Latest WebAssembly ESM Integration rebase #10380
Conversation
|
For the question of why Wasm and JS are treated as equal capabilities in the module system, the reasoning here is that unlike other resource imports which are implemented as synthetic modules, Wasm modules are implemented as full cyclic module records that can in turn import any other JS modules. Therefore while Wasm itself is usually a securely sandboxed language, as soon as you have arbitrary imports to JS, you have equal capability since any Wasm module imported this way can import and therefore execute arbitrary JS in turn. |
guybedford
force-pushed
the
esm-integration
branch
from
cae19c0
to
f816de8
Compare
|
Thanks for the review, I've addressed the changes in f816de8. |
There was a problem hiding this comment.
@nicolo-ribaudo could you have a look at this please? Looks editorially okay to me.
guybedford
force-pushed
the
esm-integration
branch
from
a2fafc5
to
e0d699c
Compare
|
I've integrated the latest changes here so we should be good to go. Just let me know if I can do anything to help get the participation check passing. |
It looks like you signed up as an individual at some point, but you work for Fastly, which has signed up as an entity. However, Fastly has only signed up to contribute to Fetch. So this is a bit complicated. The ideal steps needed are:
|
|
The participation check is now passing. @domenic thanks for the clear help with this. |
|
This looks ready to merge to me, but I'm not 100% sure that we have multiple browsers interested in implementing exactly this shape of the proposal. We have zero browsers passing the tests, for example: https://wpt.fyi/results/wasm/webapi/esm-integration?label=experimental&label=master&aligned |
|
Although the WebKit team at Apple was initially somewhat skeptical about bundling JS and Wasm as a single destination, we're okay with that now under the expectation that the privileges and capabilities of JS and Wasm won't diverge. Who can speak for Chromium, maybe @syg? |
|
This looks ok from our side. |
|
@ajklein may also be able to speak to the current progress on the V8 implementation here. |
|
Speaking to implementation progress: in V8/Chromium, we are currently working on supporting source phase imports for loading WebAssembly modules as source (tracked in https://issues.chromium.org/issues/42204365). We are not currently prioritizing work on full ESM/Wasm integration. Essentially, we're working on item (1) of the Wasm ESM Integration proposal's Progressive Implementation Support section. |
|
IIUC, this PR adds Wasm support for both source phase imports (e.g. It's also my understanding that the WPT tests linked above test both source phase imports and evaluation phase imports. @annevk Is WebKit planning to implement and ship Wasm evaluation phase imports as well as source phase imports? @codehag What about Gecko? If the answer to both questions above is yes, then seems fine. Otherwise I feel that we should separate the source phase support from the evaluation phase support, as we shouldn't merge something that won't (fully) reflect reality for a while. |
|
Thanks for the ping @syg. My understanding is there are two parts to your question:
If they are both standardized, our plan is to support both. The work is not yet scheduled.
