cortex-m
advisory-db
cortex-m | advisory-db | |
---|---|---|
6 | 37 | |
758 | 859 | |
2.6% | 2.3% | |
7.6 | 9.3 | |
4 days ago | 7 days ago | |
Rust | ||
Apache License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cortex-m
-
Rust fact vs. fiction: 5 Insights from Google's Rust journey in 2022
I do not have as strong of feelings as your parent, but:
1. A lot of the APIs make use of the typestate pattern, which is nice, but also very verbose, and might turn many people off.
2. The generated API documentation for the lower level crates relies on you knowing the feel for how it generates the various APIs. It can take some time to get used to, especially if you're used to the better documentation of the broader ecosystem.
3. A bunch of the ecosystem crates assume the "I am running one program in ring0" kind of thing, and not "I have an RTOS" sort of case. See the discussion in https://github.com/rust-embedded/cortex-m/issues/233 for example.
- Advisory: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
-
Any frameworks in Rust for developing on SiFive / ST / NXP boards?
For cortex-m support, check out the cortex-m crate
-
Getting panic when running Rust-Embedded code to set GPIO mode
See https://github.com/rust-embedded/cortex-m/tree/master/panic-semihosting
-
A GPIO Driver in Rust
I don't think so. Once a function is compiled, it basically becomes a black box with a type signature so unless sleeping in a function affects its signature, that information is erased. If you pass in some kind of a sleep token that has to be used to sleep, then yeah I think you could enforce it by only being able to get that token in a non-atomic context and making it leak proof.
The Cortex-M crate does something similar, but for proving that you are in an atomic context. Another function that expects a CriticalSection type is then assured that it's running without interrupts enabled.
https://github.com/rust-embedded/cortex-m/blob/master/src/in...
- Would it be possible to run Rust on the new Raspberry Pi Pico?
advisory-db
- Serde-YAML for Rust has been archived
- When Zig is safer and faster than Rust
-
Advisory: Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
You might also want to add this to https://github.com/rustsec/advisory-db so that cargo audit and Dependabot surface it.
-
"This type of secure-by-default functionality is why we love Go"
The behavior of not extracting outside the specified directory has been the default since forever in Rust's tar. And then it had two RUSTSEC advisories for not handling this correctly in certain corner cases. The latest one in 2021.
-
greater supply chain attack risk due to large dependency trees?
cargo-audit only checks for known issues reported to a vulnerability database.
- capnproto-rust: out-of-bound memory access bug
-
`cargo audit` can now scan compiled binaries
However, I keep getting this error when running cargo audit bin ~/.cargo/bin/*, even if I replace * with a specific binary: Fetching advisory database from `https://github.com/RustSec/advisory-db.git` Loaded 467 security advisories (from C:\Users\jonah\.cargo\advisory-db) Updating crates.io index error: I/O operation failed: The system cannot find the path specified. (os error 3) I'm on Windows 10.
-
MIA Github Assignee on very minor PR
I usually open an issue asking if the crate is still maintained. If there isn't a response for a decent amount of time (like multiple months) and the crate is somewhat popular then it could be worth opening an unmaintained advisory in the advisory-db
-
RustSec Advisory Database Visualization
Here is the visualization of RustSec Advisory Database. I hope it will be helpful. If you need any more charts, feel free to comment.
-
Github Dependency graph adds vulnerability alerting support for Rust
FWIW the RustSec database is still not synced into the Github databse on a regular basis, even though they did an initial import of it. So the cargo audit github action is still relevant.
What are some alternatives?
cortex-m-rt - Minimal startup / runtime for Cortex-M microcontrollers
cargo-deny - ❌ Cargo plugin for linting your dependencies 🦀
stm32-rs - Embedded Rust device crates for STM32 microcontrollers
chrono - Date and time library for Rust
rtic - Real-Time Interrupt-driven Concurrency (RTIC) framework for ARM Cortex-M microcontrollers
vulndb - [mirror] The Go Vulnerability Database
wyhash-rs - wyhash fast portable non-cryptographic hashing algorithm and random number generator in Rust
rustsec - RustSec API & Tooling
pico-examples
Rudra - Rust Memory Safety & Undefined Behavior Detection
stm32-hal - This library provides access to STM32 peripherals in Rust.
dwflist - The DWF IDs