{"id":13437705,"url":"https://github.com/google/wuffs","last_synced_at":"2025-05-13T19:11:47.879Z","repository":{"id":37664113,"uuid":"110482267","full_name":"google/wuffs","owner":"google","description":"Wrangling Untrusted File Formats Safely","archived":false,"fork":false,"pushed_at":"2025-04-24T04:45:55.000Z","size":37698,"stargazers_count":4477,"open_issues_count":32,"forks_count":139,"subscribers_count":85,"default_branch":"main","last_synced_at":"2025-04-27T20:04:50.890Z","etag":null,"topics":["codec","memory-safety","parsing","programming-language"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/google.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":"AUTHORS","dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-11-13T00:44:45.000Z","updated_at":"2025-04-27T02:25:46.000Z","dependencies_parsed_at":"2024-02-21T12:27:40.541Z","dependency_job_id":"67e8f0f4-4ed8-4dd9-b084-227c84a89722","html_url":"https://github.com/google/wuffs","commit_stats":{"total_commits":3840,"total_committers":15,"mean_commits":256.0,"dds":0.005729166666666674,"last_synced_commit":"d662ef548401b62e3addbd5df34056cfa83ee184"},"previous_names":["google/puffs"],"tags_count":35,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fwuffs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fwuffs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fwuffs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/google%2Fwuffs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/google","download_url":"https://codeload.github.com/google/wuffs/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254010813,"owners_count":21998993,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["codec","memory-safety","parsing","programming-language"],"created_at":"2024-07-31T03:00:59.496Z","updated_at":"2025-05-13T19:11:47.861Z","avatar_url":"https://github.com/google.png","language":"C","readme":"Wuffs is a **memory-safe programming language** (and a **standard library**\nwritten in that language) for **Wrangling Untrusted File Formats Safely**.\nWrangling includes parsing, decoding and encoding. Example file formats include\nimages, audio, video, fonts and compressed archives.\n\nIt is [**\"ridiculously\nfast\"**](https://twitter.com/richgel999/status/1481027198530248714).\n\n![Screenshot of a tweet saying \"ridiculously\nfast\"](./test/data/ridiculously-fast.png)\n\nPer its [benchmarks](/doc/benchmarks.md) and other linked-to blog posts:\n\n- It can decode bzip2 **[1.3x faster than `/usr/bin/bzcat`\n  (C)](https://nigeltao.github.io/blog/2022/wuffs-bzip2-decoder.html)**.\n- It can decode deflate up to **1.4x faster than zlib-the-library (C)**.\n- It can decode GIF **2x-6x faster than \"giflib\" (C), \"image/gif\" (Go) and\n  \"gif\" (Rust)**.\n- It can decode PNG **[1.2x-2.7x faster than \"libpng\" (C), \"image/png\" (Go) and\n  \"png\"\n  (Rust)](https://nigeltao.github.io/blog/2021/fastest-safest-png-decoder.html)**.\n\n\n## Goals and Non-Goals\n\nWuffs' goal is to produce software libraries that are as safe as Go or Rust,\nroughly speaking, but as fast as C, and that can be used anywhere C libraries\nare used. This includes very large C/C++ projects, such as popular web browsers\nand operating systems (using that term to include desktop and mobile user\ninterfaces, not just the kernel).\n\n[Wuffs the Library](/doc/wuffs-the-library.md) is [available](/release/c) as\ntranspiled C code. Other C/C++ projects can **use that library without\nrequiring the [Wuffs the Language](/doc/wuffs-the-language.md) toolchain**.\nThose projects can use Wuffs the Library like using any other third party C\nlibrary. It's just not hand-written C.