[jsc-dev] Protect against modifying contents of `ArrayBuffer` in `JavaScriptCore`

Saam Barati sbarati at apple.com
Thu Nov 8 12:48:38 PST 2018 

Hi Karol,

Sorry for the late reply. It doesn't seem like we have API for this. Adding such API wouldn't be hard and it seems useful.

I filed a bug for this:
https://bugs.webkit.org/show_bug.cgi?id=191433

- Saam

> On Oct 20, 2018, at 4:48 AM, Karol Szafranski <karolszafranski at gmail.com> wrote:
> 
> Hi Saam,
> 
> Right now I am using JavaScriptCore which is built into iOS devices. Generally, I use Objective-C and sometimes switch to C APIs if something cannot be done in Objective-C, like creating ArrayBuffer.
> 
> I would like to be able to use workers in JavaScript. Since they are not available out of the box I try to implement that API myself. I would like them to behave like in a web browser, but I’m not able to implement “transferList”. That is the second argument of `postMessage` method.
> 
>> On 19. Oct 2018, at 21:00, Saam barati <sbarati at apple.com> wrote:
>> 
>> Hi Karol,
>> 
>> What context are you running JavaScript code in?
>> 
>> Are you using the JavaScriptCore ObjC or C APIs? Something else?
>> 
>> - Saam
>> 
>>> On Oct 19, 2018, at 1:56 AM, Karol Szafranski <karolszafranski at gmail.com> wrote:
>>> 
>>> `ArrayBuffer` is created in JavaScript engine, and reference is passed to the "native side":
>>> 
>>> 
>>>  var myBuffer = new ArrayBuffer(32);
>>>  protectBufferMemory(myBuffer);
>>> 
>>> 
>>> Now I would like to hide the contents of the `ArrayBuffer` from the JavaScript engine. It would be best if `ArrayBuffer` could suddenly return 0 for `byteLength`, stay empty and nonresizable when looking at it with any `TypedArray`.
>>> 
>>> In the same time, I need to keep the contents of the `ArrayBuffer` in memory in the same place as it was. I do not want to copy those bytes.
>>> 
>>> Note: this is exactly how `ArrayBuffer` behaves in Chrome when you `postMessage` to a `Worker` with `ArrayBuffer` instance in the "transfer" array.
>>> 
>>> If there is no way of doing this, the following alternatives would also be acceptable:
>>> 
>>> 1. Removing the `ArrayBuffer` instance from the JavaScript engine, so that all variables pointing to it will return `undefined` would also be acceptable. As long as data will not be removed from memory.
>>> 
>>> 2. Keeping `ArrayBuffer` data visible inside JavaScript engine but disallow modification.
>>> 
>>> Thank you very much in advance.
>>> 
>>> Karol Szafrański
>>> 
>>> _______________________________________________
>>> jsc-dev mailing list
>>> jsc-dev at lists.webkit.org
>>> https://lists.webkit.org/mailman/listinfo/jsc-dev
>> 
> 
> 
> Karol Szafrański
>

More information about the jsc-dev mailing list