Driver Timeout in Embedded Systems: Mastering Bare Metal Timeouts

What Is a Driver Timeout in Embedded Systems

A driver timeout is a mechanism that prevents an embedded driver from waiting endlessly for a hardware response that may never occur. It ensures that the system can recover safely from unresponsive peripherals or communication errors.

For Example:

• A UART timeout avoids blocking when no data arrives.
• An I2C timeout prevents infinite waiting when the bus is stuck.
• An SPI timeout ensures a proper exit if the slave device does not respond.

Timeouts improve the reliability and predictability of firmware, especially in resource-limited embedded environments.

Why Embedded Drivers Need Timeouts

Peripheral drivers continuously wait for hardware flags, signals, or transfer completions. Without a timeout function, this waiting may never end, causing the firmware to hang or crash.

Common Situations Include:

• A UART driver waiting forever for a byte that never arrives.
• An I2C master stuck if a slave holds SDA low after a glitch.
• An SPI transfer frozen because the slave device stopped clocking.

By using driver timeouts, your system can detect these issues, return an error, retry the operation, or safely reset the interface. This ensures that communication failures never stop the entire system.

UART Timeout Example – Reliable Serial Communication

Single Byte Read with Timeout

#include "timeout.h"

bool uart_read_byte_timeout(uint8_t *out, uint32_t max_ms) {
    timeout_t to = timeout_start(max_ms, clock_ms());
    while (!timeout_expired(&to, clock_ms())) {
        if (UARTx->SR & UART_SR_RXNE) {
            *out = (uint8_t)UARTx->DR;
            return true;
        }
    }
    return false;
}

This function exits when either a byte is received or the driver timeout expires. It keeps your firmware responsive even if the UART line stays inactive.

Multi-Byte UART Timeout

For multi-byte transfers, you can apply two approaches:

• Single overall timeout – The entire buffer must be received within a defined time.
• Per-byte timeout – The timer restarts after every byte, suitable for packet-based protocols.

Example for a Single Overall Timeout

bool uart_read_buf_timeout(uint8_t *buf, size_t len, uint32_t max_ms) {
    timeout_t to = timeout_start(max_ms, clock_ms());
    size_t i = 0;
    while (i < len && !timeout_expired(&to, clock_ms())) { if (UARTx->SR & UART_SR_RXNE) {
            buf[i++] = (uint8_t)UARTx->DR;
        }
    }
    return (i == len);
}

I2C Timeout – Preventing Bus Lockups

Common I2C Timeout Problem

The I2C bus may lock up when a slave device holds SDA low after a reset or fault. Without an I2C timeout, the master can loop forever waiting for a signal that never appears.

Interrupt Driven I2C Transfer with Timeout

#include "timeout.h"

static volatile uint8_t i2c_done;

void I2C_IRQHandler(void) {
    if (I2C->SR & I2C_SR_TC) {
        i2c_done = 1;
        I2C->ICR = I2C_ICR_CLEAR_TC;
    }
}

bool i2c_transfer_timeout(uint32_t max_ms) {
    i2c_done = 0;
    start_i2c_transfer();
    timeout_t to = timeout_start(max_ms, clock_ms());
    while (!timeout_expired(&to, clock_ms())) {
        if (i2c_done) return true;
        __WFI();
    }
    abort_i2c_transfer();
    return false;
}

This communication timeout ensures the system exits safely even when the transfer cannot complete.

SPI Timeout – Handling Unresponsive Slaves

Polling-Based SPI Transfer

bool spi_transfer_byte_timeout(uint8_t tx, uint8_t *rx, uint32_t max_ms) {
    timeout_t to = timeout_start(max_ms, clock_ms());

    while (!timeout_expired(&to, clock_ms())) {
        if (SPIx->SR & SPI_SR_TXE) {
            SPIx->DR = tx;
            break;
        }
    }

    if (timeout_expired(&to, clock_ms())) return false;

    while (!timeout_expired(&to, clock_ms())) {
        if (SPIx->SR & SPI_SR_RXNE) {
            *rx = (uint8_t)SPIx->DR;
            return true;
        }
    }
    return false;
}

This approach prevents the embedded driver from freezing during incomplete data exchanges.

Designing a Reusable Timeout Function

typedef enum {
    TO_OK = 0,
    TO_EXPIRED,
    TO_ERROR
} to_status_t;

This allows higher-level code to decide whether to retry, reset, or handle the communication timeout in a specific way.

Testing Timeout Functions in Embedded Drivers

• Fault injection by holding SDA low or disconnecting UART lines.
• GPIO instrumentation to detect timeout events on a logic analyzer.
• Running wraparound tests when the tick counter is near overflow.

Testing confirms that your timeout functions behave reliably in every situation.

Summary – Driver Timeout in Embedded Systems

Common Mistakes to Avoid

• Forgetting to reset peripherals after a timeout.
• Ignoring the return values of timeout functions.
• Using timeout durations that are too short or too long.
• Assuming interrupts will always occur.

Conclusion

Timeouts are a critical part of building robust and reliable embedded drivers. Whether it is a UART timeout, an I2C timeout, or a SPI timeout, each ensures your system remains stable even under communication failure conditions. Implementing a reusable timeout function helps your drivers stay predictable, safe, and easy to debug. For bare metal embedded systems, this is one of the most effective techniques for achieving long-term reliability.