Stories with Tag FFI

• Show HN: I built a Rust crate for running unsafe code safely

  permalink

  Posted: 2025-04-06 13:28:48

  Verbose tl;dr

  mem-isolate is a Rust crate designed to execute potentially unsafe code within isolated memory compartments. It leverages Linux's memfd_create system call to create anonymous memory mappings, allowing developers to run untrusted code within these confined regions, limiting the potential damage from vulnerabilities or exploits. This sandboxing approach helps mitigate security risks by restricting access to the main process's memory, effectively preventing malicious code from affecting the wider system. The crate offers a simple API for setting up and managing these isolated execution environments, providing a more secure way to interact with external or potentially compromised code.

  The Hacker News post titled "Show HN: I built a Rust crate for running unsafe code safely" introduces mem-isolate, a new Rust library designed to mitigate the risks associated with executing potentially unsafe code. The core concept behind mem-isolate is compartmentalization. It achieves this by leveraging Rust's ownership system and memory safety guarantees to create isolated memory regions, effectively sandboxing the execution of untrusted or volatile code.

  This sandboxing prevents potential memory corruption or other undefined behavior from affecting the primary application. If the isolated code attempts an illegal memory access or performs another unsafe operation that would typically lead to a crash or vulnerability, the effects are confined within the isolated memory region. The main application remains unaffected, enhancing overall system stability and security.

  The crate provides a mechanism to execute a given function within this confined environment. It works by forking the current process and establishing the isolated memory space within the child process. The target function then runs solely within this isolated child process. Any memory violations or crashes are isolated to the child process, preventing them from propagating to the parent and compromising the main application. The parent process can then continue operating normally.

  The developer highlights that while mem-isolate focuses on memory safety, it doesn't address all potential security concerns. For example, it doesn't inherently protect against issues like infinite loops or excessive resource consumption within the isolated code. These aspects would require additional monitoring and control mechanisms.

  Essentially, mem-isolate offers a way to run potentially dangerous code within a controlled environment, significantly reducing the risks associated with executing untrusted code within a Rust application, particularly focusing on preventing memory-related vulnerabilities from impacting the core application's integrity.

  • Rust
  • crate
  • unsafe
  • safe
  • Memory Safety
  • Sandboxing
  • isolation
  • System Programming
  • Low-level
  • FFI
  • Foreign Function Interface
  • C interop
  • WebAssembly
  • Wasm
  • Security
  • Operating Systems
  • Kernel
  • mem-isolate

  Summary of Comments ( 5 )
  https://news.ycombinator.com/item?id=43601301

  Verbose tl;dr

  Hacker News users discussed the practicality and security implications of the mem-isolate crate. Several commenters expressed skepticism about its ability to truly isolate unsafe code, particularly in complex scenarios involving system calls and shared resources. Concerns were raised about the performance overhead and the potential for subtle bugs in the isolation mechanism itself. The discussion also touched on the challenges of securely managing memory in Rust and the trade-offs between safety and performance. Some users suggested alternative approaches, such as using WebAssembly or language-level sandboxing. Overall, the comments reflected a cautious optimism about the project but acknowledged the difficulty of achieving complete isolation in a practical and efficient manner.

  The Hacker News post "Show HN: I built a Rust crate for running unsafe code safely" (linking to the mem-isolate crate) generated a moderate amount of discussion, mostly focused on the complexities and nuances of memory safety in Rust, and whether the crate truly offers a "safe" solution for running unsafe code.

  Several commenters express skepticism about the claim of "safely" running unsafe code. One points out the inherent contradiction, suggesting the term is an oxymoron. Another argues that true safety requires formal verification, and anything short of that is merely reducing the attack surface rather than eliminating it. This sentiment is echoed by another commenter who highlights the difficulty in proving the soundness of the approach and the potential for subtle bugs to undermine the isolation.

  A few comments delve into the specifics of mem-isolate's implementation. One user questions its practicality for real-world scenarios, suggesting that the overhead of serialization and deserialization, coupled with the limitations on system call access, could severely limit its usefulness. They also mention the potential performance impact and the challenge of managing data dependencies between isolated processes.

  The discussion also touches upon alternative approaches to isolating unsafe code, such as WebAssembly. One commenter mentions Wasmtime as a more mature and robust solution, although they acknowledge that Wasmtime might not be suitable for all use cases. Another suggests using language-level sandboxing features provided by some languages.

  Some users discuss the trade-offs between security and performance. One commenter notes that while complete memory safety is desirable, it often comes at a cost to performance. They suggest that in certain situations, a calculated risk with less strict isolation might be acceptable if performance is a critical factor.

  Finally, a few comments express general interest in the project and commend the author for tackling a challenging problem. They acknowledge the difficulty of achieving true memory safety in systems programming and appreciate the effort to improve the security of Rust code. However, even these positive comments maintain a cautious tone, reflecting the overall skepticism towards the claim of absolute safety.

• C Plus Prolog

  permalink

  Posted: 2025-03-13 22:48:45

  Verbose tl;dr

  C Plus Prolog is a project that embeds a Prolog interpreter within C++ code, allowing for logic programming within a C++ application. It aims to provide a seamless integration where Prolog predicates can be called directly from C++ and vice-versa, enabling the combination of Prolog's declarative power with C++'s performance and imperative features. The project leverages a modified version of SWI-Prolog, a popular open-source Prolog implementation, and offers a bidirectional interface for data exchange between the two languages. This facilitates the development of applications that benefit from both efficient procedural code and the logical reasoning capabilities of Prolog.

  The GitHub repository titled "C Plus Prolog" by user needleful presents an ambitious undertaking: the creation of a programming language that seamlessly blends the strengths of C++ and Prolog. This hybrid language aims to leverage C++'s performance and low-level control capabilities alongside Prolog's declarative logic programming paradigm. The project envisions a synergistic relationship where C++ code can call Prolog predicates and vice versa, facilitating a powerful combination of procedural and logical programming styles.

  The integration is envisioned to be deep and bidirectional. C++ programmers would gain access to Prolog's logic and reasoning capabilities, allowing for complex tasks like pattern matching, constraint solving, and knowledge representation to be embedded directly within their C++ programs. Conversely, Prolog programmers would be empowered to leverage the performance and extensive libraries of C++, enabling them to write Prolog code that can interact directly with system resources and perform computationally intensive tasks that might be inefficient in pure Prolog.

  The repository details a complex implementation strategy involving a sophisticated parsing mechanism and a custom runtime environment. It sketches a plan for converting Prolog's logical expressions into a form suitable for execution within the C++ environment, potentially leveraging C++'s template metaprogramming capabilities for optimization. While the project appears to be in its early stages of development, the outlined architecture suggests a desire for a robust and performant implementation that goes beyond simple interoperability and aims for a genuine fusion of the two languages. The repository highlights the potential benefits of such a hybrid language, particularly in areas like artificial intelligence, natural language processing, and expert systems, where both performance and logical reasoning are crucial. The outlined approach intends to address the shortcomings of each language in isolation by complementing them with the other's strengths, ultimately leading to a more expressive and versatile programming paradigm.

  • C++
  • Prolog
  • Logic Programming
  • Integration
  • Embedding
  • Foreign Function Interface
  • FFI
  • Hybrid Language
  • Programming Languages
  • parser
  • compiler

  Summary of Comments ( 45 )
  https://news.ycombinator.com/item?id=43357955

  Verbose tl;dr

  Hacker News users discussed the practicality and niche appeal of C Plus Prolog. Some expressed interest in its potential for specific applications like implementing rule engines or program analysis tools, while others questioned the performance implications of embedding Prolog within C++. One commenter suggested that a cleaner approach might involve interfacing Prolog with a language like Rust. Several pointed out the project's age and apparent inactivity, raising concerns about maintainability and documentation. The potential for improved tooling using C++-based IDEs was mentioned as a possible benefit. Overall, the discussion centered around the specialized nature of the project and the trade-offs involved in its approach.

  The Hacker News post titled "C Plus Prolog" (https://news.ycombinator.com/item?id=43357955) has a modest number of comments, generating a brief discussion around the project. No single comment overwhelmingly dominates the conversation, but a few key themes and interesting points emerge.

  One commenter expresses intrigue, questioning whether the project acts as a Prolog interpreter embedded within C++, allowing Prolog code to be executed directly. They further ponder the possibility of bidirectional communication between the C++ and Prolog components, imagining scenarios where Prolog could be utilized for tasks like constraint solving or symbolic manipulation within a larger C++ application.

  Another commenter, seemingly familiar with Prolog development, points out that the "cut" operator (!) and negation by failure are notably absent from the project's feature list. They suggest these are essential features for practical Prolog programming, hinting that their absence might limit the project's usefulness for more complex logic programming tasks. This comment also raises the question of whether the project implements a full unification algorithm, crucial for Prolog's core functionality.

