🤝 Call for Collaborators
IGL is an Embedded‑Safe toolchain for running updateable/untrusted modules on MCUs (Cortex‑M / RISC‑V). It compiles a restricted C++ subset into a validated module with a security profile (no heap, bounded execution/fuel, opcode allowlist, MMIO sandbox), then lowers hardware access into MMIO‑tagged operations for auditing and policy enforcement.
📱 Demo / Preview (Public Access)
API and web plugin demonstrate our compilation pipeline (Parsing → Security → IR → Sandbox).
Supports a limited C++ subset focused on embedded‑safe profile:
- No heap (static memory allocation only)
- Bounded execution (loop and recursion limits)
- Allowlists of permitted operations
- MMIO sandbox (isolated register access)
🎯 Currently Supported
📋 Request Integration Pilot
⚡ Integration / Production (Requirements-Driven Pilot Integration)
For integration into real projects (Zephyr/FreeRTOS/bare‑metal, specific MCU/HAL/policies) we work based on requirements:
- Define security profile and threat model
- Specify hostcalls/MMIO regions list
- Build test corpus from your codebase
- Add required language constructs/SDK‑stubs
- Run pilot tests and provide reports (security + MMIO trace)
Looking for proposals: If you have a use‑case (OTA logic updates, secure plugins, user scripts for controllers), send requirements and a minimal code example — let's discuss a pilot.
🤝 We're Looking for Collaborators
1️⃣ Embedded Driver Developers
Help validate and expand the MMIO lowering:
SPI/I2C/UARTADC/DAC/Timers
- Provide short real-world driver snippets (10–200 LOC)
- Review register sequences
- Suggest "unsafe patterns" to flag
2️⃣ Security / Safety Engineers
Help harden the validation and policy model:
Threat ModelingAudit Rules
- Threat model review
- Audit rule set development
- Strict profile defaults
3️⃣ RTOS Integration Contributors
Help turn IGL into a drop-in runtime component:
ZephyrFreeRTOS
- Module runner integration
- Hostcall ABI mapping
- MPU/userspace isolation
4️⃣ Compiler/PL Developers
Help tighten invariants and reduce edge-case bugs:
Parser/TypingIR/Validation
- Parser/typing corner cases
- IR invariants and lowering
- Fuzzing strategy
🎁 What You'll Get
- Credit in CONTRIBUTORS / release notes
- Direct path to influence embedded security profiles and HAL policies
- Real-world case studies (OTA plugins, safe user logic, sandboxed hardware access)
📋 What We Need From You
- A minimal repro and logs
- Your target MCU/RTOS constraints (Flash/RAM/MPU availability)
- Your "must-not" list (what the module should never be allowed to do)
📝 Contribution Templates
Bug Report Template
Title: [Parser/Semantics/NAST/Security/IR] <short summary> Code snippet (minimal): // paste minimal code here Expected: What should happen? Actual: What happens now? Include exact error text. Logs: Paste relevant stage logs (Parsing → Semantics → NAST → Security → IR). If possible: include "MMIO usage summary". Environment: MCU/arch: (Cortex‑M4 / RV32IM / etc.) RTOS: (bare metal / Zephyr / FreeRTOS) Profile: (embedded-safe / strict / custom) Commit/hash/version:
"Real Code Snippet" Contribution Template
Peripheral / domain: (SPI / I2C / UART / ADC / Timer / GPIO) Target: (STM32F1, STM32F4, ESP32-C3, etc.) Constraints: (no heap, max stack, hard realtime, ISR rules) Snippet: (10–200 LOC) Datasheet reference: (optional) What you want the tool to catch: (e.g., missing timeout, forbidden register writes)
⚖️ Collaboration Policy
- Technical critique is welcome; personal attacks are ignored
- If you claim something is broken/unsafe, please provide a minimal repro or a clear rule proposal
- We prioritize fixes backed by tests or real embedded examples