Wuffs Alternatives
Similar projects and alternatives to wuffs
-
-
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
-
-
conjure
Interactive evaluation for Neovim (Clojure, Fennel, Janet, Racket, Hy, MIT Scheme, Guile)
-
-
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
rust
Rust for the xtensa architecture. Built in targets for the ESP32 and ESP8266 (by esp-rs)
-
cmark-gfm
GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C
-
-
-
-
Nim
Nim is a statically typed compiled systems programming language. It combines successful concepts from mature languages like Python, Ada and Modula. Its design focuses on efficiency, expressiveness, and elegance (in that order of priority).
-
-
Kaitai Struct
Kaitai Struct: declarative language to generate binary data parsers in C++ / C# / Go / Java / JavaScript / Lua / Nim / Perl / PHP / Python / Ruby
-
-
-
-
-
wuffs reviews and mentions
-
Computing Adler32 Checksums at 41 GB/s
https://github.com/google/wuffs/blob/main/std/adler32/common...
Like the fpng implementation, it's SSE (128-bit registers), but the inner loop eats 32 bytes at a time, not 16.
"Wuffs’ Adler-32 implementation is around 6.4x faster (11.3GB/s vs 1.76GB/s) than the one from zlib-the-library", which IIUC is roughly comparable to the article's defer32.
-
Ivy: Rob Pike's APL-Like Language / Desk Calculator
> Programing languages require precedence rules
WUFFS doesn't have operator precedence. https://github.com/google/wuffs/blob/main/doc/wuffs-the-lang...
As its designers explain: A bare a * b + c is an invalid expression. You must explicitly write either (a * b) + c or a * (b + c).
Why doesn't WUFFS have precedence? Because it's focused intensely on solving its specific problem, Wrangling Untrusted File Formats Safely. Having solved the buffer problem (you can't write buffer[oops_too_big] type mistakes in WUFFS, they will not compile) and the integer overflow problem (likewise, it doesn't compile) they wanted to also solve that problem where the programmer thought there were making one calculation, but due to precedence rules they were actually making a different calculation.
- The New Ghostscript PDF Interpreter
-
A fake job offer took down the world’s most popular crypto game
Program and data aren't really different, philosophically. On some level this even applies to people. When someone teaches you French is that program or data? Is it just data? Why can you now understand French then? Or if it's program, how does that work, who taught the teacher how to program you?
So, our best effort is to constrain what certain data can do when we process it, in the hope that this prevents surprising negative consequences like a PDF that steals privileged information and sends it elsewhere.
Notice that, in some sense, a PDF which just contains a photograph of your wife tied to a chair and holding today's newspaper, plus human readable text like, "We have your wife Sarah and all three kids Beth, Jim and Amanda. We are watching. Do not try to call for help. Email the privileged information to [email protected] or we will kill your family" is also potentially effective at doing this, but we would not usually consider that an exploit in this context.
One irritation in this space is that programmers love General Purpose Programming Languages. The idea of the general purpose language is that it can do anything. But the problem in this sort of situation is that we don't want programs which can do anything, in fact doing anything is our worst case scenario. We actually want Special Purpose Programming Languages. We want to write our PDF data processing software in a language that even if we were trying can't do the things that should never happen as a result of processing a PDF.
This is the purpose of languages like WUFFS: https://github.com/google/wuffs
You can't write a WUFFS program to, for example, email anything to [email protected] even if you desperately needed to, which means you definitely won't accidentally write a program which can email the privileged information to the crooks when fed a PDF. Of course the PDF mentioned earlier with the kidnap note inside it could still work. And also of course making a PDF renderer out of WUFFS would be a really big ask. WUFFS-the-library today can render PNG, GIF, BMP but notably not yet JPEG. But it's clearly possible for something like PDF rendering to happen under these constraints. Nobody ordinarily viewing a PDF wants it to do arbitrary stuff.
-
Tolower() in Bulk at Speed
This sort of stuff is where Iterate Loops are good:
https://github.com/google/wuffs/blob/main/doc/note/iterate-l...
WUFFS wants this because it demands all the checking at compile time (WUFFS code with a potential buffer overflow just won't compile), so if you need bounds checks you'll be writing them out by hand and the iterate loop often allows you to express a correct solution with no actual checks.
-
Pure: A static analysis file format checker
It makes more sense, rather than trying to build a bomb detector, to have software that you can't blow up. For some problems that's not a realistic goal, but in the space where Pure operates it doesn't even seem that difficult.
-
Memory Safety for the World’s Largest Software Project
Let's just all move to wuffs
-
Question about safety when accessing an array out of bounds
After all Google does that with WUFFS and that's not just a theoretical research, it's something you may use right now in your program if you want to be faster than Rust.
There are some tools which make things like these a compile-time errors instead, some are even used in practice, but of course in languages like these you couldn't just take random index and try to access array member, no, you would have to add proof of the correctness to each and every index access for the compiler to check.
-
About compile time overflow prevention...
Bit late to the party, but google's wuffs has exactly this: compile time overflow prevention. It is not implemented in the type system per se, but still a part of their static analysis phase.
-
How fast can a 6502 transfer memory
Tom Duff's device was doing that because he's doing MMIO, you should not [I know you're not suggesting it, but just in case anybody reading thinks it's clever] do this today when you don't want MMIO, your compiler is very capable of just doing an actual copy quickly, so tell it that's what you want, don't write gymnastics like Duff's device.
However, expressing these partially unrolled loops nicely is a nice performance-not-safety feature of WUFFS called "Iterate loops":
https://github.com/google/wuffs/blob/main/doc/note/iterate-l...
Well, I say performance not safety, as always they want both, but you could safely just write the never unrolled case, while the existence of Iterate loops allows you to express a much faster special case but know the compiler will fix things up properly no matter what.
-
Emulating memory in an interpreted language
But clearly, it is possible to define a language for which the semantics of out-of-bounds accesses are well-defined; such languages include assembly, java, haskell, etc. There are also languages for which the semantics of out-of-bounds accesses are not well-defined, and whose type systems are unsound; the primary contender here is c. Finally, there are languages for which the semantics of out-of-bounds accesses are not well-defined, and whose type systems are sound; these languages are generally dependently typed. One interesting recent example of such a language is wuffs.
-
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
Indeed, you should be Wrangling Untrusted File Formats Safely
-
Kaitai Struct: A new way to develop parsers for binary structures
I agree that it's similar but ultimately different problems. Copy/pasting from https://github.com/google/wuffs/blob/main/doc/related-work.m... gives:
> Kaitai Struct is in a similar space, generating safe parsers for multiple target programming languages from one declarative specification. Again, Wuffs differs in that it is a complete (and performant) end to end implementation, not just for the structured parts of a file format. Repeating a point in the previous paragraph, the difficulty in decoding the GIF format isn't in the regularly-expressible part of the format, it's in the LZW compression. Kaitai's GIF parser returns the compressed LZW data as an opaque blob.
Stats
google/wuffs is an open source project licensed under Apache License 2.0 which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.