The lexical crate maintenance status has been called into question while being affected by several soundness issues, as explained in RUSTSEC-2023-0055. However, as far as I can see, we don't really need to use lexical in the GLSL preprocessor:
For parsing #version numbers, lexical didn't provide results that complied with my interpretation of the GLSL specification, which I explained in a code comment, and that I believe motivated a TODO item to move on from lexical. Moreover, as #version directives are expected to be infrequent (usually, at most once per translation unit), I don't think it's worth to bloat our dependencies with atoi(_simd|_radix10), as #version numbers are tiny 16-bit integers where SIMD and bitwise optimizations have a neglible performance impact, so these changes go for simplicity and use the INT and UINT token parsing routines to parse these.
For parsing floating point numbers, modern Rust stdlib versions ship a performant algorithm proposed by lexical's author, which negates previous performance gaps between both implementations. Therefore, just use the standard parsing functions in these cases.
As far as I am aware, these changes are not semver-breaking because the modified VersionError enum was never exposed outside of the lang-pp crate.
I'm also working on a PR to update all the dependencies to their latest versions, including syn, logos and lalrpop, to bring these crates up to the most used dependency versions in the ecosystem and reduce build time and dependency tree size. However, these updates are a bit more involved (I ran into issues like https://github.com/TedDriggs/darling/issues/238 with the lang_util::Token derive macro), so I'll be completing the updates over the next days.
The
lexicalcrate maintenance status has been called into question while being affected by several soundness issues, as explained inRUSTSEC-2023-0055. However, as far as I can see, we don't really need to uselexicalin the GLSL preprocessor:#versionnumbers,lexicaldidn't provide results that complied with my interpretation of the GLSL specification, which I explained in a code comment, and that I believe motivated a TODO item to move on fromlexical. Moreover, as#versiondirectives are expected to be infrequent (usually, at most once per translation unit), I don't think it's worth to bloat our dependencies withatoi(_simd|_radix10), as#versionnumbers are tiny 16-bit integers where SIMD and bitwise optimizations have a neglible performance impact, so these changes go for simplicity and use the INT and UINT token parsing routines to parse these.lexical's author, which negates previous performance gaps between both implementations. Therefore, just use the standard parsing functions in these cases.As far as I am aware, these changes are not semver-breaking because the modified
VersionErrorenum was never exposed outside of thelang-ppcrate.I'm also working on a PR to update all the dependencies to their latest versions, including
syn,logosandlalrpop, to bring these crates up to the most used dependency versions in the ecosystem and reduce build time and dependency tree size. However, these updates are a bit more involved (I ran into issues like https://github.com/TedDriggs/darling/issues/238 with thelang_util::Tokenderive macro), so I'll be completing the updates over the next days.