\n\nHowever, unlike hand-written C, Wuffs the Language is safe with respect to\nbuffer overflows, integer arithmetic overflows and null pointer dereferences. A\nkey difference between Wuffs and other memory-safe languages is that **all such\nchecks are done at compile time, not at run time**. If it compiles, it is safe,\nwith respect to those three bug classes.\n\nThe trade-off in aiming for both safety and speed is that Wuffs programs take\nlonger for a programmer to write, as they have to **explicitly annotate their\nprograms with proofs of safety**. A statement like `x += 1` unsurprisingly\nmeans to increment the variable `x` by `1`. However, in Wuffs, such a statement\nis a compile time error unless the compiler can also prove that `x` is not the\nmaximal value of `x`'s type (e.g. `x` is not `255` if `x` is a `base.u8`), as\nthe increment would otherwise overflow. Similarly, an integer arithmetic\nexpression like `x / y` is a compile time error unless the compiler can also\nprove that `y` is not zero.\n\n\n## Hermeticity\n\nWuffs is not a general purpose programming language. **It is for writing\nlibraries, not programs**. Wuffs code is [hermetic](/doc/note/hermeticity.md)\nand can only compute (e.g. convert \"compressed bytes\" to \"decompressed bytes\").\n**It cannot make any syscalls** (e.g. it has no ambient authority to read your\nfiles), implying that it cannot allocate or free memory (and is therefore\ntrivially safe against things like memory leaks, use-after-frees and\ndouble-frees).\n\nIt produces [Sans I/O style](https://sans-io.readthedocs.io/) libraries (but C\nlibraries, not Python), meaning that they are agnostic to ['function\ncolors'](https://journal.stuffwithstuff.com/2015/02/01/what-color-is-your-function/).\nThey can be combined with synchronous or asynchronous I/O, as the library\ncaller (not library implementation) is responsible for the actual I/O.\n\nThe idea isn't to write your whole program in Wuffs, **only the parts that are\nboth performance-conscious and security-conscious**. For example, while\ntechnically possible, it is unlikely that a Wuffs compiler would be worth\nwriting entirely in Wuffs.\n\n\n## What Does Wuffs Code Look Like?\n\nThe [`/std/lzw/decode_lzw.wuffs`](/std/lzw/decode_lzw.wuffs) file is a good\nexample. The [Wuffs the Language](/doc/wuffs-the-language.md) document has more\ninformation on how it differs from other languages in the C family.\n\n\n## What Does Compile Time Checking Look Like?\n\nFor example, making this one-line edit to the LZW codec leads to a compile time\nerror. `wuffs gen` fails to generate the C code, i.e. fails to compile\n(transpile) the Wuffs code to C code:\n\n```diff\ndiff --git a/std/lzw/decode_lzw.wuffs b/std/lzw/decode_lzw.wuffs\nindex f878c5e..f10dcee 100644\n--- a/std/lzw/decode_lzw.wuffs\n+++ b/std/lzw/decode_lzw.wuffs\n@@ -98,7 +98,7 @@ pub func lzw_decoder.decode?(dst ptr buf1, src ptr buf1, src_final bool)() {\n                        in.dst.write?(x:s)\n\n                        if use_save_code {\n-                               this.suffixes[save_code] = c as u8\n+                               this.suffixes[save_code] = (c + 1) as u8\n                                this.prefixes[save_code] = prev_code as u16\n                        }\n```\n\n```\n$ wuffs gen std/gif\ncheck: expression \"(c + 1) as u8\" bounds [1 ..= 256] is not within bounds [0 ..