[webkit-dev] Feature announcement: WebCL

Antonio Gomes tonikitoo at webkit.org
Wed May 1 17:29:18 PDT 2013 

Hi Oliver. Thanks for your comments and suggestions. Here's an update on
WebCL security.

First some background: within Khronos a cross working group security
initiative was started by the WebCL working group to engage with the
OpenCL, WebGL, OpenGL and OpenGL-ES working groups and representatives from
the hardware, driver, browser and developer communities. The WebCL WG
worked closely with the OpenCL WG, and has defined two OpenCL security
extensions which have been ratified by Khronos.

Looking at the various security requirements you mentioned from the WebCL
working draft.

- 4.2 Cross-Origin Information Leakage

WebCL's position is that this be handled by the same mechanism as used for
WebGL, ie https://www.khronos.org/registry/webgl/specs/latest/#4.2 . A bug
will be filed to request update of wording in the working draft.

- 4.3 Out-of-Range Memory Access

The validator will perform static analysis on WebCL kernels to
determine violations of WebCL kernel behavior and language restrictions.
The results from the analysis will also be used to determine any
necessary instrumentation to bring the WebCL kernels in compliance with
security and syntactic requirements of the WebCL API.  The RFQ for the
WebCL Validator located at
https://cvs.khronos.org/wiki/index.php/WebCL_Validator provides information
on the approach recommended by the WebCL working group.

- 4.4 Memory Initialization to prevent information leakage:

This is addressed by the OpenCL CL_CONTEXT_MEMORY_INITIALIZE extension. In
http://www.khronos.org/registry/cl/specs/opencl-1.2-extensions.pdf , please
refer to section "9.15 Local and Private Memory Initialization".

- 4.6 Prevention of potential denial of service (DoS) from long running
kernels:

This is addressed by the OpenCL CL_CONTEXT_TERMINATE extension. In
http://www.khronos.org/registry/cl/specs/opencl-1.2-extensions.pdf , please
refer to section "9.16 Terminating OpenCL contexts".

With regards to HALF/SINGLE/DOUBLE, you can see that as tracked in
https://www.khronos.org/bugzilla/show_bug.cgi?id=808 , it was agreed that
support is through extensions ("khr_fp64" and "khr_fp16") and not
supported, at this time, in the core API.

I wanted to note that the WebCL API working draft is work in progress.
 Once completed by the WebCL WG, and approved by the Khronos Promoters, its
availability will be announced to public as a specification.  Khronos
generally works on specifications internally, before they are made public.
 However, for web-based APIs, such as WebGL and WebCL, the members were
allowed to share working drafts of the APIs, prior to completion.

--Antonio Gomes

On Tue, Apr 30, 2013 at 8:36 PM, Oliver Hunt <oliver at apple.com> wrote:

> Before i saw any patches landed i would expect the specification to state
> exactly what kernel features are allowed and required.
>
> Additionally the specification language of the security section is fairly
> weak - 4.2 doesn't say how CORS will be used to achieve security.
>  Presumably WebCL just wants the WebGL security resource semantics, but the
> language needs to be explicit.
>
> How is 4.3 enforced?
>
> The only way to reliably enforce 4.4 is to either restrict the valid
> kernel constructs (see my first point - you aren't defining the kernel
> semantics sufficiently well), or to avoid ever pushing the kernels onto a
> gpu.  On the plus side not pushing the kernel to the GPU means executing on
> the CPU, and so having the benefit of sane interruption and memory access
> behavior, which neatly solves 4.6.
>
> I'd rather not support the half-float format anywhere, as that simply
> means at some point in the communication paths we end up having to do a
> software double or single to half conversion, and back again later, all in
> order to support older GPUs that don't support single, assuming we even let
> the kernel get anywhere near the gpu.
>
> In general I don't like the design of the API, I believe it over-exposes
> system information and doesn't sufficiently define edge case behavior.
>
> --Oliver
>
> On Apr 30, 2013, at 5:10 PM, Antonio Gomes <tonikitoo at webkit.org> wrote:
>
> Hello.
>
> As discussed before, Khronos has been working on a specification
> for WebCL, a JavaScript API that exposes GPUs and multi-core processors
> for intensive compute tasks. The latest version of the working draft is
> available here: [1].
>
> Over the past weeks, some discussion involving WebCL took place in this
> mailing list ([2]), when some concerns were raised, and to which I later on
> tried to address in [3].
>
> At this time, I would like to contribute our WebCL prototype
> implementation [4] to WebKit.org.
>
> Feature would be defined behind a ENABLE(WEBCL) feature flag, and work
> will be tracked onhttps://bugs.webkit.org/show_bug.cgi?id=115457.
>
> Let me know if you have any comments or concerns.
>
> Cheers,
>
> [1]
> https://cvs.khronos.org/svn/repos/registry/trunk/public/webcl/spec/latest/index.html
>
> [2] https://lists.webkit.org/pipermail/webkit-dev/2013-April/024546.html
>  [3] https://lists.webkit.org/pipermail/webkit-dev/2013-April/024747.html
> [4] https://github.com/SRA-SiliconValley/webkit-webcl
>
> --
> --Antonio Gomes
> _______________________________________________
> webkit-dev mailing list
> webkit-dev at lists.webkit.org
> https://lists.webkit.org/mailman/listinfo/webkit-dev
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20130501/4e83d580/attachment.html>

More information about the webkit-dev mailing list