Show HN: A pure ARM64 Assembly web server, now on Linux with CGI for no reason
github.comThis is ymawky, a now-dynamic web server written entirely in ARM64 Assembly. I've previously posted about ymawky here: https://news.ycombinator.com/item?id=48080587
In the past month and a half, I've made some pretty major improvements: I've added CGI scripting support, so the server now supports query strings and dynamic content; and I've fully ported ymawky to run on Linux, rather than macOS-only.
In addition to GET/PUT/HEAD/DELETE/OPTIONS requests, because of CGI support ymawky also accepts POST requests (only to CGI resources for now).
I've also updated the more detailed writeup to reflect CGI support and the Linux port: https://imtomt.github.io/ymawky/
> written entirely by-hand in ARM64 assembly as a fun project. It's probably got a lot of vulnerabilities I'm unaware of
Impressive, but that second part worries me. I hope one day AI security scans upon commit (or integrated in the IDE) will alleviate that risk.
What's the current security gold standard for web servers? Hiawatha? https://hiawatha.leisink.net/
Hiawatha is written in C, and so despite its security posture, it probably contains vulnerabilities.
I love it :-)
Back in the distant past I wrote some really big ARM 32 assembly projects. 64 bit ARM is really very similar!
I had a look through the code. Some ENTRY/EXIT macros to help with the drudgery of save restore registers & stack frame would probably help. Also some register renaming would help readability (eg if a register points to incoming data throughout a subroutine rename it pdata).
I salute your effort and please enjoy the core dumps :-)
RISC OS had some amazing apps written ARM26/32 -- my teenage mind was boggled
Is an assembly webserver more performant than webservers written in other languages? Are there any hard limits on how much you can squeeze when using a particular framework?
I love projects like this because I think eventually all common computing tasks will be broken down in constituent most computationally optimized components
This isn't a bad thing per se. I imagine this could be a thing for an embedded side project or a tiny rescue system.
Edit: or learning arm64 assembly :)
"raw syscalls only: no libc wrappers"
insane! i wonder how many times you have spent to learn about them!
Like one time? It is like any other API. You look it up, study the parameters (in this case you need to look up in which register is what argument expected) and off it goes.
You wrote this by hand? Impressive.
Cool. I particularly like the O'Reilly book cover that never was. Although I fear you may have misunderstood what wasm is...
Question/critique. Isn't getting the mime type by file extension a bit windowsy? Would it not be easier to read the magic number when you're at the assembly level?
You could argue well, if you have to open the file to read it anyway may as well look for magic numbers.
That doesn't work well with text documents which won't have any kind of magic number. So now you're doing some heuristics to determine is this text/plain, text/html, text/svg? You're pretty much just guessing at that point.
A good number of file formats out there are just Zip files with a particular structure. JAR files, docx - so relying on magic numbers doesn't really work for those, either.
Also to service a HEAD request you'd have to open the file and read a few bytes that you just discard.
If you just do it by extensions you don't need to read files at all or perform heuristics, and no ambiguity for what mimetypes to use for text documents, zip-based formats, etc.
Ahh, this little gem ported to Linux, great! That opens much more possibilities to play with it, thanks
arm64 is an IP-locked ISA, namely it is not worth assembly writting, stick to plain and simple C.
RISC-V is. I am self-hosting many of my internet thingies. I plan to move to RISC-V only hardware and to rewrite my internet software directly in mono-threaded paranoid RISC-V assembly.
> arm64 is an IP-locked ISA, namely it is not worth assembly writting
Why is that a problem? Google search returns 3K page arm64 ISA manual. What else do you need to write asm?
Nothing else, I think what the're more concerned with is how open an architecture is.
I think with RISC-V if you wanted to design your own chips and stuff you can just do it, whereas ARM doesn't let you do that.
I'm not about to build my own chips so it doesn't matter all that much to me but I understand where the person is coming from. They'd rather write assembly for the more open architecture.
There's critical security flaws in this web server. Consult your local LLM for a security analysis.