-
✓ RSR template with full CI/CD (17 workflows)
-
✓ CLI with subcommands (init, validate, generate, build, run, info)
-
✓ Manifest parser (
lustreiser.toml) -
✓ Codegen stubs
-
✓ Idris2 ABI module stubs
-
✓ Zig FFI bridge stubs
-
✓ README with Lustre-specific architecture
-
❏ Parse manifest to extract dataflow topology
-
❏ Build directed acyclic graph (DAG) of node dependencies
-
❏ Identify input/output streams and their types
-
❏ Detect feedback loops requiring
pre/fbyoperators -
❏ Validate that the dataflow graph is acyclic (modulo
pre) -
❏ Extract timing requirements from manifest declarations
-
❏ Map user-declared I/O to Lustre node ports
-
❏ Generate
.lusfiles from the analysed dataflow graph -
❏ Emit correct
nodedeclarations with typed input/output streams -
❏ Insert
preandfbytemporal operators for stateful streams -
❏ Generate
→(followed-by) for stream initialisation -
❏ Produce combinational nodes (no state) for pure transformations
-
❏ Support nested node instantiation (hierarchical composition)
-
❏ Generate assertion nodes for runtime monitoring (
assert)
-
❏ Assign base clock to top-level nodes
-
❏ Implement
whenoperator for clock downsampling -
❏ Implement
mergeoperator for clock recombination -
❏ Type-check clock expressions (every stream has exactly one clock)
-
❏ Support multi-rate systems (sensors at different frequencies)
-
❏ Generate clock annotations in Lustre output
-
❏ Verify clock consistency across node boundaries
-
❏ Integrate worst-case execution time (WCET) analysis
-
❏ Model generated C code paths for timing bounds
-
❏ Prove in Idris2 that WCET fits within declared clock period
-
❏ Detect unbounded constructs (recursion, dynamic allocation) and reject them
-
❏ Generate timing certificates for each node
-
❏ Support multiple clock domains with independent WCET budgets
-
❏ Produce machine-readable timing reports (for DO-178C evidence)
-
❏ Define
LustreNodetype with timing metadata -
❏ Define
Clocktype with period and phase -
❏ Define
DataflowStreamwith element type and clock -
❏ Define
TemporalOperator(Pre, Fby, When, Merge) with clock proofs -
❏ Define
WCETbounded-time type with formal deadline proofs -
❏ Prove that node composition preserves timing bounds
-
❏ Prove that clock calculus transformations are sound
-
❏ Prove stream buffer layouts fit in static memory
-
❏ Generate C headers from verified ABI definitions
-
❏ SCADE interop — import/export
.lusfiles compatible with SCADE Suite -
❏ Kind2 model checker integration for property verification
-
❏ Lv6 compiler backend for reference compilation
-
❏ PanLL panel for interactive dataflow visualisation
-
❏ BoJ-server cartridge for Lustre generation as a service
-
❏ VeriSimDB backing store for timing analysis results
-
❏ Integration tests with real embedded targets (ARM Cortex-M, RISC-V)
-
❏ Examples: flight controller, PID loop, watchdog timer, sensor fusion
-
❏ Publish to crates.io