creusot
gvisor
| creusot | gvisor | |
|---|---|---|
| 15 | 65 | |
| 868 | 15,134 | |
| - | 0.9% | |
| 9.6 | 9.9 | |
| 3 months ago | 3 days ago | |
| Rust | Go | |
| GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
creusot
-
Conditioonal Compilation across Crates?
However, it seems that C is not "notified" whether --cfg thing is set, only the main crate being built is. Regardless of this flag, the dummy macro is always chosen. Am I doing something wrong? It should work; the Creusot project is doing something similar.
-
Kani 0.29.0 has been released!
I believe https://github.com/xldenis/creusot is more similar in that it also uses proofs to prove rust code correct.
-
Prop v0.42 released! Don't panic! The answer is... support for dependent types :)
Wow that sounds really cool! I'm not an expert but does that mean that one day you could implement dependend types or refinement types in Rust as a crate ? I currently only know of tools like: Flux Creusot Kani Prusti
-
Linus Torvalds: Rust will go into Linux 6.1
Easy reasoning does not end on memory safety. For example, deductive verification of Rust code is possible exactly because there's no reference aliasing in safe Rust
-
A personal list of Rust grievances
> No support for using something like separation logic within Rust itself to verify that unsafe code upholds the invariants that the safe language expects.
I think this is something we might see in the future. There are a lot of formal methods people who are interested in rust. Creusot in particular is pretty close to doing this - at least for simpler invariants
https://github.com/xldenis/creusot
-
Whiley, a language with statically checked pre and post conditions, releases its 0.6.1 version and portions implemented in Rust
Seems similar in principle to cruesot except as another language instead of as a layer on-top of rust.
-
What it feels like when Rust saves your bacon
You often encounter this entire thread of rhetoric when someone wants to put a diversion into the central argument, yeah but it doesn't ____.
But Rust does do that, match exhaustiveness, forcing the handling of errors and the type system enables things like CreuSAT [1] using creusot [2]
[1] https://news.ycombinator.com/item?id=31780128
[2] https://github.com/xldenis/creusot
> Creusot works by translating Rust code to WhyML, the verification and specification language of Why3. Users can then leverage the full power of Why3 to (semi)-automatically discharge the verification conditions!
Units of Measure, https://github.com/iliekturtles/uom
The base properties of the language enable things that can never be done in C++.
- Creusot: Deductive Verification of Rust
-
What Is Rust's Unsafe?
> I’ve been working on a tool: https://github.com/xldenis/creusot to put this into practice
Note that there are other tools trying to deal with formal statements about Rust code. AIUI, Rust developers are working on forming a proper working group for pursuing these issues. We might get a RFC-standardized way of expressing formal/logical conditions about Rust code, which would be a meaningful first step towards supporting proof-carrying code within Rust.
-
AdaCore and Ferrous Systems Joining Forces to Support Rust
This is exciting! I've met with people from AdaCore and Ferrous systems (individually) several times and they're all serious, competent and motivated.
I'm curious what kinds of software they want to (eventually) verify, my PhD thesis is developing a verification tool for Rust (https://github.com/xldenis/creusot) and I'm always on the look out for case studies to push me forward.
The road to formally verified Rust is still long but in my unbiased opinion looking quite bright, especially compared to other languages like C.
gvisor
-
Maestro: A Linux-compatible kernel in Rust
Isn't gVisor kind of this as well?
"gVisor is an application kernel for containers. It limits the host kernel surface accessible to the application while still giving the application access to all the features it expects. Unlike most kernels, gVisor does not assume or require a fixed set of physical resources; instead, it leverages existing host kernel functionality and runs as a normal process. In other words, gVisor implements Linux by way of Linux."
https://github.com/google/gvisor
- Google/Gvisor: Application Kernel for Containers
- GVisor: OCI Runtime with Application Kernel
- How to Escape a Container
-
Faster Filesystem Access with Directfs
This sort of feels like seeing someone riding a bike and saying: why don’t they just get a car? The simple fact is that containers and VMs are quite different. Whether something uses VMX and friends or not is also a red herring, as gVisor also “rolls it own VMM” [1].
[1] https://github.com/google/gvisor/tree/master/pkg/sentry/plat...
-
OS in Go? Why Not
There's two major production-ready Go-based operating system(-ish) projects:
- Google's gVisor[1] (a re-implementation of a significant subset of the Linux syscall ABI for isolation, also mentioned in the article)
- USBArmory's Tamago[2] (a single-threaded bare-metal Go runtime for SOCs)
Both of these are security-focused with a clear trade off: sacrifice some performance for memory safe and excellent readability (and auditability). I feel like that's the sweet spot for low-level Go - projects that need memory safety but would rather trade some performance for simplicity.
[1]: https://github.com/google/gvisor
[2]: https://github.com/usbarmory/tamago
-
Tunwg: Expose your Go HTTP servers online with end to end TLS
It uses gVisor to create a TCP/IP stack in userspace, and starts a wireguard interface on it, which the HTTP server from http.Serve listens on. The library will print a URL after startup, where you can access your server. You can create multiple listeners in one binary.
-
How does go playground work?
The playground compiles the program with GOOS=linux, GOARCH=amd64 and runs the program with gVisor. Detailed documentation is available at the gVisor site.
- Searchable Linux Syscall Table for x86 and x86_64
-
Multi-tenancy in Kubernetes
You could use a container sandbox like gVisor, light virtual machines as containers (Kata containers, firecracker + containerd) or full virtual machines (virtlet as a CRI).
What are some alternatives?
misra-rust - An investigation into what adhering to each MISRA-C rule looks like in Rust. The intention is to decipher how much we "get for free" from the Rust compiler.
firecracker - Secure and fast microVMs for serverless computing.
l4v - seL4 specification and proofs
podman - Podman: A tool for managing OCI containers and pods.
Daikon - Dynamic detection of likely invariants
wsl-vpnkit - Provides network connectivity to WSL 2 when blocked by VPN
agda-stdlib - The Agda standard library
kata-containers - Kata Containers is an open source project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/
hacspec - Please see https://github.com/hacspec/hax
sysbox - An open-source, next-generation "runc" that empowers rootless containers to run workloads such as Systemd, Docker, Kubernetes, just like VMs.
CreuSAT - CreuSAT - A formally verified SAT solver written in Rust and verified with Creusot.
containerd - An open and reliable container runtime