I really hope rust gains a foothold in the embedded market. We need these features badly. As uCs get more powerful (you can get 200mhz chips for a few dollars) with more RAM and complicated networked peripherals, it's a no-brainer to have these features available in a safe way. Currently if you have an application relying on dynamic memory usage, for instance, most developers will write their own simple memory management, usually in which you have an array that various things hold pointers to and get's freed all at once. All that just to spread some memory around, and concurrency is an even dirtier word than the heap...
Each of them is a company making serious money in embedded systems. A few do safety-critical. I'll let you wonder whether they were in their right mind for building Java apps and using Java runtimes that don't seem to fail in high-stakes circumstances.
You're not wrong, but this is sort of like saying that CPU's cost nothing, so just replace your i5 with 4 celerons.
Distributed programming is even harder than multi-threaded programming if you need tightly coupled communication. Imagine you need to read an ADC (think oscilloscope output if you're not familiar) at 1MB/s and also need to be analyzing the data while talking to other devices on various peripherals about what you've found. You'll have to use Direct Memory Access most likely so communicating that data stream over SPI to another microcontroller might not be the best idea unless you have a lot of extra RAM to buffer everything in.
Edit: and the real reason you don't want to do this is because the EEs and manufacturing engineers on your project will try to kill you. Two uCs means two codebases and two devices to program during production, plus extra testing, more complicated design, and more parts to place (uC, crystal, caps, etc)
All problems disappear with enough speed. Eventually the main loop is fast enough that you can poll.
If you're doing something truly cutting edge your competitors aren't better than you are so you can afford that second uC and more parts.
Most of engineering judgment is finding the point where the goal is ambitious enough to keep up with or pass the competition while conservative enough that it'll likely work, or at least you won't get sued.
In abstract this is true, but in real life, you get presented with a microcontroller and are told to make X happen in Y time. The current trend is where microcontrollers are becoming fast enough to essentially be bare-bones computers. Maybe they're so fast that you can poll a dozen sensors fast enough to respond to an event, but now clients want you need to drive a graphic display with all the system performance stats in real time and stream cat videos via UDP to it whenever the user gets bored.
Being able to squeeze the full potential out of these devices is getting harder and harder with current methods. Safe concurrency and memory management can allow developers to fully utilize their hardware without needing a grey beard to write some unreadable assembly that you later find out was just a plagiarized version of the Windows ME memory manager.
Never trust a sentence with the word "just" in it.
Duplicating the microcontroller on a project where people spend all afternoon arguing about 10 cents on the BOM is not a welcome idea. Also, the most eye-opening required course I took as an undergrad was reliability engineering. After you learn to do the reliability math, adding several solder joints to the product purely out of laziness looks profoundly stupid. Neither idea makes you look good to the old grey-beards on the other side of the table at the design review.
On the other hand building a system out of a lot of small processors tends to lead to very complex systems in the end, since the different parts almost always need to communicate at some point. In the end it doesn't buy you much since you end up having to write message passing systems and their associated handlers everywhere.
Rust actually gives me some hope that we might see better low-level code portability between some of these microcontrollers.
In theory I could develop a project on a beefy TI microcontroller using higher-level Rust primitives/libraries and port it over to the cheapest microcontroller I can find that still fits my I/O budget/speed/memory/timer constraints. All that without having to use a RTOS or having to drastically re-write interrupt/timer code to whatever system the new controller uses.
That's a very nice use of Rust's safety. This tasking model is a common way to write programs for very small machines, but with this, it's safe. People have a very hard time getting all that priority-level adjustment right.
It's not concurrency, though. It's asynchrony. Two things never happen at at the same time.
Modula I for the PDP-11 did do all this in 1979. In addition, it computed the worst-case stack for each task, so you were sure you couldn't run out of memory if enough preemption occurred. Today this is mostly an issue on very low-end machines, but this code is for machines like very low end ARM processors, where you might run out of stack. Some test fixture to force worst case stack use, with all the priorities stacked up, would be useful.
"Its not concurrency". I would argue that. Its not parallelism (at least not in the current state, but the RTFM-core language that originated this work offers true parallelism, implemented onto of Windows Threads, and Pthreads (Linux/OSX). On multicores, deadlock freeness is not guaranteed, but the rtfd-compiler detects potential deadlocks at compile time for the implementer to fix (so no spurious deadlocks from a system passing compilation). As the multicore implementation is being based on threads, response time analysis for such systems are basically out the window... (Also such multicore systems are very hard to predict, due to cashes, etc...) /Per
Nice article. Some good insights, as well as beginner how-to steps.
