diff --git a/subcommittee/tooling/compiler-features/desired-compiler-features.yaml b/subcommittee/tooling/compiler-features/desired-compiler-features.yaml new file mode 100644 index 00000000..a1e820b5 --- /dev/null +++ b/subcommittee/tooling/compiler-features/desired-compiler-features.yaml @@ -0,0 +1,84 @@ +# This file lists desired Rust compiler features for security and safety-critical applications, +# which are currently missing or incomplete in the standard Rust toolchain. + +metadata: + title: "Desired Rust Compiler Features" + version: "1.0" + date: "2025-10-01" + purpose: "Track missing compiler features needed for safety-critical Rust applications" + considered-standards: + - name: "ISO 26262" + levels: ["ASIL A", "ASIL B", "ASIL C", "ASIL D"] + description: "Road vehicles - Functional safety" + - name: "DO-178C" + levels: ["DAL-E", "DAL-D", "DAL-C", "DAL-B", "DAL-A"] + description: "Software Considerations in Airborne Systems and Equipment Certification" + - name: "IEC 62304" + levels: ["Class A", "Class B", "Class C"] + description: "Medical device software - software life cycle processes" + - name: "IEC 61508" + levels: ["SIL-1", "SIL-2", "SIL-3", "SIL-4"] + description: "Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems" + - name: "ISO/SAE 21434" + levels: ["CAL 1", "CAL 2", "CAL 3", "CAL 4"] + description: "Road vehicles — Cybersecurity engineering" + +topics: +- name: "Stack Protector" + description: "Stack buffer overflow detection and protection mechanism" + priority: "High" + status: "Missing" + category: "Security" + rationale: "Stack protection is not available in any Rust compiler, but required for runtime stack overflow detection in safety-critical systems" + related-links: + - "https://developer.arm.com/documentation/dui0774/l/Compiler-Command-line-Options/-fstack-protector---fstack-protector-all---fstack-protector-strong---fno-stack-protector" + - "https://github.com/rust-lang/rust/issues/114903" + +- name: "TrustZone" + description: "TrustZone support for ARM Cortex-M processors" + priority: "High" + status: "Nightly" + category: "Security" + rationale: "TrustZone support is available only on nightly Rust. Stabilizing it is required for data sagmentation on cortex-m devices" + related-links: + - "https://developer.arm.com/documentation/100690/latest/" + - "https://github.com/rust-lang/rust/issues/81391" + - "https://github.com/rust-lang/rust/issues/75835" + +- name: "Control Flow Integrity (CFI)" + description: "Control flow integrity protection against ROP/JOP attacks" + priority: "Medium" + status: "Partial" + category: "Security" + rationale: "Prevents control flow hijacking attacks in safety-critical applications. Currently limited CFI support, not comprehensive for all control flow transfers" + related-links: + - "https://clang.llvm.org/docs/ControlFlowIntegrity.html" + - "https://github.com/rust-lang/rust/issues/89653" + +- name: "Deterministic Code Generation" + description: "Reproducible binary output for certification requirements" + priority: "High" + status: "Partial" + category: "Safety" + rationale: "Not fully deterministic across different build environments. Required for certification processes that mandate reproducible builds" + related-links: + - "https://github.com/rust-lang/rust/issues/34902" + +- name: "Coverage Instrumentation for Macros" + description: "Code coverage that includes macro expansions" + priority: "High" + status: "Missing" + category: "Safety" + rationale: "Coverage tools cannot instrument macro-generated code. Complete coverage analysis required for safety certification" + related-links: + - "https://github.com/rust-lang/rust/issues/79417" + +- name: "MC/DC" + description: "MC/DC is currently not supported by any Rust compiler." + priority: "High" + status: "Missing" + category: "Safety" + rationale: "MC/DC is needed to reach highest levels of safety-critical software for example in DO-178C." + related-links: + - "https://github.com/rust-lang/rust/issues/124144" + - "https://github.com/rust-lang/rust/pull/144999" diff --git a/subcommittee/tooling/tool-list/available-tools.yaml b/subcommittee/tooling/tool-list/available-tools.yaml new file mode 100644 index 00000000..6886224e --- /dev/null +++ b/subcommittee/tooling/tool-list/available-tools.yaml @@ -0,0 +1,210 @@ +# This file lists available safety-critical Rust tools and their qualification state. + +metadata: + title: "Rust Tooling for use in Safety Critical Projects" + version: "1.0" + date: "2025-09-29" + tracked-standards: + - name: "ISO-26262" + levels: ["ASIL-A", "ASIL-B", "ASIL-C", "ASIL-D"] + description: "Road vehicles - Functional safety" + - name: "DO-178C" + levels: ["DAL-E", "DAL-D", "DAL-C", "DAL-B", "DAL-A"] + description: "Software Considerations in Airborne Systems and Equipment Certification" + - name: "IEC 62304" + levels: ["Class A", "Class B", "Class C"] + description: "Medical device software - software life cycle processes" + - name: "IEC 61508" + levels: ["SIL-1", "SIL-2", "SIL-3", "SIL-4"] + description: "Functional Safety of Electrical/Electronic/Programmable Electronic Safety-related Systems" + +# Tools organized alphabetically by name +tools: + + - name: "cargo" + type: "package-manager" + vendor: "-" + url: "https://github.com/rust-lang/cargo" + description: "Built-in Rust package manager and test runner" + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "cargo-nextest" + type: "test-runner" + url: "https://nexte.st" + vendor: "-" + description: "Next-generation test runner for Rust" + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "cargo-tarpaulin" + type: "code-coverage" + url: "https://github.com/xd009642/tarpaulin" + vendor: "-" + description: "Code coverage tool for Rust" + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "clippy" + type: "static-analysis" + url: "https://github.com/rust-lang/rust-clippy" + vendor: "-" + description: "Clippy is a collection of lints to catch common mistakes and improve Rust code. It analyzes code for potential bugs, performance issues, style violations, and suggests more idiomatic Rust patterns." + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "creusot" + type: "formal-verification" + url: "https://github.com/creusot-rs/creusot" + vendor: "-" + description: "Creusot is a deductive verifier for Rust code. It verifies your code is safe from panics, overflows, and assertion failures. By adding annotations you can take it further and verify your code does the correct thing." + license: "LGPL 2.1" + qualified: [] + + - name: "defmt-test" + type: "test-runner" + url: "https://github.com/knurling-rs/defmt" + vendor: "Ferrous Systems" + description: "Embedded testing framework" + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "Ferrocene" + type: "compiler" + url: "https://ferrocene.dev" + vendor: "Ferrous Systems" + description: "Open-source qualified Rust compiler toolchain for safety- and mission-critical systems" + license: "commercial" + qualified: + - name: "ISO 26262" + up-to: "ASIL-D" + - name: "IEC 62304" + up-to: "Class C" + - name: "IEC 61308" + up-to: "SIL 4" + + + - name: "flamegraph" + type: "profiler" + url: "https://github.com/flamegraph-rs/flamegraph" + vendor: "-" + description: "Flame graph profiler for Rust" + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "GNAT Pro for Rust" + type: "compiler" + url: "https://www.adacore.com/gnatpro-rust" + vendor: "AdaCore" + description: "AdaCore's Toolsuite for High-Assurance Rust Software; Includes stable toolchain for long-term development, long-term support, and qualification" + license: "commercial" + qualified: [] + + - name: "HighTec Rust Compiler" + type: "compiler" + url: "https://hightec-rt.com/products/rust-development-platform" + vendor: "HighTec" + description: "ISO 26262 ASIL D qualified Rust Compiler Development Platform for ARM based Stellar from STMicroelectronics and Infineon AURIX" + license: "commercial" + qualified: + - name: "ISO 26262" + up-to: "ASIL-D" + + - name: "kani" + type: "formal-verification" + url: "https://github.com/model-checking/kani" + vendor: "-" + description: "Kani is an open-source verification tool that uses model checking to analyze Rust programs. Kani is particularly useful for verifying unsafe code blocks in Rust, where the 'unsafe superpowers' are unchecked by the compiler." + license: "Apache 2.0 & MIT" + qualified: [] + + - name: "Lauterbach Trace32 Debugger" + type: "debugger" + url: "https://www.lauterbach.com/" + vendor: "Lauterbach" + description: "Lauterbach‘s TRACE32® tools are a suite of leading-edge hardware and software components that enables you to analyze, optimize and certify all kinds of embedded systems." + license: "commercial" + qualified: [] + + - name: "mantra" + type: "requirements-traceability" + url: "https://crates.io/crates/mantra" + vendor: "-" + description: "Requirements traceability with structural code analysis and code coverage" + license: "MIT" + qualified: [] + + - name: "OpenFastTrace" + type: "requirements-traceability" + url: "https://github.com/itsallcode/openfasttrace" + vendor: "-" + description: "OpenFastTrace (short OFT) is a requirement tracing suite." + license: "GPL-3.0" + qualified: [] + + - name: "PLS UDE" + type: "debugger" + url: "https://www.pls-mc.com/products/universal-debug-engine/" + vendor: "PLS Programmierbare Logik & Systeme GmbH" + description: "UDE® Universal Debug Engine is the powerful development tool for debugging, tracing, and testing embedded software for a wide range of multicore SoCs and microcontrollers." + license: "commercial" + qualified: [] + + - name: "Reqtify" + type: "requirements-traceability" + url: "https://www.3ds.com/products/catia/reqtify" + vendor: "Dassault Systèmes" + description: "Reqtify is a solution which allows implementing an End-To-End Traceability along the whole V-Cycle across very different types of document and data bases (by plugin connector)." + license: "commercial" + qualified: [] + + - name: "sphinx-needs" + type: "requirements-traceability" + url: "https://sphinxcontrib-needs.readthedocs.io/" + vendor: "" + description: "Sphinx Needs is a requirements management extension for Sphinx documentation that enables tracing and linking of requirements, specifications, test cases, and other project artifacts" + license: "MIT" + qualified: [] + + - name: "TESSY" + type: "test-runner" + url: "https://www.razorcat.com/en/product-tessy.html" + vendor: "Razorcat" + description: "Qualified unit testing tool" + license: "commercial" + qualified: [] + + - name: "TrustInSoft Analyzer" + type: "static-analysis" + url: "https://www.trust-in-soft.com/trustinsoft-analyzer" + vendor: "TrustInSoft" + description: "Static analysis for C, C++, and soon to be Rust code" + license: "commercial" + qualified: [] + + - name: "VectorCast" + type: "test-runner" + url: "https://www.vector.com/us/en/products/products-a-z/software/vectorcast/" + vendor: "Vector Software" + description: "Qualified test runner and generator for safety-critical applications" + license: "commercial" + qualified: [] + + - name: "verifast" + type: "formal-verification" + url: "https://github.com/verifast/verifast" + vendor: "-" + description: "VeriFast is a tool for modular formal verification of the absence of undefined behavior in Rust1 programs that use unsafe blocks and the soundness of Rust modules that use unsafe blocks." + license: "MIT" + qualified: [] + + +open-topics: + - name: "Fault Injection Tests" + description: "No generally applicable tool exists to inject faults in Rust projects during testing." + + - name: "Coding Guidelines" + description: "No Rust coding guidelines currently exist, so no tool can enforce them." + + - name: "Graphical Representation" + description: "Missing tools that are capable to represent Rust code in a graphical way (e.g. flow chart)."