I'm in the process of (procrastinating on) porting some code on the #ESP32 from Arduino IDE to #platformio. My current implementation occasionally crashes, and I'm not sure my rewrite won't.

I just remembered, some years ago I touched #ponylang, which has this interesting concept of capabilities built into the language: all of the OS-level functions like networking, filesystem and so on require a special parameter called a "capability" (which comes in various flavours), optimized away by the compiler, which guarantees that the function can, transitively, only be called by code which holds the appropriate capability.

If that existed on my platform and was extended conceptually to things like FreeRTOS, I would be confident I could safely call some 3rd party or even my own code from some handler, because i knew it couldn't allocate memory or sleep or do thread things.