ring VS QEMU

Again, this is just a temporary situation, and a matter of burning down a list of small tasks. Not that the OpenSSL license issue is a big deal for most anyway. Feel free to help; see this issue filed by Josh Triplett: https://github.com/briansmith/ring/issues/1318#issuecomment-...

Note also that rustls depends on ring, which has architecture-dependent code in it that is not as widely compatible as eg. OpenSSL/GnuTLS/Mbed-TLS. For example, MIPS is not supported by ring.

The AWS Rust library we were using as a dependency depended on a cryptography library called ring. This library leverages C and assembly code to implement its cryptographic primitives. Unfortunately, cross compiling when C is involved can add complexity to the build process. While it might've been possible to overcome these issues I decided that it wasn't worth digging into more.

That'd be great. Thanks Brian. Re: making ring portable to all platforms: IBM have been graciously maintaining a up to date patchset for Ring for years now and there's an outstanding PR here you may not have seen since they filed it in 2020... https://github.com/briansmith/ring/pull/1057

Beyond the simple matter of Rust being much newer than OpenSSL, one concern for some cryptographic primitives is the timing side-channel.

https://en.wikipedia.org/wiki/Timing_attack

In high level languages like Rust, the compiler does not prioritise trying to emit machine code which executes in constant time for all inputs. OpenSSL has implementations for some primitives which are known to be constant time, which can be important.

One option if you're working with Rust anyway would be use something like Ring:

https://github.com/briansmith/ring

Ring's primitives are just taken from BoringSSL which is Google's fork of OpenSSL, they're a mix of C and assembly language, it's possible (though fraught) to write some constant time algorithms in C if you know which compiler will be used, and of course it's possible (if you read the performance manuals carefully) to write constant time assembly in many cases.

In the C / assembly language code of course you do not have any safety benefits.

It can certainly make sense to do this very tricky primitive stuff in dangerous C or assembly, but then write all the higher level stuff in Rust, and that's the sort of thing Ring is intended for. BoringSSL for example includes code to do X.509 parsing and signature validation in C, but those things aren't sensitive, a timing attack on my X.509 parsing tells you nothing of value, and it's complicated to do correctly so Rust could make sense.

machine learning, neural networks, image processing, cryptography (though it is getting better), font shaping/rendering (though it is getting better), CPU/software rendering (though it is getting better)

My most-wanted QEMU feature: https://github.com/qemu/qemu/commit/a2260983c6553

Using `gic-version=3` on macOS you can now use more than 8 cores on ARM chips.

A better solution is just to write a plain ass shell script that tests if various C snippets compile.

https://github.com/oilshell/oil/blob/master/configure

https://github.com/oilshell/oil/blob/master/build/detect-pwe...

Not an unholy mix of m4, shell, and C, all in the same file.

---

These are the same style as a the configure scripts that Fabrice Bellard wrote for tcc and QEMU.

They are plain ass shell scripts, because he actually understands the code he writes.

https://github.com/qemu/qemu/blob/master/configure

https://github.com/TinyCC/tinycc/blob/mob/configure

OCaml’s configure script is also “normal”.

You don’t have to copy and paste thousands of lines of GNU stuff that you don’t understand.

(copy of lobste.rs comment)

Related:

A fast Pascal (Delphi) WebAssembly interpreter:

https://github.com/marat1961/wasm

WASM-4:

https://github.com/aduros/wasm4

Curated list of awesome things regarding WebAssembly (wasm) ecosystem:

https://github.com/mbasso/awesome-wasm

Also, it would be nice if there was a WASM (soft) CPU for QEMU, which (if it existed!) would go here:

https://github.com/qemu/qemu/tree/master/target

> architectural registers are always updated

In tiny code, the guest registers (global TCG variables) are stored in the host's registers until you either call an helper which can access the CPU state or you return (`git grep la_global_sync`). This is the reason why QEMU is not so terribly slow.

But after a check, this also happens when you access the guest memory address space! https://github.com/qemu/qemu/blob/master/include/tcg/tcg-opc... (TCG_OPF_SIDE_EFFECTS is what matters)

But still, in the end, it's the same problem. What QEMU does, can be done in LLVM too. You could probably be more efficient in LLVM by using the exception handling mechanism (invoke and friends) to only serialize back to memory when there's an actual exception, at the cost of higher register pressure. More or less what we do here: https://rev.ng/downloads/bar-2019-paper.pdf

Um, in case you don't know, UTM (based on QEMU) is out for quite a while.

Some of these tools include Oracle VM VirtualBox (that I've used since before the acquisition of Sun Microsystems by Oracle), VMWare Workstation Player, and QEMU, but last year, I found out about Multipass.

For C/C++ projects that use meson as the build system, there is an excellent way to manage dependencies:

https://mesonbuild.com/Wrapdb-projects.html

https://mesonbuild.com/Wrap-dependency-system-manual.html

meson will download and build the libraries automatically and give you a variable which you pass as a regular dependency into the built target:

https://github.com/qemu/qemu/tree/005ad32358f12fe9313a4a0191...

https://github.com/harfbuzz/harfbuzz/tree/main/subprojects

https://github.com/harfbuzz/harfbuzz/blob/37457412b3212463c5...

Or, if you're using proper operating systems, they're managed by the usual package manager, just like everything else.

For all the users of the Linux platform, QEMU is the VM that you should go for. This software comes without any price tag and works as an emulator of various machines with utmost ease and completion; the software uses dynamic translations to emulate hardware peripherals and enhances its overall performance. If you are using QEMU as a virtualizer, then it will function exactly like the host system (provided you have the right set of hardware).

In this tutorial, we set up macOS and Windows virtual machines on UTM, a macOS application that provides a GUI wrapper for QEMU, a powerful open-source emulator and virtualizer. UTM allows you to easily manage and run virtual machines without memorizing complex commands. It also has special handling for macOS, making it simpler to install compared to other virtual machine software.