt as _;
#[cfg(not(test))]
#[link_section = ".vector_table.reset_vector"]
#[no_mangle]
pub static RESET_VECTOR: fn() -> ! = reset_handler;
#[inline(never)]
#[no_mangle]
fn reset_handler() -> ! {
// Initialize minimal hardware
let peripherals = unsafe { Peripherals::steal() };
// Main application logic
loop {
// Process state
cortex_m::asm::wfi();
}
}
Using the no_std attribute eliminates the standard library, while careful control of linking and optimization flags further reduces binary size.
In my experience, combining these techniques creates embedded systems that are both reliable and efficient. Rust’s strong type system catches many errors at compile time, while its zero-cost abstractions maintain performance parity with C/C++ code.
When implementing embedded systems in Rust, I focus on utilizing these features to create maintainable and robust code. The safety guarantees provided by the language have helped me avoid many common embedded programming pitfalls while maintaining control over hardware resources.
The static checking provided by Rust’s type system particularly shines in embedded contexts where bugs can be difficult to debug. By leveraging these patterns, I’ve developed firmware that requires fewer debugging cycles and provides greater confidence in system reliability.
