xz
virgil
xz | virgil | |
---|---|---|
24 | 29 | |
160 | 903 | |
- | - | |
9.7 | 9.3 | |
about 2 months ago | 8 days ago | |
C | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xz
-
XZ backdoor story – Initial analysis
Very funny. This one:
https://github.com/tukaani-project/xz/commits?author=thesame...
- Xz: Update maintainer and author info. The other maintainer suddenly disappeared
- Thanks Andres Freud
- The xz-utils backdoor has been removed
-
The xz sshd backdoor rabbithole goes quite a bit deeper
> The payload of the 'hack' contains fairly easy ways for the xz hackers to update the payload. They actually used it to remove a real issue where their hackery causes issues with valgrind that might lead to discovering it, and they also used it to release 5.6.1 which rewrites significant chunks;
The valgrind fix in 5.6.1 overwrites the same test files used in 5.6.0 instead of using the injection code's extension hooks. This is done with what should have been a highly suspicious commit: https://github.com/tukaani-project/xz/commit/6e636819e8f0703... - this replaces "random" test files with other "random" test files. The state reson is questionable to begin but not including the seed used when the the purpoted reason was to be able to re-create the files in the future is highly suspicous. This should have raised red flags bug no one was watching. I'd say this is another part of the operation that was much more sloppy than it needed to be.
-
Timeline of the xz open source attack
In https://archive.softwareheritage.org/browse/revision/e446ab7...
-
GitHub Disabled the Xz Repo
You're right, but maybe because there's nothing to see : https://github.com/tukaani-project/xz
- Xz Repository Censored by GitHub
- Backdoor in upstream xz/liblzma leading to SSH server compromise
- The Return of the Frame Pointers
virgil
-
Garbage Collection for Systems Programmers
For (2) Virgil has several features that allow you to layout memory with various levels of control. I assume you meaning "array of structs", and you can do that with arrays of tuples, which will naturally be flattened and normalized based on the target (i.e. will be array-of-structs on native targets). You can define byte-exact layouts[1] (mostly for interfacing with other software and parsing binary formats), unbox ADTs, and soon you can even control the exact encoding of ADTs.
Virgil is GC'd.
[1] https://github.com/titzer/virgil/blob/master/doc/tutorial/La...
-
The Return of the Frame Pointers
Virgil doesn't use frame pointers. If you don't have dynamic stack allocation, the frame of a given function has a fixed size can be found with a simple (binary-search) table lookup. Virgil's technique uses an additional page-indexed range that further restricts the lookup to be a few comparisons on average (O(log(# retpoints per page)). It combines the unwind info with stackmaps for GC. It takes very little space.
The main driver is in (https://github.com/titzer/virgil/blob/master/rt/native/Nativ... the rest of the code in the directory implements the decoding of metadata.
I think frame pointers only make sense if frames are dynamically-sized (i.e. have stack allocation of data). Otherwise it seems weird to me that a dynamic mechanism is used when a static mechanism would suffice; mostly because no one agreed on an ABI for the metadata encoding, or an unwind routine.
I believe the 1-2% measurement number. That's in the same ballpark as pervasive checks for array bounds checks. It's weird that the odd debugging and profiling task gets special pleading for a 1% cost but adding a layer of security gets the finger. Very bizarre priorities.
-
Whose baseline (compiler) is it anyway?
This paper is the first time I seen mention of the Virgil programming language, from the same author:
https://github.com/titzer/virgil
-
JEP 450: Compact Object Headers
JavaScript handles the "no identity hash" with WeakMap and WeakSet, which are language built-ins. For Virgil, I chose to leave out identity hashes and don't really regret it. It keeps the language simple and the separation clear. HashMap (entirely library code, not a language wormhole) takes the hash function and equality function as arguments to the constructor.
[1] https://github.com/titzer/virgil/blob/master/lib/util/Map.v3
This is partly my style too; I try to avoid using maps for things unless they are really far flung, and the things that end up serving as keys in one place usually end up serving as keys in lots of other places too.
-
Retrofitting null-safety onto Java at Meta
Whoa, interesting. I didn't know Kotlin had all those constructs.
In Virgil, a method on an object (or ADT) can declare its return type as "this". Then the method implicitly returns the receiver object. That trick is very useful to allow a chain of calls such as object.foo().bar().baz(). I find it readable and easy to explain:
https://github.com/titzer/virgil/blob/master/doc/tutorial/Re...
-
A Ruby program that generates itself (through a 128-language quine loop)
I hadn't written one until ~30 mins ago [1]. I cheated and looked at a Java quine (not particularly elegant, but easy to see what is going on.), but I wrote one for Virgil. Just think string substitution; a string with a hole in it and you substitute a copy of the string, quoted into the hole. Just one substitution suffices.
[1] https://github.com/titzer/virgil/blob/master/apps/Quine/Quin...
-
Integer Conversions and Safe Comparisons in C++20
Virgil has a family of completely well-defined (i.e. no UB) fixed-size integer types with some hard-fought rules that I eventually got around to documenting here:
https://github.com/titzer/virgil/blob/master/doc/tutorial/Fi...
One of the key things is that values are never silently truncated (other than 2's-complement wrap-around) or values changed; only promotions. The only sane semantics for over-shifts (shifts larger than the size of the type) is to shift the bits out, like a window.
The upshot of all that is that Virgil has a pretty sane semantics for fixed-size integers, IMHO.
-
Show HN: We are trying to (finally) get tail-calls into the WebAssembly standard
LLVM and other compilers that use SSA but target a stack machine can run a stackification phase. Even without reordering instructions, it seems to work well in practice.
In Virgil I implemented this for both the JVM and Wasm. Here's the algorithm used for Wasm:
https://github.com/titzer/virgil/blob/master/aeneas/src/mach...
-
Hacker News top posts: Jul 2, 2022
Virgil: A fast and lightweight programming language that compiles to WASM\ (54 comments)
- Virgil: A fast and lightweight programming language that compiles to WASM
What are some alternatives?
wasmtime - A fast and secure runtime for WebAssembly
vigil - Vigil, the eternal morally vigilant programming language
libarchive - Multi-format archive and compression library
libratbag - A DBus daemon to configure input devices, mainly high-end and gaming mice
stencil-golang - Template repository for Golang applications
rust-asn1 - A Rust ASN.1 (DER) serializer.
tukaani-project
kcachegrind - GUI to profilers such as Valgrind
Folly - An open-source C++ library developed and used at Facebook.
v86 - x86 PC emulator and x86-to-wasm JIT, running in the browser
freedesktop-sdk
Solaar - Linux device manager for Logitech devices