-
I don’t really understand the huge variety of languages in these things. Chromium is mostly C/C++, okay. And I suppose they need some JS around for internal UI stuff. I suppose it makes sense to have some Python in there too for build automation or something. But why do they need Python and Ruby and Perl and PHP? And Lisp and Go and Scheme and R and Powershell and Sed and so on? I have to wonder if there are good reasons for all that, or if these projects need some language synchronization.
-
But why do they need Python and Ruby and Perl and PHP?
An attempt at an explanation:
PythonMost integration test running infrastructure inherited from WebKit was written in and continues to be written in Python. You can see this lineage comparing Chromium and WebKit’s source trees:
All Python files: https://cs.chromium.org/search/?q=lang:%5Epython$&p=2&sq=package:chromium&type=cs
RubyOne thing we used Ruby for was for a tiny utility for formatting patch files. We just replaced it (CL). There are some other random files.
All Ruby files: https://cs.chromium.org/search/?q=lang:%5Eruby$&sq=package:chromium&type=cs
PerlChromium actually vendors in a copy of the Perl language.
All Perl files: https://cs.chromium.org/search/?q=lang:%5Eperl$&sq=package:chromium&type=cs
PHPMany manual tests are written in PHP since (for better or worse) it’s easy.
All PHP files: https://cs.chromium.org/search/?q=lang:%5EPHP$&sq=package:chromium&type=cs
Other languages- Lisp - can’t find any in search
- Go - all new infrastructure projects in Chromium are written in Go
- Scheme - there is one scheme file… in V8
- R - two one-off scripts
- Powershell - 7 one-off scripts
or if these projects need some language synchronization
Contributions welcome! :)
(but seriously, if you are interested, I’m at jeffcarp@chromium.org for any questions)
To try to answer the question more directly: code gets written in many languages and it takes SWE hours to rewrite it in a different language. If you’re choosing between investigating a P1 bug and rewriting something that already works in a different language, time usually gets spent on the P1 bug.
(source: I work on the Chrome infrastructure team)
-
-
-
-
-
Interesting, thanks for finding all of that! Looks like Chromium has a lot more third-party libs and testing infrastructure than I thought.
I may just take a look at some of the open-source infrastructure there, though I doubt I’ll have the time or energy to try and make contributions.
-
-
Here’s the code if anyone wants to browse: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcsi/
-
1Password as the source of truth for everything (sans browser extension) and Chrome autofill for day-to-day usage.
Edit: this thread is really great for telling people exactly how to spearfish you :0
-
Is the birthday paradox correct in this case? We’re not looking for any two coins the same colour, we’re looking for a coin the same colour as the one we already have?
-
-
Nice post Jeff.
2^256 is about 10^77, which happens to be an estimate for the number of atoms in the universe.
I really like your blog layout. Have you published the code?
-
Thanks! It’s using this Hugo theme https://github.com/htr3n/hyde-hyde with some tiny modifications.
-
-
The author seems to think that second preimage attack and collission attack are the same. They’re not.
Second preimage attack: Given a hash function H and an input X find Y so that H(X)=H(Y) and X!=Y.
Collission attack: Given only a hash function find X, Y so that H(X) = H(Y).
This is a major difference. There are plenty of hash functions that are vulnerable to the second, but not the first (most notably MD5, SHA1).
-
-
ROP is a super ingenious (and scary) attack. If you’re looking to read more into it, check out this paper about automating the process of “blindly” finding ROP gadgets over the network to hijack control flow on a remote machine: http://www.scs.stanford.edu/brop/bittau-brop.pdf
-
Yes, a thousand times yes 🙌
Hi I’m Jeff and I have a couple posts about cryptography and engineering productivity (like pair programming). https://www.jeffcarp.com/