Bug 243342

Summary:	Atomics are unavailable without the COOP/COEP headers
Product:	WebKit	Reporter:	Ryan Reno <rreno>
Component:	WebKit2	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED FIXED
Severity:	Major	CC:	cdumez, ggaren, karlcow, kkinnunen, mark.lam, rreno, saam, webkit-bug-importer, wilander, ysuzuki
Priority:	P2	Keywords:	BrowserCompat, InRadar
Version:	WebKit Nightly Build
Hardware:	All
OS:	All

Ryan Reno

Reported 2022-07-29 08:30:37 PDT

window.Atomics is undefined without the COOP/COEP headers. Those headers are meant to help secure usage of SharedArrayBuffer. However, Atomics should work with regular ArrayBuffer which is available without those headers.

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-07-29 08:31:16 PDT

<rdar://problem/97786341>

Ryan Reno

Comment 2 2022-07-29 08:36:39 PDT

(In reply to Ryan Reno from comment #0) > window.Atomics is undefined without the COOP/COEP headers. Those headers are > meant to help secure usage of SharedArrayBuffer. However, Atomics should > work with regular ArrayBuffer which is available without those headers. To be clear: I believe those headers are for more general security but in the context of the availability of Atomics, SharedArrayBuffer is disabled without the headers. It seems that Atomics is likewise disabled without the headers which means they cannot be used with normal ArrayBuffer.

Ryan Reno

Comment 3 2022-07-29 09:39:33 PDT

Chrome 103 and FF 103 both give access to the Atomics object when crossOriginIsolated == false. While Atomics on non-shared memory is probably not the most useful thing in the world, enabling Atomics even when SharedArrayBuffer is disabled will improve interop with other major browsers.

Chris Dumez

Comment 4 2022-07-29 12:53:48 PDT

+ a few JSC people: Did we intentionally disable Atomics due to Spectre? I assume we did.

Geoffrey Garen

Comment 5 2022-07-29 13:10:10 PDT

(In reply to Chris Dumez from comment #4) > + a few JSC people: Did we intentionally disable Atomics due to Spectre? I > assume we did. My understanding is that the Spectre risk comes from shared memory, not from atomics. So, enabling just Atomics without shared memory should be fine. Of course, it's also useless. Which is why it's fine. But if enabling Atomics improves interop, it seems worth doing, even if it's useless as a programming model.

Chris Dumez

Comment 6 2022-07-29 13:11:04 PDT

(In reply to Geoffrey Garen from comment #5) > (In reply to Chris Dumez from comment #4) > > + a few JSC people: Did we intentionally disable Atomics due to Spectre? I > > assume we did. > > My understanding is that the Spectre risk comes from shared memory, not from > atomics. So, enabling just Atomics without shared memory should be fine. Of > course, it's also useless. Which is why it's fine. > > But if enabling Atomics improves interop, it seems worth doing, even if it's > useless as a programming model. 👍

Ryan Reno

Comment 7 2022-07-29 13:53:21 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2860

EWS

Comment 8 2022-08-04 16:09:44 PDT

Committed 253137@main (09e0997b7d2e): <https://commits.webkit.org/253137@main> Reviewed commits have been landed. Closing PR #2860 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.