Re: [threadx-dev] New project proposal: Eclipse Canon-C — explicit sema

[Wayne Beaton <wayne.beaton@xxxxxxxxxxxxxxxxxxxxxx>]

Hey Benjamin. It's nice to hear from you.

All Eclipse open source projects start in the incubation phase. We've evolved our use of the incubation phase a bit over the years. IMHO, having this project as an Eclipse project in the incubation phase should provide the project team with community development opportunities that they would not get as a "standalone GitHub project", and set them up nicely to gather a community. I recently wrote about Incubation in the Eclipse Foundation Development Process.

I'll admit I haven't scrutinised the project content enough to make the same observations you have.

Regardless, an "awful lot of LLM content" is not a show-stopper and may, in fact, provide us with an opportunity to provide guidance (and evolve that guidance based our experience with this project) regarding tracking and disclosure of the use of generative AI technology. We have expanded our documented guidance regarding the use of generative AI technology and are working with the Eclipse Technical Advisory Council and IP Advisory Committee to provide additional resources and support.

In short, I'm looking forward to bringing this project on board.

Wayne

Hi,

This looks like an awful lot of LLM content which sure is a lot more than "scaffolding", with thousands of commits a bit all over the place in just a few weeks. I would be a bit concerned about accepting this as a new project and it probably could incubate a bit more as a standalone GitHub project and gather a small community there first. Also recommend spreading the word on Reddit and other embedded communities.

Cheers,

Benjamin.

Le mer. 6 mai 2026, 12:25, Fikret Güney Ersezer via threadx-dev <threadx-dev@xxxxxxxxxxx> a écrit :

Hi all,

I'm Fikret Güney Ersezer, and I'd like to introduce a new project proposal that has just been made public for community review: Eclipse Canon-C.

Proposal: https://projects.eclipse.org/proposals/eclipse-canon-c

Canon-C is a header-only semantic standard library for C99, designed around explicit ownership, predictable allocation, and formal verification. The goal is not to add new functionality to C, but to make program intent — ownership, lifetime, failure, and data flow — visible directly at call sites, so that safety-critical C code is easier to read, reason about, and verify.

The project is targeted at the IoT and embedded space, with particular attention to RTOS and bare-metal environments. 

What may interest this list specifically:

The substrate (core/primitives/ and some parts of core/) is formally verified using Frama-C WP with ACSL contracts. CI enforces named-residual invariants on every push to master — verification status is encoded as a contract, not a soft target. Current state: 5 headers verified, ~4800 proof obligations, ~99% discharged automatically, with all unproved goals documented in a deviations record with manual proof arguments. The aim is to provide a reusable substrate that reduces the verification burden for application code targeting DO-178C, ISO 26262, IEC 62304, and similar standards.

The proposal is now in community review (minimum 2 weeks per the EDP). Feedback, questions, and concerns from the ThreadX community would be very welcome — particularly from anyone with experience integrating verification-grade libraries into RTOS-based products, or anyone who sees gaps where Canon-C's conventions wouldn't fit their workflow.

Best regards,

Fikret Güney Ersezer

_______________________________________________
threadx-dev mailing list
threadx-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

--

Wayne Beaton (he/him)

Head of Open Source Projects | Eclipse Foundation