This PR was initially specifying evaluation phase imports, before source phase imports were discussed in TC39. Evaluation phase imports have been supported by webkit behind a flag for some time IIUC. However, most people importing wasm today are doing so as "source" first, and then instantiating it themselves. This was a major motivation for source phase imports in TC39 to begin with. This begs the question: If evaluation phase imports are specified, will they actually be used? Or are we supporting them here purely out of spec inertia? I don't actually know the answer here myself. Consistency between JS and WASM importing would be nice, especially since they will be using the same syntax. I could see some users experiencing confusion if imports between WASM and JS are not equivalent. Maybe @guybedford could speak to whether evaluation phase is important for users? We (Gecko) could go either way. It may make sense to wait just because source phase is more useful. But, if the answer to "will evaluation phase imports be used" is that "yes, evaluation phase imports are important and we won't learn anything new if we wait", then we might as well spec this now and gradually adopt as per the plan in the Progressive module support document. |
|
Thanks, @codehag. The "we will support if standardized" is a bit entangled so let me try to disentangle that AFAIU:
IOW, my understanding of this HTML PR is purely to support proposals standardized elsewhere. We don't really need to get into the actual motivations for the other proposals here, there're other venues for that already. But because this PR is purely about support, I want it to reflect the most likely interoperable future. Best I can tell, source phase imports is definitely in that future. I don't know if evaluation phase imports is in that future yet. Chrome isn't working on it right now, thus the question to Mozilla and Apple if you have a different opinion. |
|
Yes, this PR adds HTML support for wasm imports regardless of their phase (source vs evaluation). Which phases are supported is entirely controlled by the Wasm proposal, which defines the WebAsssembly Module Record. In general, import phases have been designed to be opaque to HTML's loader, and only "visible" to ECMA-262 and whoever provides custom Module Record types (it's this obviously visible to HTML if it for CSS modules, since they are defined here). |
|
While the motivation for source phase imports remains that it is considered the more useful route for the instantiation of WebAssembly modules, this does not negate the need for or usefulness of the instance / evaluation phase even if those are considered a much smaller use case at this point. There are many packages on npm today that completely work with standards-compatible ESM evaluation phase integration. There are no plans to deprecate or remove the evaluation phase. The standardization of the ESM Integration spec at the Wasm CG into Phase 3 included both phases, with the original spec mechanics and WPT tests for the evaluation phase remaining throughout the source phase process per the Webkit implementation, with just a couple of small changes (mainly moving to synchronous instantiation). Per the README note linked, the weakening of the implementation constraint to allow shipping one without the other specifically does not indicate that either should not ever be implemented - the standard includes both phases and that is what is expected to be implemented. Node.js ships the instance phase under the As @syg points out, the conformance decision here is entirely made in the ESM Integration spec though. We could possibly add some further clarifications on the HTML side to note both phase are specified if that would be useful. |
This was part of my question: is it exactly the same? That is, if you were to limit this proposal to just supporting source phase imports, can you remove stuff from this PR? E.g. this PR talks about module requests for WebAssembly Module Scripts, which isn't needed for source phase imports, right? |
|
That step there also affects import source foo from "./x.wasm"(module
(import "not a valid URL" "num" i32)
)That however raises indeed a question: is this intentional? @guybedford |
|
I talked a bit with Guy about that, and no that is definitely not intentional. Doing The reason HTML has that check is that we want to abort the loading process as early as possible when we know that it will fail: in case of import "./valid.js";
import "invalid specifier";we want to avoid starting the network request for It seems like we can get the same behavior by moving those from "create a XXX module script" to the beginning of |
guybedford
force-pushed
the
esm-integration
branch
from
e9973b2
to
2571ea9
Compare
guybedford
force-pushed
the
esm-integration
branch
from
b115b2d
to
19dd157
Compare
There was a problem hiding this comment.
This now looks good to me, I'm somewhat confident that it preserve all the existing behavior.
Btw, there are some problems with the Wattsi server. Yesterday I was going to send a long review explaining how the changes were still wrong because the Wattsi preview was stuck at an old commit rather than at the last one that passed the build.
There was a problem hiding this comment.
I pushed a few nits; please check that they didn't change anything.
I have two questions:
-
I'm confused on the name of the [WASMESM] specification. It calls itself "WebAssembly JavaScript Interface" in the heading of https://webassembly.github.io/esm-integration/js-api/index.html . But that name is already taken by our [WASMJS] reference, https://webassembly.github.io/spec/js-api/ ? This PR seems to call it "WebAssembly JavaScript Module Integration" but I cannot find any evidence of that being an official referenceable name.
-
Can you summarize why we relocated all the dependency checking to HostResolveImportedModule? That's a large change.
