cve-rs
wasm-micro-runtime
| cve-rs | wasm-micro-runtime | |
|---|---|---|
| 15 | 27 | |
| 5,233 | 5,692 | |
| 2.2% | 1.6% | |
| 2.9 | 9.7 | |
| 3 months ago | 2 days ago | |
| Rust | C | |
| GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cve-rs
- Fast memory vulnerabilities, written in 100% safe Rust
I like the license:
https://github.com/Speykious/cve-rs/blob/main/LICENSE
- What is memory safety and why does it matter?
> Consider Rust.
What about advertising actual memory safe languages instead. https://github.com/Speykious/cve-rs
- C++26: Erroneous Behaviour
- My first verified (imperative) program
Funny thing is that you can get undefined behavior and segfaults using only "safe rust", and the rust compiler has subtle bugs that allow you to disable important checks (like type checking), which can leave your code completely broken.
But for some crazy propaganda, rust devs believes that any rust code is safe and sound no matter what.
https://github.com/Speykious/cve-rs/issues/49
- Cve-rs: fast memory vulnerabilities, written in 100% safe Rust
- Weird Expressions in Rust
And how would you conclude that "fast"?
You can have UB in "safe rust".
https://github.com/Speykious/cve-rs
You can even disable to Type check, trait check and borrow check in "safe rust"
And all of this is unsound.
https://users.rust-lang.org/t/i-finally-found-the-cheat-code...
- Zlib-rs is faster than C
> Even validators have bugs
Yep! For example, https://github.com/Speykious/cve-rs is an example of a bug in the Rust compiler, which allows something that it shouldn't. It's on its way to being fixed.
> or miss things no?
This is the trickier part! Yes, even proofs have axioms, that is, things that are accepted without proof, that the rest of the proof is built on top of. If an axiom is incorrect, so is the proof, even though we've proven it.
- A 10x Faster TypeScript
I love Rust, but you can play exactly the same game with Rust: https://github.com/Speykious/cve-rs
- Mark Russinovich: "There is industry consensus on moving away from C/C++"
When there is industry consensus, there is often much humour that precedes it, including https://github.com/Speykious/cve-rs
wasm-micro-runtime
- Show HN: Tiny VM sandbox in C with apps in Rust, C and Zig
Really neat clean code!
I like the single C file, but Docker if you want all the examples approach, that's really convenient for embedded.
Test coverage looks good as well, be interesting to see the metrics.
This would be quite cool for adding scripting to medical devices, avoiding the need to revalidate the "core" each time you change a feature.
An interesting comparison would be against an embedded WASM bytecode interpreter like https://github.com/bytecodealliance/wasm-micro-runtime, which is still much larger at 56.3K on a Cortex M4F.
- XRPL Programmability: WASM Runtime Revisit
WAMR: See section 2.2 of this research paper for some historical examples of bugs or security issues in WAMR that (according to the paper’s author) seem to be caused by a posture of assuming “first party” code on the part of the WAMR team. There have been a handful of major CVEs reported. The project has not had any audits done.
- Edit is now open source
Here is a runtime with estimated sizes: https://github.com/bytecodealliance/wasm-micro-runtime
- What’s The State of WASI?
The Bytecode Alliance maintains a number of open source WebAssembly projects, including two WebAssembly runtimes (Wasmtime and Wamr), the component model tools, and language-specific tooling like jco for Javascript and componentize-py for Python. Members of the Bytecode Alliance also do substantial work on standards for the W3C.
- A 10x Faster TypeScript
- Hello world from a WASM module in a static binary
Finally, I landed on Bytecode Alliance's WebAssembly Micro Runtime (WAMR) wamrc compiler.
- I Wrote a WebAssembly VM in C
The person I replied to just said it is 266MB because it includes a compiler, and that obviously isn't true.
https://github.com/bytecodealliance/wasm-micro-runtime
This says 4000 lines
https://github.com/explodingcamera/tinywasm
What are we talking about here? There is obviously no reason a wasm jit has to be 266 MB
- Lua Is So Underrated
To be able to embed WASM-compiled languages for embedding you first need a small WASM runtime you can depend on (and things like ref types, GC etc which have been standardized only in the last couple of years).
That didn't exist until recently, but now you can use https://github.com/bytecodealliance/wasm-micro-runtime/blob/...
I am not aware of anyone using this yet, but I hope to see that become common in the next few years.
- Wasm2Mpy: Compiling WASM to MicroPython so it can run in Raspberry
What would be the recommendation to run on ESP32?
https://github.com/wasm3/wasm3? https://github.com/espressif/esp-wasmachine ? https://github.com/bytecodealliance/wasm-micro-runtime/tree/... ? https://github.com/TOPLLab/WARDuino ?
- Show HN: Handwriter.ttf – Handwriting Synthesis with Harfbuzz WASM
Interesting artifact of time it would be. Harfbuzz uses https://github.com/bytecodealliance/wasm-micro-runtime to execute wasm, so when compiled it would be wasm runtime running under another wasm runtime.
What are some alternatives?
stc - Speedy TypeScript type checker
WASI - WebAssembly System Interface
latte - Latency Tester for Apache Cassandra
raylib - A simple and easy-to-use library to enjoy videogames programming
zlib-rs - A zlib implementation in rust available as a C dynamic library and as a rust crate
zephyr - Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.