Eclipse Canon-C is a header-only semantic standard library for C99 targeting safety-critical embedded systems. It provides explicit ownership annotations, Result and Option types, arena allocation, fixed-capacity collections with caller-owned buffers, traceable contracts, and a coherent error-handling model — all designed for formal verification with Frama-C and certification under DO-178C, ISO 26262, IEC 62304, IEC 61508, EN 50128, and ECSS-E-ST-40C.
The library follows a strict dependency hierarchy: core/primitives → core → semantics → data → algo → util. Each layer is complete and independently usable. The core layers are freestanding-safe, with no RTOS, OS, or libc dependencies, allowing Eclipse Canon-C to run on bare metal, on Eclipse ThreadX, or alongside any other RTOS including FreeRTOS and Zephyr.
Eclipse Canon-C's continuous integration pipeline produces certification evidence as a normal part of every commit: 51 test binaries across GCC, Clang, and MSVC on three platforms; AddressSanitizer and UndefinedBehaviorSanitizer in every Debug build; Valgrind memory analysis; libFuzzer fuzzing; clang-tidy and Cppcheck static analysis; MISRA C:2012 advisory checks; and true Modified Condition/Decision Coverage measurement using GCC 14's -fcondition-coverage flag. The verification infrastructure is in place; ACSL annotations and Frama-C proofs are the next planned milestone.
The content of this open source project is received and distributed under the license(s) listed above. Some source code and binaries may be distributed under different terms. Specific license information is provided in file headers and in NOTICE files distributed with the project's binaries.
Member companies supporting this project over the last three months.