Hi everyone, I'm rebasing my multiprocess patch and found that many of the new features that have landed were implemented in a way that was incompatible with multiprocess Servo. In particular:
* WebDriver passes channels over channels between script and the chrome process. * Canvas relies on passing channels over channels between code that can touch the GPU and script. * The new messages for pipeline/iframe control rely on passing channels over channels between the chrome process and the script task. To be sure, it's my fault that I wasn't keeping the multiprocess branch current. I didn't anticipate so much breakage, though, and in order to fix these issues I will have to make severe modifications to all of these features. (I'm two days into rebasing and large crates like compositing and script aren't even building yet, and I've had to disable lots of features such as canvas.) In an effort to keep this sort of thing from happening again, I'd like to suggest that all new code that spawns threads and passes channels or boxed objects over channels not be allowed to pass review until audited for multiprocess safety up until the multiprocess branch lands. Obviously, all other browser engines are cautionary tales for the amount of technical debt that can accrue if this is allowed to continue to happen unchecked. Even though we've been good about keeping things in separate threads, the passing-channels-over-channels pattern does not work among separate processes, and the more we rely on it the harder it will be to harden Servo. Thoughts? Patrick _______________________________________________ dev-servo mailing list dev-servo@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-servo