-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SharedArrayBuffer and postMessage() #4732
Comments
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Closes #4732.
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Closes #4732.
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Closes #4732.
Folding #4872 into this, we'll expose this COOP+COEP state in JavaScript as Also, you can now play with this in Firefox Nightly: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes. |
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Additionally, it exposes this state through self.crossOriginIsolated. Tests: see links in #4732. Closes #4732.
It looks It seems now every dynamic created script can't use sharedArrayBuffer to share data on firefox nightly(74.0a1 (2020-01-06)). The most worst thing, it break feature detection of If blocking this is actually desired, maybe we should hide the whole constructor instead so it won't break backward compatibility? Some script break by current implementation i found: |
That's something we should fix (and specify).
This is by design to not "fragment" JavaScript. |
@mmis1000 do you have an example of |
@mmis1000 I'd really appreciate it if you could look into this one more time. |
This change to It seems like this change would essentially break every app that currently uses Do we know for sure that this proposal is final? We ideally want to patch our API before this is live in FF (seems like this is currently in the next version?) |
This is still the plan of action, yes. (And yes, Firefox 75 might have |
This seems to be rolling out with Firefox 74 since it's already broken at: https://developers.arcgis.com/javascript/latest/sample-code/layers-featurelayer/live/index.html There's no mention of this in either of these: |
At the moment, the 74 is still in early beta, so |
Hmm I guess I'm just kind of confused on this point. Without the serialization/deserialization, there's no use-case for This is further complicated by the fact that browsers already do support function hasSharedMemory() {
const hasSharedArrayBuffer = "SharedArrayBuffer" in global;
const notCrossOriginIsolated = global.crossOriginIsolated === false;
return hasSharedArrayBuffer && !notCrossOriginIsolated;
} Breaking feature detection in this way is also kind of scary for using new browser features going forward. I suppose one could argue that new JS standards should be treated skeptically until they are fully implemented by all browsers. |
|
Apologies for not engaging here earlier. It's also V8's preference to gate the existence of the @annevk I take the "don't make language features conditional" point, but pragmatism here trumps that IMO. I find the argument from @mmgeorge compelling: browsers that don't implement Could we change this? Edit: To preempt |
We haven't seen any breakage in the Firefox Nightly/Beta landscape thus far from having And the reason to have For a plan communicated well over a year ago and reiterated at various points this is also an extremely late request for change. cc @lukewagner |
The SharedArrayBuffer don't even work with TextEncoder/TextDecoder. |
It does per spec. That part is not implemented in Gecko yet, looks like... |
Another potential benefit of having SAB always be available, while keeping only |
For not engaging here until so late, that's on us. You're right that this request for change is very late. This slipped through the cracks in V8 and Chrome for too long. This request isn't lightly made: we don't want to break a non-trivial population of real-world users. Data
The Chrome team has gathered data that shows there will be real-world breakage. SAB use is at just under 1.25% among all pageloads in Chrome and growing. Until we ship COOP+COEP, Edit: I said something previously that suggests Chrome turned off the SAB constructor. It has been and remains still available on platforms with site isolation until COOP+COEP ships. We also collected the top scripts that use SABs. I went through the top 4 to see how they're used. Relevant pretty-printed snippets below: https://static.adsafeprotected.com/sca.17.4.114.js function() {
if (
"function" == typeof SharedArrayBuffer &&
util.fnc(SharedArrayBuffer)
)
try {
var a = new SharedArrayBuffer(1024);
if (
"[object SharedArrayBuffer]" == a.toString() &&
a.byteLength &&
1024 === a.byteLength
)
try {
SharedArrayBuffer(1024);
} catch (a) {
return !0;
}
} catch (a) {}
return !1;
} That function is then used to check if SABs can be used. https://meetfam.com/static/fam/fam.ad180408bcd0b1f105e5.js var sharedProfilingBuffer = enableProfiling ? // $FlowFixMe Flow doesn't know about SharedArrayBuffer
typeof SharedArrayBuffer === 'function' ? new SharedArrayBuffer(profilingStateSize * Int32Array.BYTES_PER_ELEMENT) : // $FlowFixMe Flow doesn't know about ArrayBuffer
typeof ArrayBuffer === 'function' ? new ArrayBuffer(profilingStateSize * Int32Array.BYTES_PER_ELEMENT) : null // Don't crash the init path on IE9
: null; These ultimately all come from React or inlined parts of React. React's profiling feature uses a Next stepsV8's engagement is indeed late. At the same time, not breaking our existing users is the higher order concern. Is the data compelling enough to consider the change? Non-detachable ArrayBuffers
For the non-detachable use case, that seems like a useful feature to add to ArrayBuffers themselves. I'd be happy to champion such a thing. |
I don't think that's necessarily true. Hosts can provide under-the-hood shared buffers without giving users the ability to create new ones via an exposed Edit: Put another way, I see no reason to gate future Web APIs that want to vend SABs on the decision of the visibility of the constructor. |
I'm talking about future Web APIs that, motivated by the general performance theme of "APIs shouldn't perform allocations; they should write into views of buffers/memories allocated by client code", accept a view to a SAB so that they can write into it racily from another thread. So client JS code needs to be able to create the SAB to use the Web API. (Yes, a workaround could be defining some new function for constructing SABs.) |
@syg Huh? I was speaking to the fact that Anne was showing there's a way to get an ArrayBuffer with shared enabled in JS. Although, perhaps I misunderstood the purpose of the comment. Maybe what Anne was saying is: Why disable the SAB constructor if you can just get a SAB via Wasm? Which is a question I'd also like to know the answer to. |
@kmiller68 The reasoning for how we arrived at this point is as follows. The fact that you can get a SAB out of a shared wasm memory is intentional even when the I requested on behalf of Chrome that we also gate the |
I started updating existing tests at web-platform-tests/wpt#22358 to account for not exposing the constructor all the time. I'll specify it as part of #4734 I think. (@syg and I discussed the possibility of exposing the constructor on some globals, but V8 were not in favor and I don't feel particularly strongly about it.) |
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Additionally, it exposes this state through self.crossOriginIsolated. Tests: see links in #4732. Closes #4732.
