Principal Firmware Architect in Microsoft SCHIE (Silicon and Cloud Hardware Infrastructure Engineering) team
Industry veteran with expertise in security, systems programming (firmware, operating systems, hypervisors), CPU and platform architecture, and C++ systems
Started programming in Rust in 2017 (@AWS EC2), and have been in love with the language ever since
A practical guide to using Rustβs type system to make entire classes of bugs impossible to compile. While the companion Rust Patterns book covers the mechanics (traits, associated types, type-state), this guide shows how to apply those mechanics to real-world domains β hardware diagnostics, cryptography, protocol validation, and embedded systems.
Every pattern here follows one principle: push invariants from runtime checks into the type system so the compiler enforces them.
β Less Safe More Safe β
Runtime checks Unit tests Property tests Correct by Construction
βββββββββββββ ββββββββββ ββββββββββββββ ββββββββββββββββββββββ
if temp > 100 { #[test] proptest! { struct Celsius(f64);
panic!("too fn test_temp() { |t in 0..200| { // Can't confuse with Rpm
hot"); assert!( assert!(...) // at the type level
} check(42)); }
} }
Invalid program?
Invalid program? Invalid program? Invalid program? Won't compile.
Crashes in prod. Fails in CI. Fails in CI Never exists.
(probabilistic).
This guide operates at the rightmost position β where bugs donβt exist because the type system cannot express them.