←back to thread

OpenVMM – A New VMM for Windows and Linux, Written in Rust

(github.com)
171 points g0xA52A2A | 6 comments | 17 Oct 24 05:42 UTC | HN request time: 0.685s | source | bottom
1. Vogtinator ◴[17 Oct 24 13:26 UTC] No.41869463[source]
Cargo.lock has 8750 lines. Is that normal for something like this?

For comparison, QEMU basically just needs glibc, glib and zlib for basic functionality.

replies(3): >>41869582 #>>41869918 #>>41870617 #
2. orangeboats ◴[17 Oct 24 13:40 UTC] No.41869582[source]
Looking at Cargo.toml, a great deal of the project's dependencies are internal dependencies. Those are located in the same repo, and the separation is only there to help keep the compile times manageable by allowing parallel compilation.

It's very rare to see so many internal dependencies in one project, but the concept itself is well explored.

But besides that, it's just the project making use of the Rust ecosystem instead of rolling everything by themselves. From what I can see most of these external dependencies are already established in the ecosystem (some crates I am not sure since I've never used them, but anyhow, http, hyper etc. are among the most popular crates).

replies(1): >>41869885 #
3. dicytea ◴[17 Oct 24 14:14 UTC] No.41869885[source]
> the separation is only there to help keep the compile times manageable

I don't think that's the reason, at least not the only reason. Workspaces is just a nice and modular way to organize a big project and separate concerns.

4. pornel ◴[17 Oct 24 14:18 UTC] No.41869918[source]
Cargo.lock is not ideal for this. It needs to be portable, and cover all kinds of builds and test runs, so it contains a superset of all dependencies for all platforms (recursively), as well as development-only dependencies, and everything needed for all optional features.

Running `cargo tree -e normal` gives a more realistic subset of what is actually used, and `cargo tree -e normal --no-default-features` gives you the "basically just needs" subset.

Another thing to keep in mind that Rust projects are very often split into many small packages (from the same authors, published as part of the same project). That isn't more code or more dependencies, but merely delivering code not as one monolith, but as modular components.

5. geodel ◴[17 Oct 24 15:33 UTC] No.41870617[source]
Cargo.toml is more appropriate to check dependencies and that has 642 lines. Some of them maybe just for testing or project setup. Remove them all I think it still would leave you with few hundred dependencies. And that does not seem excessive for a Rust project specially from Microsoft.

I mention Microsoft specifically because their Go projects are similarly excessive in dependencies even though higher quality Go projects do have fewer dependencies.

replies(1): >>41870902 #
6. gpm ◴[17 Oct 24 16:02 UTC] No.41870902[source]
External dependencies only start on line 354 of that file, and end on line 503. The rest is internal dependencies (within the repository), and build config.

It's a different metric all together though, since it doesn't show transitive dependencies only direct dependencies (and as you suggest it doesn't distinguish between actual dependencies and testing dependencies because it's a workspace cargo.toml). As someone else suggested, using a program like cargo tree is the most appropriate.

It's also worth putting this in context that there's half a million lines of rust code in this repository.