Cliff L. Biffle

Cliff would like the world to be filled with more robust firmware. He's working to provide more tools and techniques for achieving that, mostly by moving away from the memory-unsafe languages that account for most security bugs in shipping software.

Cliff is not here representing his employer, but he currently writes firmware and tools for Oxide Computer Company, and has previously done embedded systems work at Loon and assorted other projects at Google X.


United States





Turn your code inside-out: programming (and debugging) bare metal with async Rust
Cliff L. Biffle

Rust has gotten a lot of attention in the embedded space lately, but there's an under-appreciated language feature that can be uniquely enabling for writing drivers and resource-constrained code: async. The async transform takes code written in the usual way -- with loops, function calls, and the like -- and inverts it into an explicit state machine that can be stepped in response to events. This gives developers the benefits of both simple "straight-line" code, such as readability and structured control flow, combined with the benefits of writing explicit state machines by hand, such as lower resource usage compared to threads or nested interrupts for concurrency. But more importantly, it provides something that's hard to achieve in explicit state machines: automatic composition of state machines, with type and lifetime checking.

This talk will propose an embedded-specific way of viewing Rust's async feature, look at how to apply it to solve certain common firmware problems, and touch on the elephant in the room: debugger support. Examples will use the author's open-source async embedded OS, lilos, and a proof-of-concept debugger for embedded async Rust.

Main Track