Originally posted by Quackdoc
View Post
Announcement
Collapse
No announcement yet.
Uutils 0.0.23 Implements More GNU Coreutils Functionality In Rust
Collapse
X
-
- Likes 3
-
Originally posted by Quackdoc View Postof those 71 crates, it makes it fairly easy to "audit" them,
GNU Coreutils only depends on "acl attr glibc gmp libcap openssl" on Arch and it's safe to assume someone else is auditing those. The workload is much less.
The other point is that GNU Coreutils already exists. For a new project, Rust makes more sense. For old projects, most people won't bother with rewrites unless they have other motives such as personal exposure or practicing writing in Rust or some issue that Rust circumvents. In uutils case, it's good for them since publishing your efforts for free is always a commendable and respectable selfless act. But let's be reasonable here.
Comment
-
Originally posted by ClosedSource View Post
Rust requires LLVM meaning C++ meaning an architecture that has a C++ compiler. Your car keys probably have a C compiler.
You're absolutely right in that this is irrelevant because you can cross compile but the reason why minimal implementations of libc exist is because of what I just explained.
Comment
-
Originally posted by Akiko View PostThe reason for this is that people are reluctant to understand that Linux is the kernel and some kernel tools and nothing more. Everything else are GNU and/or third party tools.
/Rant over
The sensible "because" is that, since Linux didn't provide a libc, it's the only kernel of note that provides stable syscall numbers instead.
Comment
-
Originally posted by ClosedSource View Post
Rust requires LLVM meaning C++ meaning an architecture that has a C++ compiler. Your car keys probably have a C compiler.
You're absolutely right in that this is irrelevant because you can cross compile but the reason why minimal implementations of libc exist is because of what I just explained.
Comment
-
Originally posted by jacob View Post
Rust doesn't necessarily require a C++ compiler. You can cross compile LLVM and the Rust compiler for your target architecture.
Comment
-
Originally posted by Akiko View PostYou won't get Rust binaries down to the size of C binaries, because C is basically Assembly in "readable" and Rust brings a bigger runtime to fight all the insecure issues.
The reason for this is that people are reluctant to understand that Linux is the kernel and some kernel tools and nothing more. Everything else are GNU and/or third party tools.
/Rant over
- Likes 1
Comment
-
Originally posted by Quackdoc View PostIm not sure why it couldn't Is there any particular reason why not?
i've already shown that as it is, uutils can adequately fit within very small size constraints thanks to the help of upx, so Im not sure Im understanding the point here. ofc im sure uutils will expand over time, but it's not like rust exactly does a good job of size optimization when building gnu libc statically. musl helps (but there are bugs surround it atm, I seem to hit this a lot https://github.com/rust-lang/libc/pull/3213)
Comment
-
Originally posted by ClosedSource View PostNo sane person wastes money auditing 71 external libraries.
[...]
GNU Coreutils only depends on "acl attr glibc gmp libcap openssl" on Arch and it's safe to assume someone else is auditing those. The workload is much less.
Having fewer deps means having more code. Auditing many small libraries is actually easier than auditing a handful of big ones, that are harder to dive into and that reinvented 20 different wheels. Is gnucoreutil's sha3 implementation good ? Is there an audit that looked at that part of the code specifically ? I worry much less when I see that uutils uses the same sha3 crate as is used and reviewed by the whole rust ecosystem. With a larger number of focused deps, you increase the chance of using code that has had many eyes on it.
Also, while it's a bit orthogonal to your argument, it is much easier to audit/review Rust code than C/C++ code. Because the especially gnarly parts are identified with `unsafe`, because the language gives many more assurances, because the type system allows you to reason much more locally, because error handling is much clearer, because the style and formatting is more consistent, etc. Comparing the audit comments of rustls vs openssl, it's clear which one was the more pleasant experience.
- Likes 5
Comment
-
Originally posted by darkonix View PostRust doesn't has a runtime. The security is provided by the compiler at compile time. Are you maybe thinking of something like Java or Python? If your project doesn't use Rust libraries and doesn't link the C library it should be nearly the same assembler-like runtime experience to a similar C program.
These non-VM runtimes are responsible for things like translating the platform's command-line argument-passing convention (eg. the Program Segment Prefix in MS-DOS) into int main(int argc, char *argv[]) or one of its alternatives.
In that particular example, it's achieved by main not actually being the entry point from the OS's point of view. It's actually a function named _start which calls your main once it's finished setting things up. It's part of an object file that's commonly called something like crt0.o or gcrt0.o.
- Likes 1
Comment
Comment