Make GPUAdapter.features a setlike interface #1098
Conversation
This makes it possible for apps to check for individual extension support (`.has()`), which would let the UA track privacy budgeting with better granularity.
kainino0x
force-pushed
the
adapter-extensions-setlike
branch
from
1fb3f1e to
696f62a
Compare
This allows apps to receive information about individual available adapter limits, which which let the UA track privacy budgeting with better granularity. See also gpuweb#489, gpuweb#495; gpuweb#1098.
This allows apps to request information about individual available adapter limits, which lets the UA track privacy budgeting with better granularity. See also gpuweb#489, gpuweb#495; gpuweb#1098.
kvark
left a comment
kvark
left a comment
There was a problem hiding this comment.
Similar concern here (as with limits): what happens if the user doesn't check for extensions but still requests them? Vulkan validation layers, for example, complain about this, because such code is not portable.
|
Guarding against that would only be a heuristic anyway, as we can't tell that the app didn't just query every extension, ignore the results and request some others. I think it should be a browser warning. |
|
Let me explain in a bit more detail how I see this and the limits changes. The privacy budget idea makes the user agent to adjust the result of queries based on the very act of querying. This is a classical quantum behavior! Essentially, device geometry properties do not exist until discovered. So this is not a heuristic, it's somewhat straightforward: if you don't check for extension X (or limit L), then it's not there. If an app wants to check for all extensions, its their choice, but they should be aware that the privacy budget will quickly be depleted, and they aren't going to get all the extensions anyway. |
|
It's well-defined, but it's still a heuristic relative to the behaviors we want to prevent (assuming capabilities that you don't know exist, and requesting capabilities that you don't need). It's not the only reasonable well-defined behavior, and I prefer a model where the state of the adapter is not mutable in that way, like:
|
|
Matrix chat discussion. I think @kvark and I are on the same page now. |
This allows apps to request information about individual available adapter limits, which lets the UA track privacy budgeting with better granularity. See also gpuweb#489, gpuweb#495; gpuweb#1098.
This allows apps to request information about individual available adapter limits, which lets the UA track privacy budgeting with better granularity. See also gpuweb#489, gpuweb#495; gpuweb#1098.
kdashg
left a comment
kdashg
left a comment
There was a problem hiding this comment.
This is great even just as a UX improvement, vs an array.
|
Resolved: It's agreed this is a strict improvement, so accepted. There's mixed desire to remove the possibility to enumerate the set, but it can be a later increment. |
kainino0x
changed the title
I think it's been determined that this API shouldn't consider privacy budgeting in it's design. - UAs can still lazily-decide on GPULimits values. - UAs can still do bucketing ahead of time, or even based on queries to GPULimits members. - Apps can attempt requestDevice without checking limits, if they just want to know if their requested limits are supported. Exact IDL interface is TBD, but editorial. Needs more text to be filled out later. Also adds some other TODOs. See also #489, #495; #1098, #1100.
…puweb#1098) * Add validation,resource_usages,texture,in_render_common:* - Part III * Address reviewer's comments
3 participants
This makes it possible for apps to check for individual extension
support (
.has()), which would let the UA track privacy budgeting withbetter granularity.
@litherum mentioned this topic today in the WGSL meeting, which got me thinking about it. Does this address the concern with this mechanism? (Unrelated to the WGSL topic.)
Preview | Diff