= 255] at\n/home/n/go/src/github.com/google/wuffs/std/lzw/decode_lzw.wuffs:101. Facts:\n    n_bits \u003c 8\n    c \u003c 256\n    this.stack[s] == (c as u8)\n    use_save_code\n```\n\nIn comparison, this two-line edit will compile (but the \"does it decode GIF\ncorrectly\" tests then fail):\n\n```diff\ndiff --git a/std/lzw/decode_lzw.wuffs b/std/lzw/decode_lzw.wuffs\nindex f878c5e..b43443d 100644\n--- a/std/lzw/decode_lzw.wuffs\n+++ b/std/lzw/decode_lzw.wuffs\n@@ -97,8 +97,8 @@ pub func lzw_decoder.decode?(dst ptr buf1, src ptr buf1, src_final bool)() {\n                        // type checking, bounds checking and code generation for it).\n                        in.dst.write?(x:s)\n\n-                       if use_save_code {\n-                               this.suffixes[save_code] = c as u8\n+                       if use_save_code and (c \u003c 200) {\n+                               this.suffixes[save_code] = (c + 1) as u8\n                                this.prefixes[save_code] = prev_code as u16\n                        }\n```\n\n```\n$ wuffs gen std/gif\ngen wrote:      /home/n/go/src/github.com/google/wuffs/gen/c/gif.c\ngen unchanged:  /home/n/go/src/github.com/google/wuffs/gen/h/gif.h\n$ wuffs test std/gif\ngen unchanged:  /home/n/go/src/github.com/google/wuffs/gen/c/gif.c\ngen unchanged:  /home/n/go/src/github.com/google/wuffs/gen/h/gif.h\ntest:           /home/n/go/src/github.com/google/wuffs/test/c/gif\ngif/basic.c     clang   PASS (8 tests run)\ngif/basic.c     gcc     PASS (8 tests run)\ngif/gif.c       clang   FAIL test_lzw_decode: bufs1_equal: wi: got 19311, want 19200.\ncontents differ at byte 3 (in hex: 0x000003):\n  000000: dcdc dc00 00d9 f5f9 f6df dc5f 393a 3a3a  ..........._9:::\n  000010: 3a3b 618e c8e4 e4e4 e5e4 e600 00e4 bbbb  :;a.............\n  000020: eded 8f91 9191 9090 9090 9190 9192 9192  ................\n  000030: 9191 9292 9191 9293 93f0 f0f0 f1f1 f2f2  ................\nexcerpts of got (above) versus want (below):\n  000000: dcdc dcdc dcd9 f5f9 f6df dc5f 393a 3a3a  ..........._9:::\n  000010: 3a3a 618e c8e4 e4e4 e5e4 e6e4 e4e4 bbbb  ::a.............\n  000020: eded 8f91 9191 9090 9090 9090 9191 9191  ................\n  000030: 9191 9191 9191 9193 93f0 f0f0 f1f1 f2f2  ................\n\ngif/gif.c       gcc     FAIL test_lzw_decode: bufs1_equal: wi: got 19311, want 19200.\ncontents differ at byte 3 (in hex: 0x000003):\n  000000: dcdc dc00 00d9 f5f9 f6df dc5f 393a 3a3a  ..........._9:::\n  000010: 3a3b 618e c8e4 e4e4 e5e4 e600 00e4 bbbb  :;a.............\n  000020: eded 8f91 9191 9090 9090 9190 9192 9192  ................\n  000030: 9191 9292 9191 9293 93f0 f0f0 f1f1 f2f2  ................\nexcerpts of got (above) versus want (below):\n  000000: dcdc dcdc dcd9 f5f9 f6df dc5f 393a 3a3a  ..........._9:::\n  000010: 3a3a 618e c8e4 e4e4 e5e4 e6e4 e4e4 bbbb  ::a.............\n  000020: eded 8f91 9191 9090 9090 9090 9191 9191  ................\n  000030: 9191 9191 9191 9193 93f0 f0f0 f1f1 f2f2  ................\n\nwuffs-test-c: some tests failed\nwuffs test: some tests failed\n```\n\n# Directory Layout\n\n- `lang` holds the Go libraries that implement Wuffs the Language: tokenizer,\n  AST, parser, renderer, etc. The Wuffs tools are written in Go, but as\n  mentioned above, Wuffs transpiles to C code, and Go is not necessarily\n  involved if all you want is to use the C edition of Wuffs.\n- `lib` holds other Go libraries, not specific to Wuffs the Language per se.\n- `internal` holds internal implementation details, as per Go's [internal\n  packages](https://golang.org/s/go14internal) convention.\n- `cmd` holds Wuffs the Language' command line tools, also written in Go.\n- `std` holds Wuffs the Library's code.\n- `release` holds the releases (e.g. in their C form) of Wuffs the Library.\n- `test` holds the regular tests for Wuffs the Library.