trophy-case
gccrs
trophy-case | gccrs | |
---|---|---|
14 | 102 | |
394 | 2,264 | |
1.0% | 0.8% | |
2.8 | 10.0 | |
25 days ago | 8 days ago | |
Creative Commons Zero v1.0 Universal | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
trophy-case
-
Rust from a security perspective, where is it vulnerable?
You could check cargo-fuzz trophy case, which is a list of issues that have been found via fuzzing.
-
capnproto-rust: out-of-bound memory access bug
I've added it to the trophy case.
-
[LWN] A pair of Rust kernel modules
That said, what's present in what quantities under what circumstances in the Rust fuzzing trophy case does a pretty good job of illustrating how effective the Rust compiler is at ruling out entire classes of bugs.
-
Looking for simple rust programs to crash
The same fuzzing techniques applied to Rust yielded a lot of bugs as well. But in Rust's case only 7 out of 340 fuzzer-discovered bugs, or 2%, were memory corruption issues. Naturally, all of the memory corruption bugs were in unsafe code.
-
Everything Is Broken: Shipping rust-minidump at Mozilla, Part 1
https://github.com/rust-fuzz/trophy-case has like 70 of my issues in it, including the nine minidump bugs
-
Fuzzcheck (a structure-aware Rust fuzzer)
If you have found any bugs with this tool, perhaps add them to the Rust fuzz trophy case?
-
Rust is more portable than C for pngquant/libimagequant
Source: https://github.com/rust-fuzz/trophy-case (over 40 of those are just from me).
-
Rust takes a major step forward as Linux's second official language
But to bring some data, check out the fuzz trophy case. It shows that failures in Rust are most often assertions/panics (equivalent to C++ exception) with memory corruption being relatively rare (it's not never—Rust isn't promising magic—but it's a significant change).
-
Shouldn't have happened: A vulnerability postmortem
You need to read the list more carefully.
• The list is not for Rust itself, but every program every written in Rust. By itself it doesn't mean much, unless you compare prevalence of issues among Rust programs to prevalence of issues among C programs. For some context, see how memory unsafety is rare compared to assertions and uncaught exceptions: https://github.com/rust-fuzz/trophy-case
• Many of the memory-unsafety issues are on the C FFI boundary, which is unsafe due to C lacking expressiveness about memory ownership of its APIs (i.e. it shows how dangerous is to program where you don't have the Rust borrow checker checking your code).
• Many bugs about missing Send/Sync or evil trait implementations are about type-system loopholes that prevented compiler from catching code that was already buggy. C doesn't have these guarantees in the first place, so lack of them is not a CVE for C, but just how C is designed.
- Safer usage of C++ in Chrome
gccrs
-
FreeBSD evaluating Rust's adoption into base system
There is a Rust front-end for GCC that is under active development [1]. If the chip vendors are not willing to develop and upstream a LLVM back-end then they can feel free to start contributing to it.
[1] https://rust-gcc.github.io/
-
Why do lifetimes need to be leaky?
That's why gccrs doesn't even consider lifetime checking a part of the language (they plan to use Polonius, too).
- Rust-GCC: GCC Front-End for Rust
-
How hard would it be to port the Rust toolchain to a new non-POSIX OS written in Rust and get it to host its own development? What would that process entail?
There's ongoing work on a Rust front-end for GCC (https://github.com/Rust-GCC/gccrs). Bit barebones right now -- ie, even core doesn't compile -- but there's funding, demand, and regular progress, so it'll only get better from there. Once gccrs can compile core, it should be ready to compile most of Rust, and thus if you've taught the calling conventions for C to GCC, you're golden.
-
How hard is it to write a front end for a more complex language like Rust or Kotlin?
I recommend checking out the GCC Rust frontend project.
-
Rust contributions for Linux 6.4 are finally merged upstream!
That is what theyre refering to, yes. The GitHub is named https://github.com/Rust-GCC/gccrs
-
GCC 13 and the State of Gccrs
- But this misses so much extra context information
3. Macro invocations there are really subtle rules on how you treat macro invocations such as this which is not documented at all https://github.com/Rust-GCC/gccrs/blob/master/gcc/rust/expan...
Some day I personally want to write a blog post about how complicated and under spec'd Rust is, then write one about the stuff i do like it such as iterators being part of libcore so i don't need reactive extensions.
- Break rust Easter Egg Merged Into gccrs
-
Any alternate Rust compilers?
(Speaking of which, Rust-GCC (or gcc-rs or gccrs or whichever other of their names they decide is the primary one) isn't even going to be a complete C++ implementation. Their plan is to implement enough to compile Polonius (the NLL 2.0 borrow checker being developed in Rust for rustc) and then share that since borrow-checking isn't necessary for codegen... only to identify and reject invalid programs... making the C++ portion of it not that different in scope from mrustc.)
-
Which programming languages, if all legacy code written in them was ported to a more modern language, would become extinct?
That bridge will be crossed with gccrs (compiling Rust with gcc directly, coming next month with GCC 13) and rust_codegen_gcc (rustc frontend, GCC backend, works now but just doesn’t yet have an “easy” setup)
What are some alternatives?
diem - Diem’s mission is to build a trusted and innovative financial network that empowers people and businesses around the world.
gcc-rust - a (WIP) Rust frontend for gcc / a gcc backend for rustc
go-fuzz - Randomized testing for Go
rustc_codegen_gcc - libgccjit AOT codegen for rustc
BLAKE3 - the official Rust and C implementations of the BLAKE3 cryptographic hash function
rustc_codegen_gcc - libgccjit AOT codegen for rustc
bitwarden_rs - Unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs [Moved to: https://github.com/dani-garcia/vaultwarden]
mold - Mold: A Modern Linker đź¦
go - The Go programming language
rust - Empowering everyone to build reliable and efficient software.
Rust-for-Linux - Adding support for the Rust language to the Linux kernel.