rusty_v8
cpp_weekly
rusty_v8 | cpp_weekly | |
---|---|---|
9 | 1 | |
3,018 | 633 | |
0.9% | - | |
9.0 | 3.5 | |
2 days ago | 3 days ago | |
Rust | C++ | |
MIT License | The Unlicense |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rusty_v8
-
Ask HN: What Are You Building?
I'm building Lagon, an open-source [1] runtime and platform that allows developers to run TypeScript and JavaScript serverless functions at the Edge, close to users. The runtime uses V8 Isolates and is written from scratch using Rust and rusty_v8 [2], Deno's Rust bindings for V8.
[1] https://github.com/lagonapp/lagon
[2] https://github.com/denoland/rusty_v8
-
WasmEdge
Not to denigrate your work, it's good what you're working on... but I can create JS APIs in Rust with native V8 bindings, too: https://github.com/denoland/rusty_v8/blob/main/examples/proc...
-
based on recent struggles
For more futuristic stuff, check out Typescript native Deno and rustbased v8
-
Dune: A new JavaScript and TypeScript runtime
No, that will be rusty_v8
-
Create Your Own JavaScript Runtime
V8 Rust Bindings Examples — Rusty V8 GitHub
-
Deno 1.25
Can Deno be embedded in a larger Rust application? I know I can embed v8 directly https://github.com/denoland/rusty_v8 but I wish I could use other parts of Deno.
In particular, I wish I could write a Tokio async program in Rust, and load plugins using deno, and have this work seamlessly
- We really need an ARM build.
- Deno is on MDN
-
Deno v1.10 Released
> git clone https://github.com/denoland/rusty_v8.git denoland/rusty_v8
cpp_weekly
-
WasmEdge
This response is a mess, I apologize.
One can do lots of things. Yes all of those things are still issues, but in enumerating all the things as you have, you make a compelling argument not to use C++. If one picks something else like SML, Go or even Rust, it allows them to focus on those common areas of correctness and not also, all that other stuff.
I don't think you are apologizing for C++, but I hear this a lot, whatabout all the other parts that are fixed by a more sound system? My response is that we only have so many decisions we can make in the day, using a system that removes whole classes of problems allows me to focus on the non-accidental (forced) complexity.
> Rust as Wasmtime is, that alone wouldn't actually give me much more confidence that it's safe
I never made that argument. But let's say I did. Given two systems, one made in Rust and one made in C++. How do I audit the C++ code to ensure that it has the same level of safety as basically _anything_ else?
WasmEdge is using code coverage, good! https://app.codecov.io/gh/WasmEdge/WasmEdge
Only 80% coverage, not great.
I see mention of fuzzing being used, but I only get 69 hits in the codebase for "fuzz" and no documentation about how it actually works.
Wasmtime includes documentation on how to use their fuzzer, https://github.com/bytecodealliance/wasmtime/tree/main/fuzz
In my cursory look at the WasmEdge codebase I see
No application UBSan [1]
No application of control flow guard [2], either in the build or in the generated LLVM output.
Infact the only sanitization flags they are passing are -fsanitize=fuzzer,address
0 mentions of 'control flow' in the WasmEdge codebase, 65 mentions in Wasmtime. Although it doesn't appear that Wasmtime is itself being compiled with cfguard.
309 mention of spectre mitigations in Wasmtime, 1 link to a cloudflare blogpost in WasmEdge.
In my cursor look at Wasmtime, I see
Much better fuzzing support, 85 uses of unsafe in cranelift itself, 1400+ uses of unsafe in crates/*
The changelog and git messages for WasmEdge talk about type errors (those type errors look impossible in Rust), bus errors, out of bounds, etc.
It does not inspire confidence. C++ is already starting from behind. This software is targeted to be run on bare metal, embedded and widely distributed. It just doesn't have the level of detail around testing and correctness that I would expect for such a critical piece of infrastructure.
I am not saying that Wasmtime does not also have issues, that would be preposterous. But on the face of it, WasmEdge has a lot of work to do to catch up to where Wasmtime already is.
Wasmtime appears to care about the security properties of their dependencies with https://mozilla.github.io/cargo-vet/
It does not look like the WasmEdge project applies this basic list of practices as outlined by Jason Turner [n]
[1] https://clang.llvm.org/docs/UndefinedBehaviorSanitizer.html
[2] https://www.zdnet.com/article/microsofts-control-flow-guard-... https://clang.llvm.org/docs/ControlFlowIntegrity.html
[n] https://www.youtube.com/watch?v=q7Gv4J3FyYE https://github.com/lefticus/cpp_weekly/issues/175
What are some alternatives?
v8-runtime-tutorial - Source code for the tutorial series
wasm32-wasi-benchmark
ninja_gn_binaries
spin - Spin is the open source developer tool for building and running serverless applications powered by WebAssembly.
deno - A modern runtime for JavaScript and TypeScript.
zx - A tool for writing better scripts
astrodon - Make Desktop apps with Deno 🦕
authcompanion - [Deprecated] navigate instead to version 2 of AuthCompanion
comlink - Comlink makes WebWorkers enjoyable.
ava - Node.js test runner that lets you develop with confidence 🚀
semver - Semantic Versioning Specification