misra-rust
creusot
Our great sponsors
| misra-rust | creusot | |
|---|---|---|
| 8 | 15 | |
| 112 | 868 | |
| 3.6% | - | |
| 0.0 | 9.6 | |
| almost 3 years ago | 2 months ago | |
| Rust | Rust | |
| MIT License | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
misra-rust
-
United States White House Report on Memory Safe Programming [pdf]
MISRA and Ferrocene are not really related.
MISRA is, as you say, a set of rules for writing C code, that restrict what you can do.
Ferrocene is a qualified compiler. You write any normal Rust code you want: it's still the upstream Rust compiler. There are no restrictions.
Incidentally, someone has compared what MISRA does to what Rust does: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
Given that they can't repeat the MISRA stuff there, it's a bit disjoined, but it sure is interesting!
-
Misra C++:2023 Published
A fun github repo: "what would MISRA look like applied to Rust" https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
(They're comparing with the C version, not the C++ version...)
- Memory Safe Languages in Android 13
-
Ferrocene: Rust toolchain to safety-critical environments
> There are huge swathes of MISRA which forbid things which not only aren't possible in Rust or SPARK
I can't vouch for its accuracy, but https://github.com/PolySync/misra-rust
-
High Assurance Rust: Developing Secure and Robust Software
When it comes to MISRA C, it is interesting to note how many (a majority) of its rules do not apply or have native enforcement[1].
You might have also seen the AUTOSTAR Rust in Automotive Working Group announcement recently[2].
[1]: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
[2]: for some reason the announcement was removed from the "News and events" site, https://webcache.googleusercontent.com/search?q=cache%3Ahttp... but it is still available as a PDF https://www.autosar.org/fileadmin/user_upload/20220308_RustW...
-
AUTOSAR announces new Working Group for Programming Language Rust in Automotive Software context
There's actually already a comparison: https://github.com/PolySync/misra-rust/blob/master/MISRA-Rules.md
-
AdaCore and Ferrous Systems Joining Forces to Support Rust
Rust makes quite a few things more rigorous (e.g. pairing allocations with deallocations and reference validity). It basically fulfills the job of a static analyzer baked into the language.
It's also a vastly more analyzable language (in that its syntax is reasonably unambiguous and there's no dynamic runtime in play) and it can be integrated well.
Toolchain quality (error reporting, built in testing, awareness of primitives like "libraries", etc.) is also a huge strong point.
We're reasonably confident that we can use safe Rust as is, with strong guidance on how to do unsafe Rust.
For a tangible investigation of that space, PolySync has a project that has a look at MISRA rules from a Rust perspective. https://github.com/PolySync/misra-rust/blob/master/MISRA-Rul...
Ada is a good example here: the language has not evolved something like MISRA-C (it has evolved SPARK for formal verification, but I see that differently).
- Resources for learning C/C++ coming from a Rust background
creusot
-
Conditioonal Compilation across Crates?
However, it seems that C is not "notified" whether --cfg thing is set, only the main crate being built is. Regardless of this flag, the dummy macro is always chosen. Am I doing something wrong? It should work; the Creusot project is doing something similar.
-
Kani 0.29.0 has been released!
I believe https://github.com/xldenis/creusot is more similar in that it also uses proofs to prove rust code correct.
-
Prop v0.42 released! Don't panic! The answer is... support for dependent types :)
Wow that sounds really cool! I'm not an expert but does that mean that one day you could implement dependend types or refinement types in Rust as a crate ? I currently only know of tools like: Flux Creusot Kani Prusti
-
Linus Torvalds: Rust will go into Linux 6.1
Easy reasoning does not end on memory safety. For example, deductive verification of Rust code is possible exactly because there's no reference aliasing in safe Rust
-
A personal list of Rust grievances
> No support for using something like separation logic within Rust itself to verify that unsafe code upholds the invariants that the safe language expects.
I think this is something we might see in the future. There are a lot of formal methods people who are interested in rust. Creusot in particular is pretty close to doing this - at least for simpler invariants
https://github.com/xldenis/creusot
-
Whiley, a language with statically checked pre and post conditions, releases its 0.6.1 version and portions implemented in Rust
Seems similar in principle to cruesot except as another language instead of as a layer on-top of rust.
-
What it feels like when Rust saves your bacon
You often encounter this entire thread of rhetoric when someone wants to put a diversion into the central argument, yeah but it doesn't ____.
But Rust does do that, match exhaustiveness, forcing the handling of errors and the type system enables things like CreuSAT [1] using creusot [2]
[1] https://news.ycombinator.com/item?id=31780128
[2] https://github.com/xldenis/creusot
> Creusot works by translating Rust code to WhyML, the verification and specification language of Why3. Users can then leverage the full power of Why3 to (semi)-automatically discharge the verification conditions!
Units of Measure, https://github.com/iliekturtles/uom
The base properties of the language enable things that can never be done in C++.
- Creusot: Deductive Verification of Rust
-
What Is Rust's Unsafe?
> I’ve been working on a tool: https://github.com/xldenis/creusot to put this into practice
Note that there are other tools trying to deal with formal statements about Rust code. AIUI, Rust developers are working on forming a proper working group for pursuing these issues. We might get a RFC-standardized way of expressing formal/logical conditions about Rust code, which would be a meaningful first step towards supporting proof-carrying code within Rust.
-
AdaCore and Ferrous Systems Joining Forces to Support Rust
This is exciting! I've met with people from AdaCore and Ferrous systems (individually) several times and they're all serious, competent and motivated.
I'm curious what kinds of software they want to (eventually) verify, my PhD thesis is developing a verification tool for Rust (https://github.com/xldenis/creusot) and I'm always on the look out for case studies to push me forward.
The road to formally verified Rust is still long but in my unbiased opinion looking quite bright, especially compared to other languages like C.
What are some alternatives?
Welcome - Welcome to AeroRust- a Rust 🦀 in Aerospace 🚀 community & working group
l4v - seL4 specification and proofs
high-assurance-rust - A free book about developing secure and robust systems software.
Daikon - Dynamic detection of likely invariants
rubble - (going to be a) BLE stack for embedded Rust
agda-stdlib - The Agda standard library
rust-verification-tools - RVT is a collection of tools/libraries to support both static and dynamic verification of Rust programs.
hacspec - Please see https://github.com/hacspec/hax
wayland-ada - Ada 2012 bindings for Wayland
CreuSAT - CreuSAT - A formally verified SAT solver written in Rust and verified with Creusot.
orenda - An experiment in language design and compiler building.
ed25519-dalek - Fast and efficient ed25519 signing and verification in Rust.