  A subsequent reply acknowledges the missing features but clarifies that the primary goal of the project isn't to create a fully-fledged Prolog implementation. Instead, it aims to demonstrate a simpler approach to implementing a Prolog-like system within C++. This comment effectively reframes the project, suggesting it should be viewed more as an educational exercise or a proof-of-concept rather than a production-ready tool.

  Finally, another commenter briefly mentions a different Prolog interpreter written in C++, called "scryer-prolog," implying it might be a more mature or feature-complete alternative for those seeking a robust Prolog implementation. This comment serves as a helpful pointer for anyone interested in exploring other options within the same domain.

  In summary, the discussion around "C Plus Prolog" on Hacker News focuses on its functionality, clarifying its scope as a demonstrative implementation rather than a full Prolog interpreter. Commenters highlight missing features crucial for complex Prolog programming and suggest alternative, potentially more robust implementations. The overall tone remains inquisitive and informative, providing context and further avenues for exploration within the realm of Prolog and C++ integration.

• Tiny JITs for a Faster FFI

  permalink

  Posted: 2025-02-12 22:20:19

  Verbose tl;dr

  This post explores optimizing Ruby's Foreign Function Interface (FFI) performance by using tiny Just-In-Time (JIT) compilers. The author demonstrates how generating specialized machine code for specific FFI calls can drastically reduce overhead compared to the generic FFI invocation process. They present a proof-of-concept implementation using Rust and inline assembly, showcasing significant speed improvements, especially for repeated calls with the same argument types. While acknowledging limitations and areas for future development, like handling different calling conventions and more complex types, the post concludes that tiny JITs offer a promising path toward a much faster Ruby FFI.

  The blog post "Tiny JITs for a Faster FFI" on Rails at Scale explores the performance challenges of Foreign Function Interfaces (FFIs) and introduces a novel approach using tiny Just-In-Time (JIT) compilers to mitigate these overheads. The author begins by establishing the context of FFIs, describing their role in bridging the gap between different programming languages, specifically highlighting their importance within Ruby on Rails applications for interacting with native extensions often written in C. They emphasize that FFIs are essential for leveraging performance-critical libraries and functionalities not readily available within Ruby's ecosystem.

  The core performance bottleneck with FFIs lies in the "marshaling" process, which involves converting data between the representations used by the two interacting languages. This conversion process can be computationally expensive, especially when dealing with complex data structures or frequent calls across the FFI boundary. The traditional approach to mitigating this overhead involves manually writing specialized C "shim" functions tailored for specific data types and operations. This manual optimization, however, is labor-intensive, error-prone, and difficult to maintain, especially as the complexity of the interaction grows.

  The post proposes a more automated and flexible solution: employing small, specialized JIT compilers to generate these conversion routines dynamically. These "tiny JITs" analyze the required data transformations at runtime and generate optimized machine code specifically designed for the task at hand. This eliminates the need for hand-written shims and allows for more efficient data marshaling. The authors explain their chosen implementation strategy using Rust and its procedural macro capabilities. They leverage Rust's powerful metaprogramming features to generate the necessary code at compile time, resulting in a more performant and maintainable solution.

  The post then delves into the practical application of this approach within the context of a Ruby gem named "fruity". Fruity uses this tiny JIT technique to optimize calls to C functions, demonstrating significant performance improvements in benchmark comparisons against traditional FFI methods. The authors provide concrete examples and performance data to showcase the effectiveness of their approach, emphasizing the substantial reduction in overhead achieved through JIT-generated conversion routines. They also highlight the portability of this technique, mentioning its potential applicability to other language combinations beyond Ruby and C.

  Finally, the post concludes by acknowledging the ongoing nature of the project and outlining future directions for research and development. This includes further exploration of potential optimizations, expanding support for more complex data structures and operations, and investigating the integration of this technique within other FFI frameworks. The authors express optimism about the potential of tiny JITs to significantly improve the performance and usability of FFIs in various programming environments.

  • JIT compilation
  • FFI
  • Foreign Function Interface
  • performance optimization
  • ruby
  • CRuby
  • YJIT
  • MJIT
  • interpreter
  • compiler
  • native code
  • C extensions
  • Dynamic languages
  • Runtime performance

  Summary of Comments ( 109 )
  https://news.ycombinator.com/item?id=43030388

  Verbose tl;dr

  The Hacker News comments on "Tiny JITs for a Faster FFI" express skepticism about the practicality of tiny JITs in real-world scenarios. Several commenters question the performance gains, citing the overhead of the JIT itself and the potential for optimization by the host language's runtime. They argue that a well-optimized native library, or even careful use of the host language's FFI, could often outperform a tiny JIT. One commenter notes the difficulties of debugging and maintaining such a system, and another raises security concerns related to executing untrusted code. The overall sentiment leans towards established optimization techniques rather than introducing a new layer of complexity with a tiny JIT.

