New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 825266 link

Starred by 3 users
Status: Archived
Owner:
eholk@chromium.org
Last visit > 30 days ago
Closed: Dec 12
Cc:
gdeepti@chromium.org
adamk@chromium.org
titzer@chromium.org
dschuff@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Improve interaction between WebAssembly.Memory, V8 ArrayBuffer and Blink DOMArrayBuffer

Project Member Reported by eholk@chromium.org, Mar 23 2018 
Wasm memories are backed by an array buffer. Initially this is owned by V8, but the buffer can be externalized to Blink. When a Wasm memory is grown, the spec says the buffer is supposed to be detached. Unfortunately, it's easy to lose the connection from V8 to Blink, meaning V8 can detach a buffer without Blink knowing about it.

Comment 1 by hablich@chromium.org, Apr 5 2018

Status: Assigned (was: Untriaged)

Comment 2 by glenn.si...@gmail.com, Apr 25 2018 

What would cause the buffer to be externalized to Blink?

I don't see any test cases in mjsunit.

Comment 3 by eholk@chromium.org, Apr 25 2018 

I believe the usual reason is when sending an ArrayBuffer using postMessage.

Here's an example of a test that does this, which should cause ArrayBuffers to be externalized: https://cs.chromium.org/chromium/src/v8/test/mjsunit/wasm/worker-memory.js?q=postMessage+f:v8/test&sq=package:chromium&dr=CSs&l=7

Comment 4 by glenn.si...@gmail.com, Apr 25 2018 

Right, but postMessage neuters the ArrayBuffer, so it's not possible to lose the connection.

Comment 5 by glenn.si...@gmail.com, Apr 26 2018 

Hang on, that example doesn't have a transfer list, so the source ArrayBuffer should not be externalized at all.

Comment 6 by adamk@chromium.org, Dec 12

Status: Archived (was: Assigned)
We do still plan to do this, but this tracking bug is probably not the most convenient place to track that work.

Sign in to add a comment