feat(pass-style,marshal): ByteArray, a new binary Passable type #1538
Conversation
erights
force-pushed
the
markm-binary
branch
2 times, most recently
from
80cc7f2
to
fca467e
Compare
erights
force-pushed
the
markm-binary
branch
4 times, most recently
from
15cbf4f
to
a6a6ca0
Compare
erights
force-pushed
the
markm-binary
branch
2 times, most recently
from
4bf3d8c
to
ce5f3bf
Compare
erights
force-pushed
the
markm-binary
branch
from
ce5f3bf
to
947e166
Compare
erights
force-pushed
the
markm-binary
branch
from
e24eced
to
ac041b2
Compare
erights
changed the title
erights
force-pushed
the
markm-binary
branch
3 times, most recently
from
b25c593
to
fe561d2
Compare
There was a problem hiding this comment.
I actually like the direction this is going. It's relying on a global to have certain semantics, which we can shim, either in ses or in a separate independent shim. We mainly have to hope the committee would be accepting this or we'll end up with some weird compat issues
erights
force-pushed
the
markm-binary
branch
2 times, most recently
from
371431a
to
177f45f
Compare
erights
force-pushed
the
markm-byte-array-2
branch
from
5eb079d
to
2043b76
Compare
erights
force-pushed
the
markm-byte-array-2
branch
from
2043b76
to
4dc9583
Compare
…2399) Closes: #XXXX Refs: #1538 #1331 #2309 #2311 ## Description Introduces the `@endo/immutable-arraybuffer` package, the ponyfill exports of `@endo/immutable-arraybuffer`, and the shim obtained by importing `@endo/immutable-arraybuffer/shim.js`. Alternative to #2309 as suggested by @phoddie at #2309 (comment) We plan to fix #1331 in a stack of PRs starting with this one - This PR implements a ponyfill and shim for an upcoming *Immutable ArrayBuffer* proposal, along the lines suggested by @phoddie at #2309 (comment) + the suggestions on an earlier state of #2311 . This is a pure JavaScript ponyfill/shim, leaving it to #2311 to bring it into Hardened JavaScript. - #2311 imports the #2399 shim, treating the new objects it introduces as if they are new primordials, to be permitted and hardened. - #1538 uses the Hardened JavaScript Immutable ArrayBuffers to define a new `Passable` type, `ByteArray`, corresponding to the [OCapN](https://ocapn.org/) `ByteArray`. - Some future PR extending the various marshal formats to encode and decode the `ByteArray` objects. See the README.md in this PR for more. ### Security Considerations Better support for immutability generally helps security. The imperfections of the shim are a leaky abstraction in all the ways explained in the Caveats section of the README.md. For example, objects that are purely artifacts of the emulation, like the `immutableArrayBufferPrototype`, are easily discoverable, revealing the emulation's mechanisms. As a pure JavaScript polyfill/shim, this `@endo/immutable-arraybuffer` package does not harden the objects it exposes. Thus, by itself it does not provide much security -- like the initial state of JavaScript does not by itself provide much security. Rather, both provide securability, depending on Hardened JavaScript to harden early as needed to provide the security. See #2311 Once hardened early, the abstraction will still be leaky as above, but the immutability of the buffer contents are robustly enforced. ### Scaling Considerations This ponyfill/shim is a zero-copy implementation, meaning that it does no more buffer copying than expected of a native implementation. ### Compatibility and Documentation Considerations This ponyfill/shim implements zero-copy by relying on the platform to provide one of two primitives: `structuredClone` or `ArrayBuffer.prototype.transfer`. Neither exist on Node <= 16. Without either, this ponyfill/shim will fail to initialize. This PR sets the stage for writing an Immutable ArrayBuffer proposal, proposing it to tc39, and including it in our own documentation. ### Testing Considerations Ideally, we should identify the subset of test262 `ArrayBuffer` tests that should be applicable to immutable ArrayBuffers, and duplicate them for that purpose. ### Upgrade Considerations Nothing breaking.
erights
changed the base branch from
markm-byte-array-2
to
markm-to-immutable-3
erights
force-pushed
the
markm-to-immutable-3
branch
from
c9c9300
to
19de016
Compare
erights
force-pushed
the
markm-binary
branch
from
8d19fd4
to
2570a8a
Compare
erights
force-pushed
the
markm-to-immutable-3
branch
from
19de016
to
5972da3
Compare
erights
force-pushed
the
markm-binary
branch
from
2570a8a
to
6e10dcd
Compare
erights
force-pushed
the
markm-to-immutable-3
branch
from
5972da3
to
1e582fb
Compare
| // then according to their lengths. | ||
| // Thus, if the data of ByteArray X is a prefix of | ||
| // the data of ByteArray Y, then X is smaller than Y. | ||
| return comparator(left.byteLength, right.byteLength); |
There was a problem hiding this comment.
Change to shortlex order. See https://en.wikipedia.org/wiki/Shortlex_order
Shortlex order would enable encodePassable (aka compactOrdered) to encode buffers with a prefix followed by the unescaped bytes. Avoiding escaping would be great.
There was a problem hiding this comment.
So this makes ByteArray different than string for ordering?
There was a problem hiding this comment.
Yes. For strings, normal lexicographic ordering is overwhelmingly more expected than shortlex. For binaries of different length, I don't think there is any one overwhelming expectation.
FWIW, if I did think we could get away with shortlex for strings too, I would go for it, for the same reason. Needing to insert escapes into bulk data sucks. Attn @gibson042
There was a problem hiding this comment.
FWIW, if I did think we could get away with shortlex for strings too, I would go for it
That would be a breaking change that would have to be opted into at definition of the stores and other components that use the order.
There was a problem hiding this comment.
Agreed. That's another reason we cannot get away with it.
There was a problem hiding this comment.
Indeed, because of this breaking change issue, we haven't even moved forward on #2008
| // Thus, if the data of ByteArray X is a prefix of | ||
| // the data of ByteArray Y, then X is smaller than Y. | ||
| // @ts-expect-error narrowed | ||
| return compareRank(left.byteLength, right.byteLength); |
There was a problem hiding this comment.
If both are byteArrays, then we should delegate the whole thing to compareRank. Which, btw, we'll be switching to shortlex order.
erights
force-pushed
the
markm-to-immutable-3
branch
from
1e582fb
to
b32ab45
Compare
erights
force-pushed
the
markm-to-immutable-3
branch
from
b32ab45
to
544a213
Compare
erights
force-pushed
the
markm-binary
branch
from
1281d0c
to
42075f3
Compare
Staged on #2311
Still very drafty, but a start
Fixes #1331
See plan at ocapn/ocapn#5 (comment)