  The Hacker News post "Tiny JITs for a Faster FFI" has generated a moderate discussion with several interesting comments. Many of the comments revolve around the trade-offs and nuances of using Just-In-Time (JIT) compilation for Foreign Function Interfaces (FFIs).

  One commenter points out the performance benefits observed when using a simple JIT for Lua's FFI, highlighting a significant speedup. They further discuss the inherent costs associated with traditional FFIs, such as argument marshaling and context switching, which a JIT can mitigate. The commenter's experience adds practical weight to the article's premise.

  Another comment thread delves into the complexities of implementing a truly portable JIT given the variations in Application Binary Interfaces (ABIs) across different operating systems and architectures. This discussion highlights the challenge of creating a "tiny" and efficient JIT compiler that remains universally applicable. One participant suggests focusing on specific, commonly used platforms initially to simplify the development process.

  A separate commenter mentions the potential security implications of JIT compilation, particularly in scenarios involving untrusted code. They emphasize the need for careful consideration of security risks when incorporating JIT techniques into an FFI, especially when dealing with external libraries or user-provided code. This comment serves as a valuable reminder of the security considerations associated with dynamic code generation.

  Another comment discusses the existing use of small JITs in various projects like WebKit, suggesting that the concept presented in the article is not entirely novel. They link to a relevant talk about a register-based virtual machine with a JIT compiler used for JavaScriptCore, providing further context for those interested in existing implementations.

  Some comments briefly touch upon alternative approaches to optimizing FFIs, such as using code generation during build time or employing specialized libraries. While these suggestions are not explored in detail, they offer additional perspectives on addressing FFI performance bottlenecks.

  Finally, one comment questions the necessity of a JIT compiler in some cases, arguing that careful optimization of the FFI itself can often achieve comparable performance gains without the complexity of dynamic code generation. This counterpoint adds balance to the discussion and encourages consideration of alternative optimization strategies.

  Overall, the comments on Hacker News provide valuable insights into the potential benefits, challenges, and trade-offs associated with using tiny JIT compilers for FFIs. They expand upon the article's core ideas by exploring practical experiences, security considerations, existing implementations, and alternative optimization techniques.

• ML in Go with a Python Sidecar

  permalink

  Posted: 2024-11-11 17:44:42

  Verbose tl;dr

  This blog post explores using Go's strengths for web service development while leveraging Python's rich machine learning ecosystem. The author details a "sidecar" approach, where a Go web service communicates with a separate Python process responsible for ML tasks. This allows the Go service to handle routing, request processing, and other web-related functionalities, while the Python sidecar focuses solely on model inference. Communication between the two is achieved via gRPC, chosen for its performance and cross-language compatibility. The article walks through the process of setting up the gRPC connection, preparing a simple ML model in Python using scikit-learn, and implementing the corresponding Go service. This architectural pattern isolates the complexity of the ML component and allows for independent scaling and development of both the Go and Python parts of the application.

  Eli Bendersky's blog post, "ML in Go with a Python Sidecar," explores a practical approach to integrating machine learning (ML) models, typically developed and trained in Python, into applications written in Go. Bendersky acknowledges the strengths of Go for building robust and performant backend systems while simultaneously recognizing Python's dominance in the ML ecosystem, particularly with libraries like TensorFlow, PyTorch, and scikit-learn. Instead of attempting to replicate the extensive ML capabilities of Python within Go, which could prove complex and less efficient, he advocates for a "sidecar" architecture.

  This architecture involves running a separate Python process alongside the main Go application. The Go application interacts with the Python ML service through inter-process communication (IPC), specifically using gRPC. This allows the Go application to leverage the strengths of both languages: Go handles the core application logic, networking, and other backend tasks, while Python focuses solely on executing the ML model.

  Bendersky meticulously details the implementation of this sidecar pattern. He provides comprehensive code examples demonstrating how to define the gRPC service in Protocol Buffers, implement the Python server utilizing TensorFlow to load and execute a pre-trained model, and create the corresponding Go client to communicate with the Python server. The example focuses on a simple image classification task, where the Go application sends an image to the Python sidecar, which then returns the predicted classification label.

