l4v
libavif
l4v | libavif | |
---|---|---|
15 | 45 | |
490 | 1,377 | |
0.8% | 2.6% | |
9.6 | 9.7 | |
1 day ago | 2 days ago | |
Isabelle | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
l4v
-
Rewrite the VP9 codec library in Rust
> C/C++ can be made memory safe
.. but it's much harder to prove your work is memory safe. sel4 is memory safe C, for example. The safety is achieved by a large external theorem prover and a synced copy written in Haskell. https://github.com/seL4/l4v
Typechecks are form of proof. It's easier to write provably safe Rust than provably safe C because the proofs and checker are integrated.
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
You can't really retrofit safety to C. The best that can be achieved is sel4, which while it is written in C has a separate proof of its correctness: https://github.com/seL4/l4v
The proof is much, much more work than the microkernel itself. A proof for something as large as webP might take decades.
- SeL4 Specification and Proofs
-
What in the name of all that's holy is going on with software ?
When something like the seL4 microkernel is formally verified, the remaining bugs should only be bugs in the specification, not the implementation.
-
Elimination of programmers
seL4 specifications and proofs are not a programming language.
-
Google Announces KataOS and Sparrow
Yes, especially 'logically impossible' when you dig into the details. From the blogpost:
> and the kernel modifications to seL4 that can reclaim the memory used by the rootserver.
MMMMMMMMMMMkkkkkk. So you then have to ask: were these changes also formally verified? There's a metric ton of kernel changes here: https://github.com/AmbiML/sparrow-kernel/commits/sparrow but I don't see a fork of https://github.com/seL4/l4v anywhere inside AmbiML.
I mean, it does also claim to be "almost entirely written in Rust", which is true if you ignore almost the entire OS part of the OS (the kernel and the minimal seL4 runtime).
-
A 24-year-old bug in the Linux Kernel (2021)
Probably the only way to prevent this type of issue in an automated fashion is to change your perspective from proving that a bug exists, to proving that it doesn't exist. That is, you define some properties that your program must satisfy to be considered correct. Then, when you make optimizations such as bulk receiver fast-path, you must prove (to the static analysis tool) that your optimizations to not break any of the required properties. You also need to properly specify the required properties in a way that they are actually useful for what people want the code to do.
All of this is incredibly difficult, and an open area of research. Probably the biggest example of this approach is the Sel4 microkernel. To put the difficulty in perspective, I checkout out some of the sel4 repositories did a quick line count.
The repository for the microkernel itself [0] has 276,541
The testsuite [1] has 26,397
The formal verification repo [2] has 1,583,410, over 5 times as much as the source code.
That is not to say that formal verification takes 5x the work. You also have to write your source-code in such a way that it is ammenable to being formally verified, which makes it more difficult to write, and limits what you can reasonably do.
Having said that, this approach can be done in a less severe way. For instance, type systems are essentially a simple form of formal verification. There are entire classes of bugs that are simply impossible in a properly typed programs; and more advanced type systems can eliminate a larger class of bugs. Although, to get the full benefit, you still need to go out of your way to encode some invariant into the type system. You also find that mainstream languages that try to go in this direction always contain some sort of escape hatch to let the programmer assert a portion of code is correct without needing to convince the verifier.
[0] https://github.com/seL4/seL4
[1] https://github.com/seL4/sel4test
[2] https://github.com/seL4/l4v
-
Formally Proven Binary Format Parsers
I mean, just look at the commits with "fix" in the specs folder: https://github.com/seL4/l4v/commits/master?after=4f0bbd4fcbc...
- Proofs and specifications
libavif
-
JPEG XL and Google's War Against It
> Have you seen this more recent data that includes AVIF? https://cloudinary.com/labs/cid22
The graph from Cloudinary uses libaom to do the encoding at speed preset 7 (s7), which is far from speed preset 0 and disables many AVIF coding tools. I do not know why this was chosen by the author, but it does not reflect AVIF performance. According to https://github.com/AOMediaCodec/libavif/issues/440#issuecomm... speed preset 8 loses 20-35% compression efficiency.
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
It's 2023, surely this is not yet another bug related to memory unsafety that could be avoided if we'd stop writing critical code that deals with extremely complex untrusted input (media codecs) in memory unsafe languages?
