Re: draft execution environment for WebGPU, including WebGPU env spec for SPIR-V from Corentin Wallez on 2018-11-14 (public-gpu@w3.org from November 2018)

From: Corentin Wallez <cwallez@google.com>
Date: Wed, 14 Nov 2018 13:44:14 +0100
To: Maciej Stachowiak <mjs@apple.com>
Cc: David Neto <dneto@google.com>, public-gpu <public-gpu@w3.org>
Message-ID: <CAGdfWNOs4Ldy0_6daKye+WwJ99xYP+NkS2mQa0XpJ9AMDoLVHw@mail.gmail.com>

To steal David's words, being secure is a property of the implementation
and not a property of the language. The language can just influences how
hard it is to make secure. The security properties outlined in that section
would need to be implemented both for whatever language we choose. For
example array clamping/trapping on OpAccessChain needs to happen the same
way it needs to happen for WHLSL array refs.

Specifications are not supposed to contain implementation details, or only
in non-normative sections. We don't specify how to achieve security because
that's an implementation detail. That said we described how the
implementation of SPIR-V can be made secure more than a year ago in #33
SPIR-V Robust Resource Access <https://github.com/gpuweb/gpuweb/issues/33> and
most of the implementation details would be similar in WHLSL (trapping
behavior was brought up only after we posted that issue). This
investigation shows that an implementation of SPIR-V can be made secure,
and that robust resource access being possible is orthogonal to the
execution environment.

Cheers,

Corentin

On Wed, Nov 14, 2018 at 12:06 AM Maciej Stachowiak <mjs@apple.com> wrote:

>
> This document describes what security properties are desired In the
> "General WebGPU Environment” section, which is great. But it doesn’t appear
> to describe how a SPIR-V dialect can achieve these properties in the
> "WebGPU Execution Environment Specification for SPIR-V”, not even as TBDs
> as far as I can tell.
>
> Is it it intentional that how to achieve security is unspecified?
>
> Regards,
> Maciej
>
> On Nov 13, 2018, at 1:41 PM, David Neto <dneto@google.com> wrote:
>
> Hi,
>
> In a recent meeting Google promised to produce a draft WebGPU environment
> spec for SPIR-V.
>
> Today we created a new GitHub repo for all documents related to SPIR-V use
> in WebGPU.  It has a first draft of the promised environment spec.  Please
> see
> https://github.com/gpuweb/spirv-execution-env/blob/master/execution-env.md
>
> In writing the draft we realized there were considerations on how WebGPU
> would execute shaders, independent of shader language. So the document is
> split in to several parts: A general part that always would apply, and a
> part that is a WebGPU environment spec for SPIR-V.
>
> Many items are marked "TBD", and most of them will be resolved once the
> community group determines exactly what features are supported by WebGPU.
>
> This is ready for initial review and discussion by the community group.
>
> thanks,
> david
>
>
>

Received on Wednesday, 14 November 2018 12:44:49 UTC