Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[threadx-dev] New project proposal: Eclipse Canon-C — explicit semantic standard library for C99
  • From: Fikret Güney Ersezer <fgersezer@xxxxxxxxxxx>
  • Date: Wed, 6 May 2026 10:25:17 +0000
  • Accept-language: tr-TR, en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jkOKWbKWKQBz0+BbMA+uyTT+edhSELBjEV/ZP/P25zY=; b=IBcWJI4vSeB+XF+oF0n3OntECLcfB/iPcfa/wD1aEbPS4sYSADy0nqMkpwzAOj29Yz1skZJR1TSgx4L0ZWqDzzHLk7ufsHaYSCywfigIvFikclmkK+SjTXZSk/pXTJXLMwV4tSXgfLsnMIo1iKU38N5L7lIBNrkhV/TAhnYp14QuhiXMBwDqE8NWtpsMXCpKoWX0Uqws/Dd7iz0fEHp7lMdrUKn4hPJMebWP97UknpK6Q6ZHbk1d6dYfifm3MM2ujR81np9J7Sv/wiSiNhI4drRfXj5IEVCPVSEN8u+JX2CjRQ5eH4kYFtjYmpODMldNE21xUx2GwnbPNd8ESli04A==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=pPLQsnMzWl1PACcuV6WKZbw3VkK/9S6nFaNJVikwoFVweekoMu6v0ePArVfrWreEw4LeLkVT5KWQ/afT8QWKbmQ7crmprLsRNmrn1og5cAVm9sj3zQnBFoMjjg1jOM36QoFv40oWo3SB+d0bOS+2YjKz4DtZch4OPLKAPBPuP5QWl/w0BgBTX8eMEgCowKfmW7mqFIgUuFmw4r5Lha57f1bsHmXj5+vPYFH5rQ2L3MZOIRU2C1PFf8TxPPlaY41P5IDyNJjDB2OPy1hdwm2SZsrRzVPErmppSjVUM6Nq553CjVnF4H0PvS0kQJQXQX25NDzcIQHDtS/gk1RBbakBNg==
  • Delivered-to: threadx-dev@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/threadx-dev/>
  • List-help: <mailto:threadx-dev-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/threadx-dev>, <mailto:threadx-dev-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/threadx-dev>, <mailto:threadx-dev-request@eclipse.org?subject=unsubscribe>
  • Msip_labels:
  • Thread-index: AQHc3UFW6OkFC83kh0euh5N5jwmGUw==
  • Thread-topic: New project proposal: Eclipse Canon-C — explicit semantic standard library for C99
Hi all,
I'm Fikret Güney Ersezer, and I'd like to introduce a new project proposal that has just been made public for community review: Eclipse Canon-C.
Proposal: https://projects.eclipse.org/proposals/eclipse-canon-c
Canon-C is a header-only semantic standard library for C99, designed around explicit ownership, predictable allocation, and formal verification. The goal is not to add new functionality to C, but to make program intent — ownership, lifetime, failure, and data flow — visible directly at call sites, so that safety-critical C code is easier to read, reason about, and verify.
The project is targeted at the IoT and embedded space, with particular attention to RTOS and bare-metal environments. 
What may interest this list specifically:
The substrate (core/primitives/ and some parts of core/) is formally verified using Frama-C WP with ACSL contracts. CI enforces named-residual invariants on every push to master — verification status is encoded as a contract, not a soft target. Current state: 5 headers verified, ~4800 proof obligations, ~99% discharged automatically, with all unproved goals documented in a deviations record with manual proof arguments. The aim is to provide a reusable substrate that reduces the verification burden for application code targeting DO-178C, ISO 26262, IEC 62304, and similar standards.
The proposal is now in community review (minimum 2 weeks per the EDP). Feedback, questions, and concerns from the ThreadX community would be very welcome — particularly from anyone with experience integrating verification-grade libraries into RTOS-based products, or anyone who sees gaps where Canon-C's conventions wouldn't fit their workflow.
Best regards,
Fikret Güney Ersezer

Back to the top