Static Guarantees
Rust's type system prevents data races at compile time (see Send
andSync
traits). The type system can also be used to check other properties atcompile time; reducing the need for runtime checks in some cases.
When applied to embedded programs these static checks can be used, forexample, to enforce that configuration of I/O interfaces is done properly. Forinstance, one can design an API where it is only possible to initialize a serialinterface by first configuring the pins that will be used by the interface.
One can also statically check that operations, like setting a pin low, can onlybe performed on correctly configured peripherals. For example, trying to changethe output state of a pin configured in floating input mode would raise acompile error.
And, as seen in the previous chapter, the concept of ownership can be appliedto peripherals to ensure that only certain parts of a program can modify aperipheral. This access control makes software easier to reason aboutcompared to the alternative of treating peripherals as global mutable state.