[webkit-changes] [WebKit/WebKit] e871a6: Align WebAssembly.Memory & .Module with SharedArra...

Tue, 19 May 2026 05:39:43 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: e871a6981d5839e513bdee6f967dbe4edb31bc5d
      
https://github.com/WebKit/WebKit/commit/e871a6981d5839e513bdee6f967dbe4edb31bc5d
  Author: Anne van Kesteren <[email protected]>
  Date:   2026-05-19 (Tue, 19 May 2026)

  Changed paths:
    M 
LayoutTests/imported/w3c/web-platform-tests/wasm/serialization/memory/window-success.tentative.https-expected.txt
    M Source/WebCore/Modules/mediastream/RTCRtpScriptTransform.cpp
    M Source/WebCore/Modules/notifications/Notification.cpp
    M Source/WebCore/Modules/webaudio/AudioWorkletNode.cpp
    M Source/WebCore/bindings/js/SerializedScriptValue.cpp
    M Source/WebCore/bindings/js/SerializedScriptValue.h
    M Source/WebCore/dom/BroadcastChannel.cpp
    M Source/WebCore/dom/MessagePort.cpp
    M Source/WebCore/page/LocalDOMWindow.cpp
    M Source/WebCore/page/PerformanceMark.cpp
    M Source/WebCore/page/PerformanceUserTiming.cpp
    M Source/WebCore/page/RemoteDOMWindow.cpp
    M Source/WebCore/page/WindowOrWorkerGlobalScope.cpp
    M Source/WebCore/workers/DedicatedWorkerGlobalScope.cpp
    M Source/WebCore/workers/Worker.cpp
    M Source/WebCore/workers/service/ServiceWorker.cpp
    M Source/WebCore/workers/service/ServiceWorkerClient.cpp

  Log Message:
  -----------
  Align WebAssembly.Memory & .Module with SharedArrayBuffer
https://bugs.webkit.org/show_bug.cgi?id=313975
rdar://176792374

Reviewed by Yusuke Suzuki.

The serializer's per-type gates for WebAssembly.Module and
WebAssembly.Memory were expressed in terms of SerializationContext that
hid two bugs:

* Notification's data serialization mistakenly passed
  SerializationForStorage::No even though the spec requires
  StructuredSerializeForStorage. The context-based gate was masking
  this by rejecting non-postMessage contexts in the generic-object
  fallback at objectStartState; switching the gate to the forStorage
  bit exposed that a WebAssembly.Module silently serialized
  successfully for a Notification instead of throwing DataCloneError.
  (If this change is not made an existing test regresses.)
* The wasmMemoryHandlesArray on the resulting SerializedScriptValue was
  only retained for SerializationContext::WorkerPostMessage, so a
  shared WebAssembly.Memory posted between same-origin same-process
  windows (same agent cluster) would be incorrectly dropped.
  (Fix demonstrated with the test progression.)

To address these we made these changes to SerializedScriptValue:

* WebAssembly.Module serialization: gate on m_forStorage == Yes (throws
  DataCloneError) instead of on context. Per spec the module is not
  storable but is structured-cloneable within an agent cluster.
* WebAssembly.Memory serialization: gate on m_forStorage == Yes and
  align the isolation gate with SharedArrayBuffer
  (cross-origin-isolated or the useSharedArrayBuffer option), not on a
  context value.
* Deserialization: drop the m_majorVersion >= 12 gating as these
  objects were never stored to disk and drop the redundant
  !useSharedArrayBuffer() check for WasmMemoryTag (the agent-cluster-ID
  check subsumes it).
* SerializationContext is reduced from four values to { Default,
  CloneAcrossWorlds } -- WorkerPostMessage and WindowPostMessage no longer
  gate any serializer behavior after the above changes.

Canonical link: https://commits.webkit.org/313482@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to