\n- `fuzz` holds the fuzz tests for Wuffs the Library.\n- `script` holds miscellaneous utility programs.\n- `doc` holds documentation.\n- `example` holds example programs for Wuffs the Library.\n- `hello-wuffs-c` holds an example program for Wuffs the Language.\n\n\n# Building\n\nSee the [BUILD](/BUILD.md) instructions.\n\n\n# Documentation\n\n- [Getting Started](/doc/getting-started.md). **Start here** if you want to\n  play but aren't sure how (and [BUILD](/BUILD.md) doesn't help).\n- [Background](/doc/background.md).\n- [Benchmarks](/doc/benchmarks.md).\n- [Binary Size](/doc/binary-size.md).\n- [Changelog](/doc/changelog.md).\n- [Glossary](/doc/glossary.md).\n- [Related Work](/doc/related-work.md).\n- [Roadmap](/doc/roadmap.md).\n- [Wuffs the Language](/doc/wuffs-the-language.md) overview.\n- [Wuffs the Library](/doc/wuffs-the-library.md) overview and see also [API\n  categories](/doc/std).\n\nThe [Note](/doc/note) directory also contains various short articles.\n\n\n# Non-C/C++ Languages\n\n- [dev0x13/pywuffs](https://github.com/dev0x13/pywuffs) holds Python bindings\n  for Wuffs the Library.\n- Bindings for Go, Rust and other languages are tracked as [issue\n  #38](https://github.com/google/wuffs/issues/38).\n\n\n# Status\n\nVersion 0.3 (April 2023) is the latest stable version. Stable means that\nits API won't change any further, but being a \"version 0.x\" means that:\n\n- It will not have long term support.\n- Newer versions make no promises about compatibility.\n\nThe compiler undoubtedly has bugs. Assertion checking needs more rigor,\nespecially around side effects and aliasing, and being sufficiently well\nspecified to allow alternative implementations. Lots of detail needs work, but\nthe broad brushstrokes are there.\n\nNonetheless, Wuffs' GIF decoder has shipped in the Google Chrome web browser\n[since June\n2021](https://chromium-review.googlesource.com/c/chromium/src/+/2940044)\n(milestone M93). See also the [\"ridiculously\nfast\"](https://twitter.com/richgel999/status/1481027198530248714) tweet already\nmentioned above.\n\n\n# Discussion\n\nThe mailing list is at\n[https://groups.google.com/forum/#!forum/wuffs](https://groups.google.com/forum/#!forum/wuffs).\n\n\n# Contributing\n\nThe [CONTRIBUTING.md](/CONTRIBUTING.md) file contains instructions on how to\nfile the Contributor License Agreement before sending any pull requests (PRs).\nOf course, if you're new to the project, it's usually best to discuss any\nproposals and reach consensus before sending your first PR.\n\nSource code is [auto-formatted](/doc/note/auto-formatting.md).\n\n\n# License\n\nThis software is distributed under the terms of both the MIT license and the\nApache License (Version 2.0).\n\nSee LICENSE for details.\n\n\n# Disclaimer\n\nThis is not an official Google product, it is just code that happens to be\nowned by Google.\n\n\n# Mascot\n\nTony is an arse-kicking wombat who loves playing\n[full-forward](https://en.wikipedia.org/wiki/Full-forward) and hates buffer\noverflows.\n\n![WUFFS Logo](./doc/logo/wuffs-acronym-logo-1536x1024.png)\n\n\n---\n\nUpdated on November 2023.\n","funding_links":[],"categories":["C","Structure definition","Uncategorized","\u003ca id=\"1d9dec1320a5d774dc8e0e7604edfcd3\"\u003e\u003c/a\u003e工具-新添加的","Other"],"sub_categories":["Uncategorized","\u003ca id=\"8f1b9c5c2737493524809684b934d49a\"\u003e\u003c/a\u003e文章\u0026\u0026视频"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fwuffs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgoogle%2Fwuffs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgoogle%2Fwuffs/lists"}