  The post highlights several advantages of this approach. Firstly, it enables clear separation of concerns. The Go and Python components remain independent, simplifying development, testing, and deployment. Secondly, it allows leveraging existing Python ML code and expertise without requiring extensive Go ML libraries. Thirdly, it provides flexibility for scaling the ML component independently from the main application. For example, the Python sidecar could be deployed on separate hardware optimized for ML tasks.

  Bendersky also discusses the performance implications of this architecture, acknowledging the overhead introduced by IPC. He mentions potential optimizations, like batching requests to the Python sidecar to minimize communication overhead. He also suggests exploring alternative IPC mechanisms besides gRPC if performance becomes a critical bottleneck.

  In summary, the blog post presents a pragmatic solution for incorporating ML models into Go applications by leveraging a Python sidecar. The provided code examples and detailed explanations offer a valuable starting point for developers seeking to implement a similar architecture in their own projects. While acknowledging the inherent performance trade-offs of IPC, the post emphasizes the significant benefits of this approach in terms of development simplicity, flexibility, and the ability to leverage the strengths of both Go and Python.

  • Go
  • Golang
  • Python
  • machine learning
  • ML
  • Sidecar
  • Microservices
  • Interoperability
  • Language Interoperability
  • Foreign Function Interface
  • FFI
  • cgo
  • Data Science
  • Software Architecture
  • performance
  • Efficiency
  • Programming Languages

  Summary of Comments ( 16 )
  https://news.ycombinator.com/item?id=42108933

  Verbose tl;dr

  HN commenters discuss the practicality and performance implications of the Python sidecar approach for ML in Go. Some express skepticism about the added complexity and overhead, suggesting gRPC or REST might be overkill for simple tasks and questioning the performance benefits compared to pure Python or using GoML libraries directly. Others appreciate the author's exploration of different approaches and the detailed benchmarks provided. The discussion also touches on alternative solutions like using shared memory or embedding Python in Go, as well as the broader topic of language interoperability for ML tasks. A few comments mention specific Go ML libraries like gorgonia/tensor as potential alternatives to the sidecar approach. Overall, the consensus seems to be that while interesting, the sidecar approach may not be the most efficient solution in many cases, but could be valuable in specific circumstances where existing Go ML libraries are insufficient.

  The Hacker News post titled "ML in Go with a Python Sidecar" (https://news.ycombinator.com/item?id=42108933) elicited a modest number of comments, generally focusing on the practicality and trade-offs of the proposed approach of using Python for machine learning tasks within a Go application.

  One commenter highlighted the potential benefits of this approach, especially for computationally intensive ML tasks where Go's performance might be a bottleneck. They acknowledged the convenience and rich ecosystem of Python's ML libraries, suggesting that leveraging them while keeping the core application logic in Go could be a sensible compromise. This allows for utilizing the strengths of both languages: Go for its performance and concurrency in handling application logic, and Python for its mature ML ecosystem.

  Another commenter questioned the performance implications of the inter-process communication between Go and the Python sidecar, particularly for real-time applications. They raised concerns about the overhead introduced by serialization and deserialization of data being passed between the two processes. This raises the question of whether the benefits of using Python for ML outweigh the performance cost of this communication overhead.

  One comment suggested exploring alternatives like using shared memory for communication between Go and Python, as a potential way to mitigate the performance overhead mentioned earlier. This alternative approach aims to optimize the data exchange by avoiding the serialization/deserialization steps, leading to potentially faster processing.

  A further comment expanded on the shared memory idea, specifically mentioning Apache Arrow as a suitable technology for this purpose. They argued that Apache Arrow’s columnar data format could further enhance the performance and efficiency of data exchange between the Go and Python processes, specifically highlighting zero-copy reads for improved efficiency.

  The discussion also touched upon the complexity introduced by managing two separate processes and the potential challenges in debugging and deployment. One commenter briefly discussed potential deployment complexities with two processes and debugging. This contributes to a more holistic view of the proposed architecture, considering not only its performance characteristics but also the operational aspects.

  Another commenter pointed out the maturity and performance improvements in Go's own machine learning libraries, suggesting they might be a viable alternative in some cases, obviating the need for a Python sidecar altogether. This introduces the consideration of whether the proposed approach is necessary in all scenarios, or if native Go libraries are sufficient for certain ML tasks.

  Finally, one commenter shared an anecdotal experience, confirming the practicality of the Python sidecar approach. They mentioned successfully using a similar setup in production, lending credibility to the article's proposal. This real-world example provides some validation for the discussed approach and suggests it's not just a theoretical concept but a practical solution.