cargo-geiger
mold
| cargo-geiger | mold | |
|---|---|---|
| 30 | 179 | |
| 1,311 | 13,302 | |
| 1.1% | - | |
| 5.2 | 9.7 | |
| 13 days ago | 6 days ago | |
| Rust | C++ | |
| GNU General Public License v3.0 or later | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cargo-geiger
-
Was Rust Worth It?
Instead of looking at the crates themselves, you might want to check your (or others') Rust application with https://github.com/rust-secure-code/cargo-geiger to get a sense of effective prevalence. I also dispute that the presence of unsafe somewhere in the dependency tree is an issue in itself, but that's a different discussion that many more had in other sub-threads.
-
Found a language in development called Vale which claims to be the safest AOT compiled language in the World (Claims to beSafer than Rust)
There's still plenty. Run cargo geiger on any of your projects and see for yourself.
-
Question Omnibus: Dependency Fingerprinting, Unsafe Rust, and Memory Safety
On point 2, the answer is cargo geiger, and judging how much memory safety you need for a given project.
- pliron: An extensible compiler IR framework, inspired by MLIR and written in safe Rust.
-
[Discussion] What crates would you like to see?
You can use cargo-geiger or cargo-crev to check for whether people you trusted (e.g. u/jonhoo ) trust this crate.
-
How do you choose what crate you will use?
The amount of unsafe code is also a factor. cargo geiger is a handy tool for measuring it.
-
Seems legit
We have cargo-geiger that does just that.
-
Rosenpass – formally verified post-quantum WireGuard
For that, I believe you need to use cargo-geiger[0] and audit the results.
[0] - https://github.com/rust-secure-code/cargo-geiger
-
Hey Rustaceans! Got a question? Ask here (6/2023)!
cargo-geiger is a subcommand you can install which will check all the crates in your dependency graph for unsafe blocks and print out a report (which also shows if a crate has #![forbid(unsafe_code)] or not). You can then inspect those crates' sources to judge their use of unsafe for yourself. I don't think it has a "check" mode that simply errors if your dependency graph contains unsafe though, it's more about just collecting that information.
-
[CCS Proposal] Preliminary research on rewriting Monero node in Rust
wrt to memory safety, keep in mind that many rust crates use "unsafe" internally. There are tools available that can find these such as cargo-geiger. So I would suggest to avoid unsafe deps as much as possible. Since they cannot be avoided entirely, it is a good idea to keep a list of unsafe deps.
mold
-
I reduced (incremental) Rust compile times by up to 40%
I think this is unlikely to gain traction. I say that no to discourage you, just to explain.
- The community has an instinctive distrust of closed source or a compiler from an untrusted source. If you’re familiar with the Trusting Trust attack you’ll understand why.
- Dev tools in every language ecosystem are almost always free, unless they involve some kind of hosting. People aren’t used to opening their wallets. Look the experience of the guy who built the mold linker(https://github.com/rui314/mold). Far superior to the state of art, improves incremental compiles a lot, widely applicable across ecosystems (C, C++, Rust), CPU architectures and Operating Systems. You don’t even have to modify your compiler, just need to point to his linker. He’s even giving it away for free for personal use. But still, almost no one uses it. The inertia of the established options is really high.
- It’s not complex enough. Think about the complexity involved in the cranelift backend. No one can seriously recreate the efforts of bjorn3. If we could have, we would have. But the idea idea here can be recreated, especially by the experts who already built incremental compilation into rustc.
- But if your solution is truly complex, like the parallel frontend, the burden of maintaining a fork would be too high. You’d have to spend all your time rebasing.
Again I’m not trying to discourage you, just stating the difficulties of making a business in the dev tools space. You would be better off contributing this excellent work to the community and trying a different tack.
-
Mold Course
I initially thought this would be about the mold linker (https://github.com/rui314/mold)
-
Monetizing Developer Tools
I assume this submission is trying to highlight the specific message (2023-01-24) : https://github.com/rui314/mold/issues/190#issuecomment-14028...
Fyi... the author wrote a more expansive blog post about selling dev tools a few months later (2023-06-06) and there was a related HN thread about it: https://news.ycombinator.com/item?id=36225016
-
mold 2.1.0 - rui314/mold
Loongson's LoongArch CPU has been supported. (03b1a1c)
-
Mold 2.0.0
I'm amazed at how quickly the author responds to requests: https://github.com/rui314/mold/issues/1057
From the report to the fix in less than two days.
I'm not sure how competitive it will be with lld, especially if we consider ThinLTO (which takes multiple minutes on 64-core machine) - it can make the advantages of mold insignificant.
- Mold 2.0 released - MIT license
-
Linking many files significantly increases build time. Is there an editor that allows you to write a single file but present the file to the screen as multiple 'virtual' files for better organization?
What other solutions have you tried for the problem of slow linking? You haven't even said which linker and what flags you're using. I haven't actually tried it, but the author of gold has an even faster linker called mold: https://github.com/rui314/mold
- Design and Implementation of the Mold Linker
-
Apple's new library format combines the best of dynamic and static
> Mold did it first, though: https://github.com/rui314/mold
Before LLD?
What are some alternatives?
bacon - background rust code check
zld - A faster version of Apple's linker
ziglings - Learn the Zig programming language by fixing tiny broken programs.
wasmtime - A fast and secure runtime for WebAssembly
nomicon - The Dark Arts of Advanced and Unsafe Rust Programming
osxcross - Mac OS X cross toolchain for Linux, FreeBSD, OpenBSD and Android (Termux)
miri - An interpreter for Rust's mid-level intermediate representation
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
orz - a high performance, general purpose data compressor written in the crab-lang
chibicc - A small C compiler
dlfile - For dl the file
sccache - Sccache is a ccache-like tool. It is used as a compiler wrapper and avoids compilation when possible. Sccache has the capability to utilize caching in remote storage environments, including various cloud storage options, or alternatively, in local storage.