Additionally, if you could update the OP with as helpful a commit message as possible, that would be great. Explaining what exactly changes, what the boundary is between the two specs, maybe the different import phases.
domenic
force-pushed
the
esm-integration
branch
from
8a27d17
to
a9ac026
Compare
Add source phase import support in import statements with necessary embedder APIs. And resolve `WebAssembly.Module` as a ModuleSource with static source phase imports in d8. In HTML draft integration spec, importing `WebAssembly.Module` at source phase doesn't need any import attribute to indicate the module type. The default type `javascript-or-wasm` is distinguished by resource's MIME type. However, whether or not a requested module is JS or WASM is determined by file extensions in d8. Refs: whatwg/html#10380 Bug: 42204365 Change-Id: I095dcb4375c4980c9aa37ff85365ee44b3823cba Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5783137 Reviewed-by: Shu-yu Guo <[email protected]> Commit-Queue: Chengzhong Wu (legendecas) <[email protected]> Cr-Commit-Position: refs/heads/main@{#95914}
|
@domenic nits all look good to me. I do have a slight preference for If there's a better way to handle the Phase 3 status of the ESM Integration in references, I'm open to alternatives. |
Could you give the document a different title, instead of having two documents with the same title? |
|
Sure, I've pushed a commit to update the ESM integration reference to be the spec repo instead of the spec document, and set the title as the direct proposal's name. |
|
Sorry, that wasn't what I meant; I meant, can you update the spec document? I'm just very surprised the WASM CG is putting out two specs with the same name but different contents, and am unsure whether we should be referencing WASM CG documents if that's their status. Edit: to be clear, I mean, can you update this line: https://github.com/WebAssembly/esm-integration/blob/8dbbb4dd19b479299cbe2f501a8b5ced9b61fbe8/document/js-api/index.bs#L2 |
This reverts commit 83face5.
|
Okay, reverted the last commit and it seems the exceptions proposal did similar here previously in altering the title to include the proposal name. I've landed the title update in WebAssembly/esm-integration#93, but still need to get the spec document to update properly through CI, so will fix that tomorrow and ping back here then. Let me know if there's anything else, and thanks for the reviews! |
|
@domenic the title on the spec is now updated, so we should finally be there now. |
|
I don't see a comment answering
The summary is that we can split module loading in two phases:
The first one ends at the end of the "create a X module" steps, and the second one is in HostLoadImportedModule. Somewhere between 1 and 2 we need to validate those dependencies. Whether it was at the end of 1 or at the beginning of 2 was originally not observable. With source phase imports it is observable, because we can stop after 1, and we only want the validation to happen when we know that 2 is going to happen. |
|
I know I am kinda late but I haven't seen this anywhere, shouldn't this work to interop work on Import Assertions too in someway? Historically bundlers have allowed you to bundle binary blobs like PNGs, and WASM blobs inline, and text data like JSON too, Import Assertions were supposed to allow for better readability and trying to make a standard way of importing non-JS modules into JS, shouldn't this do something like |
|
This has been discussed multiple times — a goal here is making it possible to swap JS modules with wasm modules in a transparent way. The goal of import attributes on the web was security: JSON and CSS have less capabilities than JS, and the attribute is there to make sure that somebody doesn't try to attack you by providing a JS file where you expect a JSON one. Wasm instead can import JS, and it runs at the same privilege level of JS. This is similar to how there is no Note that bundlers can decide to support their own custom attributes, as long as they strip them away when bundling. |
WebAssembly ESM Integration including Source Phase Imports
This represents the latest rebase of the ESM Integration spec, replacing the original PR in #4372. Major changes since then include source phase imports support and instantiation being updated to be synchronous.
There is an early validation error algorithm that is applied when modules are created, which needed to be updated to support the source phase imports proposal. Specifically, constructed modules may not have their dependencies loaded when in the source phase. This validation logic is now located in HostLoadImportedModule, and performed against all referrer dependencies on the first call to HostLoadImportedModule for a given referrer, detected by the first argument matching the first module of the Cyclic Module Record (indicating the module is loading its dependencies).
Since the ESM Integration specification is still in Phase 3, its specification is referenced directly here. As soon as the proposal is upstreamed we can reference the main WebAssembly JS API specification.
(See WHATWG Working Mode: Changes for more details.)
/acknowledgements.html ( diff )
/indices.html ( diff )
/infrastructure.html ( diff )
/references.html ( diff )
/webappapis.html ( diff )