All tests have outstanding PRs now. Deleting the constructor is specified in the aforementioned PR. https://bugzilla.mozilla.org/show_bug.cgi?id=1624266 tracks aligning Firefox with this change. Review of all of this appreciated. |
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Additionally, it exposes this state through self.crossOriginIsolated. Tests: see links in #4732. Closes #4732.
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Additionally, it exposes this state through self.crossOriginIsolated. Tests: see links in #4732. Closes #4732.
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes #5368, fixes #5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: #4916, #4919, #4930 #5223, and #5391. (As well as defining cross-origin isolated, per #4732.)
This depends on the work to add Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy. It specifies how postMessage() is affected when both those headers are set for the agent clusters they impact. Additionally, it exposes this state through self.crossOriginIsolated. Tests: see links in #4732. Closes #4732.
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side). This change also: * Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons. * Gates SharedArrayBuffer sharing behind that primitive. * Exposes it through self.crossOriginIsolated. * Makes document.domain return before it mutates the origin. * Makes agent clusters keyed on origin. Tests: * web-platform-tests/wpt#17719 * web-platform-tests/wpt#17760 * web-platform-tests/wpt#17761 * web-platform-tests/wpt#17802 * web-platform-tests/wpt#17909 * web-platform-tests/wpt#18543 * web-platform-tests/wpt#20116 * web-platform-tests/wpt#22358 Closes #4732. Closes #5122. Closes #5444. Follow-up: #5435.
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side). This change also: * Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons. * Gates SharedArrayBuffer sharing behind that primitive. * Exposes it through self.crossOriginIsolated. * Makes document.domain return before it mutates the origin. * Makes agent clusters keyed on origin. Tests: * web-platform-tests/wpt#17719 * web-platform-tests/wpt#17760 * web-platform-tests/wpt#17761 * web-platform-tests/wpt#17802 * web-platform-tests/wpt#17909 * web-platform-tests/wpt#18543 * web-platform-tests/wpt#20116 * web-platform-tests/wpt#22358 Closes #4732. Closes #5122. Closes #5444. Follow-up: #5435 (and #5362).
Merges https://github.com/WICG/cross-origin-embedder-policy into HTML. Associated PRs: * whatwg/fetch#1030 * w3c/ServiceWorker#1516 * w3c/css-houdini-drafts#992 Fixes whatwg#5368, fixes whatwg#5634, fixes whatwg/fetch#985, and fixes w3c/ServiceWorker#1490. Follow-up: whatwg#4916, whatwg#4919, whatwg#4930 whatwg#5223, and whatwg#5391. (As well as defining cross-origin isolated, per whatwg#4732.)
A top-level navigation response with Cross-Origin-Opener-Policy set to same-origin and Cross-Origin-Embedder-Policy set to require-corp will create a cross-origin isolated browsing context group. And all agent clusters therein will be cross-origin isolated as well (shared and service workers can still not be, as they sit on the side). This change also: * Gates SharedArrayBuffer exposure behind that primitive for web compatibility reasons. * Gates SharedArrayBuffer sharing behind that primitive. * Exposes it through self.crossOriginIsolated. * Makes document.domain return before it mutates the origin. * Makes agent clusters keyed on origin. Tests: * web-platform-tests/wpt#17719 * web-platform-tests/wpt#17760 * web-platform-tests/wpt#17761 * web-platform-tests/wpt#17802 * web-platform-tests/wpt#17909 * web-platform-tests/wpt#18543 * web-platform-tests/wpt#20116 * web-platform-tests/wpt#22358 Closes whatwg#4732. Closes whatwg#5122. Closes whatwg#5444. Follow-up: whatwg#5435 (and whatwg#5362).
Right now Chrome and Firefox has inconsistent behavior for SharedArrayBuffer disabling. When I try to create an instance - I'd get some kind of error immediately on an attempt. Then I have workaround like:
And this won't give me an error until I use That seems to be inconsistent behavior to me, when the one way fails immediately and the other only when used. As a JS developer I'd prefer if |
As per tc39/ecma262#1435 and WebAssembly/threads#124 the plan is that
SharedArrayBuffer
is enabled by default, as defined by JavaScript, but its high-resolution timer capabilities are restricted via restrictingpostMessage()
. (Other APIs that can enable high-resolution timer capabilities withSharedArrayBuffer
independently ofpostMessage()
would have to be similarly restricted. No such APIs as of yet, hopefully[AllowShared]
will allow us to track these.)To make
postMessage()
do the right thing, both Cross-Origin-Opener-Policy (COOP; #3740) and Cross-Origin-Embedder-Policy (COEP; #4175) have to be set for the document (or shared/service worker).I realized we did not have a tracking issue for that specific change, so here it is.
(For clarity, without
postMessage()
"Shared" inSharedArrayBuffer
is meaningless and it's effectively equivalent toArrayBuffer
.)cc @whatwg/security @rniwa @csreis
The text was updated successfully, but these errors were encountered: