1594748 - Enable "resab" on Nightly (aka quadruple pref flip)

Status: RESOLVED FIXED

(Core :: DOM: Core & HTML, task, P1)

Description

[Anne (:annevk)]

We should flip the following four preferences to be enabled by default on Nightly only, once all dependencies of this bug are fixed, and only as long as browser.tabs.documentchannel and javascript.options.shared_memory continue to be enabled on Nightly:

• browser.tabs.remote.useCORP
• browser.tabs.remote.useCrossOriginOpenerPolicy
• browser.tabs.remote.useCrossOriginEmbedderPolicy
• dom.postMessage.sharedArrayBuffer.withCOOP_COEP

MDN folks, I've put documentation for this at https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/SharedArrayBuffer/Planned_changes. Your review and any corrections are appreciated!

Comment 1

[Neha Kochar [:neha]]

These should be enabled for EARLY_BETA_OR_EARLIER as they won't ride the trains to release just yet.

Comment 2

[Anne (:annevk)]

It should be EARLY_BETA_OR_EARLIER if bug 1596682 is fixed by the time we get to fixing this. Otherwise NIGHTLY only (with a new bug to track the outcome of bug 1596682).

Comment 3

[Neha Kochar [:neha]]

As discussed and decided, we'll restrict to Nightly only for now.

Comment 4

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1594748 - Enable resab on Nightly except Android;

Comment 5

[Tom Tung [:tt, :ttung]]

https://treeherder.mozilla.org/#/jobs?repo=try&revision=4a66e53678ba56fad86683d5f406e5b360c6f73b

Comment 6

[Tom Tung [:tt, :ttung]]

Newer try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2c334d1940b7dbd8f91e6d4982a703bce521426

Comment 7

[Tom Tung [:tt, :ttung]]

From the try result:
With this patch https://treeherder.mozilla.org/#/jobs?repo=try&revision=f2c334d1940b7dbd8f91e6d4982a703bce521426
Without patch in this bug: https://treeherder.mozilla.org/#/jobs?repo=try&revision=e10a318bbaef3ea9e241a917b6e0776150e2d7bc

There are many test failures. For now, they seem to be two reasons and I filed two bugs for them (1598635, 1598663)

Note that if unfortunately, we cannot land this next Monday, we probably don't need to be uplifted to Beta because the patch in this bug should only affect Nightly.

Comment 8

[Tom Tung [:tt, :ttung]]

The lastest try with the fix in bug 1598635 and enable the SAB pref on Nightly Android: https://treeherder.mozilla.org/#/jobs?repo=try&revision=145f5f4129f44ed5a2ea8cada5b0c7935eec69fc

Comment 9

[Tom Tung [:tt, :ttung]]

latest try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=7389149789863e86855ddbad42bb887fa05730bf&selectedJob=278788023 (the timeouted mochitests pass on my Mac)

Comment 10

[Tom Tung [:tt, :ttung]]

Try with a patch to just revert the pref for COOP (in other words, the other three prefs are enabled): https://treeherder.mozilla.org/#/jobs?repo=try&revision=733901ee4716696823cde1061a9d36e6c6c854ff&selectedJob=279534776

Comment 11

[Tom Tung [:tt, :ttung]]

Latest try (with D56228 and the patch for expecting test for window.crossOriginIsolated to pass): https://treeherder.mozilla.org/#/jobs?repo=try&revision=bd91c6f8bdc65271e36c3a6b55df01a7335f8aed

Note that Matt in bug 1598663 comment 19 mentioned that tests like browser_new_web_tab_in_file_process_pref.js and browser_httpResponseProcessSelection.js should be fixed in bug 1592894

Comment 12

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1594748 - Expect the test for window.crossOriginIsolated to pass since we have implemented that;

Depends on D54166

Comment 13

[Tom Tung [:tt, :ttung]]

try with all existing patches: https://treeherder.mozilla.org/#/jobs?repo=try&revision=97fcd0945359e571c2b8fdcd58dac93557afd50e

Comment 14

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1594748 - Allow SAB to be serialized in BrowsingContext::PostMessageMoz();

Serialize SAB on BrowsingContext::PostMessageMoz was not allowed. And, this
patch fixes that. Now, SAB is able to be serialized if the callerWindow passes
the check for CrossOriginIsolated. Note that the deserialization for this case
is still not allowed because the caller window and target windows are assumed
to be in the two different agent cluster and thus the message event should
throw on the target window.

