diff --git a/packages/ses/NEWS.md b/packages/ses/NEWS.md index 163abaeadc..76c488740f 100644 --- a/packages/ses/NEWS.md +++ b/packages/ses/NEWS.md @@ -1,6 +1,12 @@ User-visible changes in `ses`: -# Unreleased +# Next release + +- Adds `ArrayBuffer.p.immutable` and `ArrayBuffer.p.transferToImmutable` as a shim for a future proposal. It makes an ArrayBuffer-like object whose contents cannot be mutated. However, due to limitations of the shim + - Unlike `ArrayBuffer` and `SharedArrayBuffer` this shim's ArrayBuffer-like object cannot be transfered or cloned between JS threads. + - Unlike `ArrayBuffer` and `SharedArrayBuffer`, this shim's ArrayBuffer-like object cannot be used as the backing store of TypeArrays or DataViews. + - The shim depends on the platform providing either `structuredClone` or `Array.prototype.transfer`. Node <= 16 provides neither, causing the shim to fail to initialize, and therefore SES to fail to initialize on such platforms. + - Even after the upcoming `transferToImmutable` proposal is implemented by the platform, the current code will still replace it with the shim implementation, in accord with shim best practices. See https://github.com/endojs/endo/pull/2311#discussion_r1632607527 . It will require a later manual step to delete the shim, after manual analysis of the compat implications. - If lockdown's `errorTrapping: 'report'` mode is selected (possibly via the `'platform'`, or `'exit'` or `'abort'` modes), uncaught exceptions will be @@ -75,7 +81,6 @@ User-visible changes in `ses`: in TypeScript), the stacktrace line-numbers point back into the original source, as they do on Node without SES. - # v1.5.0 (2024-05-06) - Adds `importNowHook` to the `Compartment` options. The compartment will invoke the hook whenever it encounters a missing dependency while running `compartmentInstance.importNow(specifier)`, which cannot use an asynchronous `importHook`. diff --git a/packages/ses/package.json b/packages/ses/package.json index 4cd3bfbdd3..31879a4e10 100644 --- a/packages/ses/package.json +++ b/packages/ses/package.json @@ -76,7 +76,8 @@ "test:platform-compatibility": "node test/package/test.cjs" }, "dependencies": { - "@endo/env-options": "^1.1.5" + "@endo/env-options": "^1.1.5", + "@endo/immutable-arraybuffer": "^0.1.0" }, "devDependencies": { "@endo/compartment-mapper": "^1.2.1", diff --git a/packages/ses/src/commons.js b/packages/ses/src/commons.js index 7b8c2ce3b7..a46de810b4 100644 --- a/packages/ses/src/commons.js +++ b/packages/ses/src/commons.js @@ -19,6 +19,7 @@ export { universalThis as globalThis }; export const { Array, + ArrayBuffer, Date, FinalizationRegistry, Float32Array, diff --git a/packages/ses/src/get-anonymous-intrinsics.js b/packages/ses/src/get-anonymous-intrinsics.js index cf402c3339..bfa00c8b92 100644 --- a/packages/ses/src/get-anonymous-intrinsics.js +++ b/packages/ses/src/get-anonymous-intrinsics.js @@ -14,6 +14,7 @@ import { matchAllSymbol, regexpPrototype, globalThis, + ArrayBuffer, } from './commons.js'; import { InertCompartment } from './compartment.js'; @@ -157,5 +158,15 @@ export const getAnonymousIntrinsics = () => { ); } + const ab = new ArrayBuffer(0); + // @ts-expect-error TODO How do I add transferToImmutable to ArrayBuffer type? + // eslint-disable-next-line @endo/no-polymorphic-call + const iab = ab.transferToImmutable(); + const iabProto = getPrototypeOf(iab); + if (iabProto !== ArrayBuffer.prototype) { + // In a native implementation, these will be the same prototype + intrinsics['%ImmutableArrayBufferPrototype%'] = iabProto; + } + return intrinsics; }; diff --git a/packages/ses/src/lockdown.js b/packages/ses/src/lockdown.js index 23bf238b60..4b86aefd02 100644 --- a/packages/ses/src/lockdown.js +++ b/packages/ses/src/lockdown.js @@ -15,6 +15,7 @@ // @ts-check import { getEnvironmentOption as getenv } from '@endo/env-options'; +import '@endo/immutable-arraybuffer/shim.js'; import { FERAL_FUNCTION, FERAL_EVAL, diff --git a/packages/ses/src/permits.js b/packages/ses/src/permits.js index 585d3c0c3f..298cbacb7a 100644 --- a/packages/ses/src/permits.js +++ b/packages/ses/src/permits.js @@ -1283,6 +1283,31 @@ export const permitted = { // https://github.com/tc39/proposal-arraybuffer-transfer transferToFixedLength: fn, detached: getter, + // https://github.com/endojs/endo/pull/2309#issuecomment-2155513240 + // to be proposed + transferToImmutable: fn, + immutable: getter, + }, + + // If this exists, it is purely an artifact of how we currently shim + // `transferToImmutable`. As natively implemented, there would be no + // such extra prototype. + '%ImmutableArrayBufferPrototype%': { + '[[Proto]]': '%ArrayBufferPrototype%', + byteLength: getter, + slice: fn, + // See https://github.com/tc39/proposal-resizablearraybuffer + transfer: fn, + resize: fn, + resizable: getter, + maxByteLength: getter, + // https://github.com/tc39/proposal-arraybuffer-transfer + transferToFixedLength: fn, + detached: getter, + // https://github.com/endojs/endo/pull/2309#issuecomment-2155513240 + // to be proposed + transferToImmutable: fn, + immutable: getter, }, // SharedArrayBuffer Objects diff --git a/packages/ses/test/immutable-array-buffer.test.js b/packages/ses/test/immutable-array-buffer.test.js new file mode 100644 index 0000000000..9e422589cb --- /dev/null +++ b/packages/ses/test/immutable-array-buffer.test.js @@ -0,0 +1,14 @@ +import test from 'ava'; +import '../index.js'; + +const { isFrozen, getPrototypeOf } = Object; + +lockdown(); + +test('ses Immutable ArrayBuffer shim installed and hardened', t => { + const ab1 = new ArrayBuffer(0); + const iab = ab1.transferToImmutable(); + const iabProto = getPrototypeOf(iab); + t.true(isFrozen(iabProto)); + t.true(isFrozen(iabProto.slice)); +}); diff --git a/yarn.lock b/yarn.lock index 1fcaf9170d..c622d16f61 100644 --- a/yarn.lock +++ b/yarn.lock @@ -495,7 +495,7 @@ __metadata: languageName: unknown linkType: soft -"@endo/immutable-arraybuffer@workspace:packages/immutable-arraybuffer": +"@endo/immutable-arraybuffer@npm:^0.1.0, @endo/immutable-arraybuffer@workspace:packages/immutable-arraybuffer": version: 0.0.0-use.local resolution: "@endo/immutable-arraybuffer@workspace:packages/immutable-arraybuffer" dependencies: @@ -10629,6 +10629,7 @@ __metadata: dependencies: "@endo/compartment-mapper": "npm:^1.2.1" "@endo/env-options": "npm:^1.1.5" + "@endo/immutable-arraybuffer": "npm:^0.1.0" "@endo/module-source": "npm:^1.0.1" "@endo/test262-runner": "npm:^0.1.39" ava: "npm:^6.1.3"