Yep, of course it is: https://github.com/webmproject/libwebp/commit/902bc919033134...
I guess libwebp could be excused as it was started when there were no alternatives, but even for new projects today we're still committing the same mistake[1][2][3].
[1] -- https://code.videolan.org/videolan/dav1d
[2] -- https://github.com/AOMediaCodec/libavif
[3] -- https://github.com/AOMediaCodec/libiamf
Yep. Keep writing these in C; surely nothing will go wrong.
- Libavif 1.0 Released
-
Is there any clear documentation on how to make avif collections and how to read them?
As far as I understand you are talking about this plugin. I don't know c++ and half of the code was like a black magic, but if I get it correctly, it encodes your images with libavif, and adds custom metadata ([solar/time of day] -> json -> base64).
-
FSF Slams Google over Dropping JPEG-XL in Chrome
So a few dozen comments, but so far it doesn't look like any mention the immediate thing that jumped out at me which was the claims vs AVIF:
>"In turn, what users will be given is yet another facet of the web that Google itself controls: the AVIF format."
Huh? I'll admit I haven't been following codecs as super ultra closely as I used to, but I thought AOM was a pretty broad coalition of varying interests and AV1 an open, royalty free codec that was plenty open source friendly? I've heard plenty of reasonable arguments that JPEG XL has some real technical advantages over AVIF and as well as superior performance is much more feature rich and scalable. So I could see people being bummed for that. But this is the first time I've heard the assertion that it's somehow a Google project? I mean, AOM's libavif reference is BSD too [0]? I'd love some more details on that from anyone who has been following this more closely. I can even understand if AOM isn't as community friendly and an accusation that it's dominated by big corps, but in that case why single out Google alone? From wiki:
>The governing members of the Alliance for Open Media are Amazon, Apple, ARM, Cisco, Facebook, Google, Huawei, Intel, Microsoft, Mozilla, Netflix, Nvidia, Samsung Electronics and Tencent.
Like, Google is certainly significant, but that's a lot of equally heavy hitters. And interesting that Mozilla is there too.
----
0: https://github.com/AOMediaCodec/libavif
-
JPEG XL support has officially been removed from Chromium
> You have a good point that AVIF layered image items can act like such P/B-frames. Do libavif (or other AVIF implementations if any) make use of them?
Seemingly. As search for "libavif progressive encoding" shows several issues about this, and a search for "progressive" in https://github.com/AOMediaCodec/libavif/blob/main/include/av... shows an enum for avifProgressiveState, appears to show support for it.
-
Wavif discussion
I mean, it already has it: https://github.com/AOMediaCodec/libavif/commit/570c42c2c10a878c8cc896f1c5daf1a955274142
-
Animated AVIF and JXL tools for Windows
Apart from mpv and ffplay, the only software I currently have installed that can play animated AVIF is Chromium. And from what I've read from this libavif bug report, I'm not sure if looping animated files in general is something that's just done by default by a lot of software regardless of whether the file is marked as a loop or not.
-
How to create progressive AVIF images?
The support for progressive AVIF decoding has landed in libavif and in Chromium. But are there any docs on how to create and test progressive AVIF images?
-
The Case for JPEG XL
The "for example" is the key here, because AVIF does support multi-layer coding per the spec now (though not currently implemented in libavif from what I can tell).
What are some alternatives?
seL4 - The seL4 microkernel
rav1e - The fastest and safest AV1 encoder.
hubris - A lightweight, memory-protected, message-passing kernel for deeply embedded systems.
cavif-rs - AVIF image creator in pure Rust
agda-stdlib - The Agda standard library
av1-avif - AV1 Image File Format Specification - ISO-BMFF/HEIF derivative
creusot - Creusot helps you prove your code is correct in an automated fashion. [Moved to: https://github.com/creusot-rs/creusot]
libjxl - JPEG XL image format reference implementation
cryptography - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
WebKit - Home of the WebKit project, the browser engine used by Safari, Mail, App Store and many other applications on macOS, iOS and Linux.
codeball-action - 🔮 Codeball – AI Code Review that finds bugs and fast-tracks your code
benchmarks - Test images and results of compression benchmarks.