243342 – Atomics are unavailable without the COOP/COEP headers

Bug 243342 - Atomics are unavailable without the COOP/COEP headers

Summary: Atomics are unavailable without the COOP/COEP headers

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit2 (show other bugs)
Version:	WebKit Nightly Build
Hardware:	All All

Importance:	P2 Major
Assignee:	Nobody

URL:
Keywords:	BrowserCompat, InRadar

Depends on:
Blocks:

Reported:	2022-07-29 08:30 PDT by Ryan Reno
Modified:	2022-08-04 16:09 PDT (History)
CC List:	10 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ryan Reno 2022-07-29 08:30:37 PDT

window.Atomics is undefined without the COOP/COEP headers. Those headers are meant to help secure usage of SharedArrayBuffer. However, Atomics should work with regular ArrayBuffer which is available without those headers.

Comment 1 Radar WebKit Bug Importer 2022-07-29 08:31:16 PDT

<rdar://problem/97786341>

Comment 2 Ryan Reno 2022-07-29 08:36:39 PDT

(In reply to Ryan Reno from comment #0)
> window.Atomics is undefined without the COOP/COEP headers. Those headers are
> meant to help secure usage of SharedArrayBuffer. However, Atomics should
> work with regular ArrayBuffer which is available without those headers.

To be clear: I believe those headers are for more general security but in the context of the availability of Atomics, SharedArrayBuffer is disabled without the headers. It seems that Atomics is likewise disabled without the headers which means they cannot be used with normal ArrayBuffer.

Comment 3 Ryan Reno 2022-07-29 09:39:33 PDT

Chrome 103 and FF 103 both give access to the Atomics object when crossOriginIsolated == false.

While Atomics on non-shared memory is probably not the most useful thing in the world, enabling Atomics even when SharedArrayBuffer is disabled will improve interop with other major browsers.

Comment 4 Chris Dumez 2022-07-29 12:53:48 PDT

+ a few JSC people: Did we intentionally disable Atomics due to Spectre? I assume we did.

Comment 5 Geoffrey Garen 2022-07-29 13:10:10 PDT

(In reply to Chris Dumez from comment #4)
> + a few JSC people: Did we intentionally disable Atomics due to Spectre? I
> assume we did.

My understanding is that the Spectre risk comes from shared memory, not from atomics. So, enabling just Atomics without shared memory should be fine. Of course, it's also useless. Which is why it's fine.

But if enabling Atomics improves interop, it seems worth doing, even if it's useless as a programming model.

Comment 6 Chris Dumez 2022-07-29 13:11:04 PDT

(In reply to Geoffrey Garen from comment #5)
> (In reply to Chris Dumez from comment #4)
> > + a few JSC people: Did we intentionally disable Atomics due to Spectre? I
> > assume we did.
> 
> My understanding is that the Spectre risk comes from shared memory, not from
> atomics. So, enabling just Atomics without shared memory should be fine. Of
> course, it's also useless. Which is why it's fine.
> 
> But if enabling Atomics improves interop, it seems worth doing, even if it's
> useless as a programming model.

👍

Comment 7 Ryan Reno 2022-07-29 13:53:21 PDT

Pull request: https://github.com/WebKit/WebKit/pull/2860

Comment 8 EWS 2022-08-04 16:09:44 PDT

Committed 253137@main (09e0997b7d2e): <https://commits.webkit.org/253137@main>

Reviewed commits have been landed. Closing PR #2860 and removing active labels.