misra-rust
SaferCPlusPlus-AutoTranslation2
misra-rust | SaferCPlusPlus-AutoTranslation2 | |
---|---|---|
8 | 4 | |
112 | 8 | |
0.0% | - | |
0.0 | 0.0 | |
almost 3 years ago | about 2 years ago | |
Rust | ||
MIT License | Boost Software License 1.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
misra-rust
-
United States White House Report on Memory Safe Programming [pdf]
MISRA and Ferrocene are not really related.
MISRA is, as you say, a set of rules for writing C code, that restrict what you can do.
Ferrocene is a qualified compiler. You write any normal Rust code you want: it's still the upstream Rust compiler. There are no restrictions.
Incidentally, someone has compared what MISRA does to what Rust does: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
Given that they can't repeat the MISRA stuff there, it's a bit disjoined, but it sure is interesting!
-
Misra C++:2023 Published
A fun github repo: "what would MISRA look like applied to Rust" https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
(They're comparing with the C version, not the C++ version...)
- Memory Safe Languages in Android 13
-
Ferrocene: Rust toolchain to safety-critical environments
> There are huge swathes of MISRA which forbid things which not only aren't possible in Rust or SPARK
I can't vouch for its accuracy, but https://github.com/PolySync/misra-rust
-
High Assurance Rust: Developing Secure and Robust Software
When it comes to MISRA C, it is interesting to note how many (a majority) of its rules do not apply or have native enforcement[1].
You might have also seen the AUTOSTAR Rust in Automotive Working Group announcement recently[2].
[1]: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
[2]: for some reason the announcement was removed from the "News and events" site, https://webcache.googleusercontent.com/search?q=cache%3Ahttp... but it is still available as a PDF https://www.autosar.org/fileadmin/user_upload/20220308_RustW...
-
AUTOSAR announces new Working Group for Programming Language Rust in Automotive Software context
There's actually already a comparison: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rules.md
-
AdaCore and Ferrous Systems Joining Forces to Support Rust
Rust makes quite a few things more rigorous (e.g. pairing allocations with deallocations and reference validity). It basically fulfills the job of a static analyzer baked into the language.
It's also a vastly more analyzable language (in that its syntax is reasonably unambiguous and there's no dynamic runtime in play) and it can be integrated well.
Toolchain quality (error reporting, built in testing, awareness of primitives like "libraries", etc.) is also a huge strong point.
We're reasonably confident that we can use safe Rust as is, with strong guidance on how to do unsafe Rust.
For a tangible investigation of that space, PolySync has a project that has a look at MISRA rules from a Rust perspective. https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
Ada is a good example here: the language has not evolved something like MISRA-C (it has evolved SPARK for formal verification, but I see that differently).
- Resources for learning C/C++ coming from a Rust background
SaferCPlusPlus-AutoTranslation2
-
United States White House Report on Memory Safe Programming [pdf]
Hi pizlonator, I'm working on a solution with similar goals (I think), but a bit of a different approach. It's a tool that auto-translates[1] (reasonable) C code to a memory-safe subset of C++. The goal is to get it reliable enough that it can be simply inserted as an (optional) build step, so that the source code can be maintained in its original form.
I'm under the impression that you're more of a low-level/compiler person, but I suggest that a higher level language like (a memory-safe subset of) C++ actually makes for a more desirable "intermediate representation" language, as it's amenable to maintaining information about the "intent" of the code, which can be helpful for optimization. It also allows programmers to provide manually optimized memory-safe implementations for performance-critical parts of the code.
The memory-safe subset of C++ is somewhat analogous to Rust's in terms of performance and in that it depends on a non-trivial static checker, but it imposes less onerous restrictions than Rust on single-threaded code.
The auto-translation tool already does the non-trivial (optimization) task of determining whether any (raw) pointer is being used as an array iterator or not. But further work to make the resulting code more performance optimal is needed. The task of optimizing a high-level "intermediate representation" language like (memory-safe) C++ is roughly analogous to optimizing lower-level IR languages, but the results should be more effective because you have more information about the original code, right?
I think this project could greatly benefit from the kind of effort you've displayed in yours.
[1]: https://github.com/duneroadrunner/SaferCPlusPlus-AutoTransla...
-
Upcoming Changes to C++ : Bjarne Stroustrup, Gabriel Dos Reis.
Part of the reason the proposed static analyzer has to be so ambitious is because it's trying to validate (i.e. verify as safe) as much existing/legacy code as possible. An alternative approach is to autoconvert existing code to new code that is easier to verify as safe. One advantage of this approach is that in instances where you cannot (yet) statically verify safety, you can convert to (new) elements that may resort to run-time safety mechanism when necessary. With access to the full range of safety-performance tradeoffs, this approach can (fully) safen a much larger set of legacy code then any static analyzer alone could.
-
Some thoughts on safe C++
There's also some support for autoconverting legacy C code that is not performance critical to use the library and conform to a safe subset of C++.
What are some alternatives?
Welcome - Welcome to AeroRust- a Rust 🦀 in Aerospace 🚀 community & working group
high-assurance-rust - A free book about developing secure and robust systems software.
creusot - Creusot helps you prove your code is correct in an automated fashion. [Moved to: https://github.com/creusot-rs/creusot]
rubble - (going to be a) BLE stack for embedded Rust
rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.
wayland-ada - Ada 2012 bindings for Wayland
orenda - An experiment in language design and compiler building.
gcc - Official Ada++ repository
book - The Rust Programming Language
serde - Serialization framework for Rust
sdlada - Ada 2022 bindings to SDL 2 - Don't STAR this, this is my personal repo which I may delete over using the AGF one.
whycode