Comment 15

[Tom Tung [:tt, :ttung]]

try for D57641: https://treeherder.mozilla.org/#/jobs?repo=try&revision=fd242bfd86014216a89e7694bcdd65d20ab0ae11

Comment 16

[Tom Tung [:tt, :ttung]]

(In reply to Tom Tung [:tt, :ttung] from comment #15)

try for D57641: https://treeherder.mozilla.org/#/jobs?repo=try&revision=fd242bfd86014216a89e7694bcdd65d20ab0ae11

Hmm, looks like the Coop and Coep headers for the iframe in the failure test are set, but the remote type of that is wrong.

Comment 17

[Tom Tung [:tt, :ttung]]

(In reply to Tom Tung [:tt, :ttung] (OOO from 2019/12/23 ~ 2020/01/14)) from comment #16)

(In reply to Tom Tung [:tt, :ttung] from comment #15)

try for D57641: https://treeherder.mozilla.org/#/jobs?repo=try&revision=fd242bfd86014216a89e7694bcdd65d20ab0ae11

Hmm, looks like the Coop and Coep headers for the iframe in the failure test are set, but the remote type of that is wrong.

The crash tests failed because they hit the assertion for remote type.
The condition is:

Foo.com [Top-level-window]

• boo.com [iframe]

Assume the Coop and Coep headers are both set for them.

Expected:
Both foo.com and boo.com run on the process with WEB_REMOTE_COOP_COEP_TYPE_PREFIX (two different processes)

Actual:
Only foo.com run on the process with WEB_REMOTE_COOP_COEP_TYPE_PREFIX

And thus, we hit the assertion. Note that it's clear that boo.com cannot postMessage SAB to foo.com.

I'll file a bug for clarifying whether my understanding is correct or not. If it's, then we should fix the process switching stuff. If it's not, then we should just remove the assertion.

Comment 18

[Tom Tung [:tt, :ttung]]

(In reply to Tom Tung [:tt, :ttung] (OOO from 2019/12/23 ~ 2020/01/14)) from comment #17)

I'll file a bug for clarifying whether my understanding is correct or not. If it's, then we should fix the process switching stuff. If it's not, then we should just remove the assertion.

I plan to disable the failure test (/html/infrastructure/safe-passing-of-structured-data/shared-array-buffers/window-failure.https.html) so that we can test our implementation on Nightly users.

Note that without D57641, we would just throw while serializing in the below:

Foo.com [Top-level-window]

• Boo.com [iframe]

iframe Boo.com postMessage a SAB to Foo.com

I plan to reenable the test in bug 1605176. To do that, we need D57641 and another patch depends on the clarification.

Comment 19

[Tom Tung [:tt, :ttung]]

Attachment: Bug 1594748 - Disable a wpt test and figure out the solution on Bug 1605176;

Comment 20

[Phabricator Automation]

Comment on attachment 9116738 [details]
Bug 1594748 - Allow SAB to be serialized in BrowsingContext::PostMessageMoz();

Revision D57641 was moved to bug 1605176. Setting attachment 9116738 [details] to obsolete.

Comment 21

[Tom Tung [:tt, :ttung]]

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=3a0896712e2f5bbf18c98780f479117c6c9af899

Comment 22

[Tom Tung [:tt, :ttung]]

try: https://treeherder.mozilla.org/#/jobs?repo=try&revision=da955ed95df74ababd16f20b77446ff62ff4201d

Comment 23

[Tom Tung [:tt, :ttung]]

Previous two try look okay so I'm going to try to push these patches to autoland

Comment 24

[Pulsebot]

Pushed by ttung@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fa5691e5c5ce
Enable resab on Nightly except Android; r=bzbarsky
https://hg.mozilla.org/integration/autoland/rev/ed5da20c07ee
Expect the test for window.crossOriginIsolated to pass since we have implemented that; r=JuniorHsu
https://hg.mozilla.org/integration/autoland/rev/f8343d64ab6f
Disable a wpt test and figure out the solution on Bug 1605176; r=JuniorHsu

Comment 25

[Razvan Maries]

https://hg.mozilla.org/mozilla-central/rev/fa5691e5c5ce
https://hg.mozilla.org/mozilla-central/rev/ed5da20c07ee
https://hg.mozilla.org/mozilla-central/rev/f8343d64ab6f