The embedded industry has proven to be very resistant to innovations and modern code-writing practices. Some platforms I coded for didn't even support/allow C99 standard. C++ is gaining some foothold (mbed, for example). Developers don't feel the urge to catch on with times, like in other industries. And yet, now they are expected to write secure IoT systems.
Hopefully Rust can demonstrate its worth and convert key industry specialists who would blog about it. Personally, I'm still waiting for perfect opportunity to apply it on medium-sized project before I fully commit (secretly I'm still rooting for Nim).
"The embedded industry has proven to be very resistant to innovations and modern code-writing practices .... And yet, now they are expected to write secure IoT systems."
I second that. Conservative nature of embedded industry led to lots of investment into things like static analysis, WCET's, and automated testing of few languages or platforms they use. Embedded is one of few sectors that can benefit from most deliverables in high-assurance field as well since they structure their stuff simple enough for that vs piles of Linux, containers, bloated apps, etc. The innovation happens outside of the coding mostly. That's why the coding keeps the quality that engineers intended to put into it. :)
I don't think that article is particularly outdated. The subsequent development of and cost drops for ARM Cortex-M processors has changed the scene a bit - but they had ARM V7 TDMI units then which were comparable.
But at no time has UML tooling been the driving factor behind the industry's adoption or lack of adoption of a language.
The problem with C++ and other high-level languages has always been that it's hard to see how much a line of code costs. Incrementing a pointer to an array in C has a transparent, short runtime, compared to moving to the next element in a C++ collection which may accidentally invoke a dizzying indecipherable mess of template objects, overloaded operators, and STL dependencies. Or in other languages, you may need a large operating system and runtime to be loaded.
High level languages do handy magic things for you under the hood. If your engine bay is measured in terabytes of storage, gigabytes of RAM, gigaflops of computational power, hundreds of watts of electrical power, and seconds of acceptable interaction time, those magic things that let programmers build useful features faster are nice.
But when you're trying to get guaranteed responses in microseconds from milliwatts of electrical power in a few kilobytes of RAM, you're likely going to be hand-picking everything under the hood. No magic allowed.
I didn't glean that the author is implying UML influenced language choice, just that UML vendors tried to sell to C developers.
But to answer your question, C++ is gaining a larger foothold in embedded if anything. More and more libraries are written in C++, and it's becoming more supported in the various toolchains.
From a very recent hackaday article -
"Modern C++ allows us to write cleaner, more concise code, and make the code we write more reusable. The following are [...] new features of C++ that don’t add memory overhead, reduce speed, or increase size because they’re all handled by the compiler [...] after reading this you’ll be more aware of the newer features as we start to see them roll out in Arduino code."
And also, because I was poking around their github today, here is Flybrix's source code, a lego-drone startup writing C++ on a Kinetis K-20 microcontroller (100 MHz ARM Cortex-M4). They use the teensy bootloader, which is why you see a mix of Arduino and C++ files
Embedded C++ has been a thing for a while. The bigger issue is that one of the major compiler vendors only provides pre-standard C++ with no namespace std. C++11 is a pipe dream if you can't switch to a modern compiler. Still good enough for C with classes.
Hi There. A number of factors.
1) FreeRTOS is ineffective, in many cases you have to code around the kernel to get sufficiently good response times.
2) FreeRTOS does not offer any means to schedulability analysis, as the internal overhead is very hard to predict and data dependent (and lacks proper characterisation).
3) The threading model as such is not particularly suited to concurrent programming (RTFM is event driven, reflecting the reactive nature of the hardware as well as the application).
4) Thread based programming is hard to get right, see e.g., https://www2.eecs.berkeley.edu/Pubs/TechRpts/2006/EECS-2006-...).
5) Regarding FreeRTOS, the current license disallows to make comparisons with FreeRTOS without their permission, how about that for starters!!! /Per
So, the author learned from it, ported it to a safer language, and release the results. Although Ada/SPARK Ravenscar did embedded concurrency, the author certainly builds on modern methods for achieving similar (possibly better) results in Internet of Things. Good work. :)
Thanks! RTFM-core embeds C code, and is as such not particularly safe. However, as an experiment an object (component like) abstraction RTFM-cOOre was drafted (along with a prototype implementation). The cOOre language "could" be safe (just using rtfm-core/C as an intermediate representation). But developing and "selling" a new language requires huge amount effort and resources. Many of the sought features for the cOOre language are already in place with Rust (just that the concurrency model was not there). So that is where it all started, RTFM for Rust, is at present just a subset of the rtfm-core language, but extensions towards timing semantics and object orientation are already in the making. Disclaimer: Myself being fairly new to Rust, so all the Rust type system wizardry is due Mr. Japaric. /Per