fossa-cli
llvm-project
fossa-cli | llvm-project | |
---|---|---|
3 | 354 | |
1,221 | 25,962 | |
0.7% | 3.5% | |
9.1 | 10.0 | |
10 days ago | 6 days ago | |
Haskell | C++ | |
Mozilla Public License 2.0 | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
fossa-cli
-
Launch HN: Infield (YC W20) – Safer, faster dependency upgrades
> where we provide lockfiles that are individually valid
Providing lockfiles is a really interesting idea! That certainly solves the "we need your non-deterministic build tool to reproduce an exact build that we found" problem.
We haven't explored this route yet because a lot of our customers use tools that don't support lockfiles (e.g. Maven - Java in general has a lot of legacy stuff).
If you want to build off of our work, our dependency analysis bit is open source: https://github.com/fossas/fossa-cli
-
Ask HN: Who is hiring? (May 2022)
FOSSA | Software Engineers (Mid, Sr., Staff), PMs (Mid, Sr.) | USA, Canada, Remote (able to work ~US time zone hours)| Full-Time
FOSSA builds developer tools to help engineering teams manage their open source. We help enterprise customers discover legal (licensing and copyright) and security (vulnerabilities) risks in their dependencies, provide tooling for them to catch these issues in CI, and automate the tedium around policy enforcement and report generation. As companies adopt more open source, their engineering teams get bogged down by more distractions around compliance and security. We help automate away those distractions.
We build an open-source CLI tool (https://github.com/fossas/fossa-cli) that integrates with compilers and build systems to extract dependency and build information; a backend distributed system for analyzing dependency metadata; and a web application with a policy, reporting, and enforcement engine.
Tech we use includes:
-
M1Pro Woes
The project I'm trying to build is open source (https://github.com/fossas/fossa-cli). When I got this new system set up, I ran the instructions on our HACKING.md page and immediately tried to build. This failed because I didn't have `llvm` installed, so I `brew install llvm`'d, symlinked into `$PATH`, and tried again. This failed due to: ``` install_name_tool: error: unsupported load command (cmd=0x80000034) `install_name_tool' failed in phase `Install Name Tool'. (Exit code: 1)
llvm-project
-
Qt and C++ Trivial Relocation (Part 1)
As far as I know, libstdc++'s representation has two advantages:
First, it simplifies the implementation of `s.data()`, because you hold a pointer that invariably points to the first character of the data. The pointer-less version needs to do a branch there. Compare libstdc++ [1] to libc++ [2].
[1]: https://github.com/gcc-mirror/gcc/blob/065dddc/libstdc++-v3/...
[2]: https://github.com/llvm/llvm-project/blob/1a96179/libcxx/inc...
Basically libstdc++ is paying an extra 8 bytes of storage, and losing trivial relocatability, in exchange for one fewer branch every time you access the string's characters. I imagine that the performance impact of that extra branch is tiny, and massively confounded in practice by unrelated factors that are clearly on libc++'s side (e.g. libc++'s SSO buffer is 7 bytes bigger, despite libc++'s string object itself being smaller). But it's there.
The second advantage is that libstdc++ already did it that way, and to change it would be an ABI break; so now they're stuck with it. I mean, obviously that's not an "advantage" in the intuitive sense; but it's functionally equivalent to an advantage, in that it's a very strong technical answer to the question "Why doesn't libstdc++ just switch to doing it libc++'s way?"
-
Playing with DragonRuby Game Toolkit (DRGTK)
This Ruby implementation is based on mruby and LLVM and it’s commercial software but cheap.
- Add support for Qualcomm Oryon processor
-
Ask HN: Which books/resources to understand modern Assembler?
'Computer Architeture: A Quantitative Apporach" and/or more specific design types (mips, arm, etc) can be found under the Morgan Kaufmann Series in Computer Architeture and Design.
"Getting Started with LLVM Core Libraries: Get to Grips With Llvm Essentials and Use the Core Libraries to Build Advanced Tools "
"The Architecture of Open Source Applications (Volume 1) : LLVM" https://aosabook.org/en/v1/llvm.html
"Tourist Guide to LLVM source code" : https://blog.regehr.org/archives/1453
llvm home page : https://llvm.org/
llvm tutorial : https://llvm.org/docs/tutorial/
llvm reference : https://llvm.org/docs/LangRef.html
learn by examples : C source code to 'llvm' bitcode : https://stackoverflow.com/questions/9148890/how-to-make-clan...
-
Flang-new: How to force arrays to be allocated on the heap?
See
https://github.com/llvm/llvm-project/issues/88344
https://fortran-lang.discourse.group/t/flang-new-how-to-forc...
- The LLVM Compiler Infrastructure
-
Programming from Top to Bottom - Parsing
You can never mistake type_declaration with an identifier, otherwise the program will not work. Aside from that constraint, you are free to name them whatever you like, there is no one standard, and each parser has it own naming conventions, unless you are planning to use something like LLVM. If you are interested, you can see examples of naming in different language parsers in the AST Explorer.
-
Look ma, I wrote a new JIT compiler for PostgreSQL
> There is one way to make the LLVM JIT compiler more usable, but I fear it’s going to take years to be implemented: being able to cache and reuse compiled queries.
Actually, it's implemented in LLVM for years :) https://github.com/llvm/llvm-project/commit/a98546ebcd2a692e...
-
C++ Safety, in Context
> It's true, this was a CVE in Rust and not a CVE in C++, but only because C++ doesn't regard the issue as a problem at all. The problem definitely exists in C++, but it's not acknowledged as a problem, let alone fixed.
Can you find a link that substantiates your claim? You're throwing out some heavy accusations here that don't seem to match reality at all.
Case in point, this was fixed in both major C++ libraries:
https://github.com/gcc-mirror/gcc/commit/ebf6175464768983a2d...
https://github.com/llvm/llvm-project/commit/4f67a909902d8ab9...
So what C++ community refused to regard this as an issue and refused to fix it? Where is your supporting evidence for your claims?
-
Clang accepts MSVC arguments and targets Windows if its binary is named clang-cl
For everyone else looking for the magic in this almost 7k lines monster, look at line 6610 [1].
[1] https://github.com/llvm/llvm-project/blob/8ec28af8eaff5acd0d...
What are some alternatives?
logseq - A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base. Use it to organize your todo list, to write your journals, or to record your unique life.
zig - General-purpose programming language and toolchain for maintaining robust, optimal, and reusable software.
memfault-firmware-sdk - Memfault SDK for embedded systems. Memfault SDK for AOSP-based Android devices. Observability, logging, crash reporting, and OTA all in one service. More information at https://docs.memfault.com.
Lark - Lark is a parsing toolkit for Python, built with a focus on ergonomics, performance and modularity.
firefly - Hyperledger FireFly is the first open source Supernode: a complete stack for enterprises to build and scale secure Web3 applications. The FireFly API for digital assets, data flows, and blockchain transactions makes it radically faster to build production-ready apps on popular chains and protocols.
gcc
bonito - A PyTorch Basecaller for Oxford Nanopore Reads
SDL - Simple Directmedia Layer
binaryen - DEPRECATED in favor of ghc wasm backend, see https://www.tweag.io/blog/2022-11-22-wasm-backend-merged-in-ghc
cosmopolitan - build-once run-anywhere c library
action-doctl - GitHub Actions for DigitalOcean - doctl
windmill - Open-source developer platform to turn scripts into workflows and UIs. Fastest workflow engine (5x vs Airflow). Open-source alternative to Airplane and Retool.