OpenWebAdvocacy / OpenWebCompetitionPlatform

Open Web Competition Platform is a repo for documenting and tracking issues related to browser and web competition. Its aim is to facilitate coordination between browser vendors, operating systems, developers, and industry to help document outstanding competition issues with an eye towards resolving them more quickly.
MIT License
5 stars 1 forks source link

Multi-process app model #3

Open RByers opened 10 months ago

RByers commented 10 months ago

Description

All modern browsers rely on multiple OS processes for security and reliability. For example this is essential to ensure that if one website crashes or hangs (uses too much memory, triggers a browser bug, or gets stuck in an infinite loop) that other websites can continue to function normally. For details see Chromium's multi-process architecture and Firefox's electrolysis project.

All modern OSes (including Windows, MacOS, Linux, Android and ChromeOS) make generic process creation and termination facilities available to applications. For example, see Android's processes and threads overview. On iOS these capabilities are restricted to the system and built-in WebKit browser engine, making any browser that doesn't use the built-in WebKit engine unreliable and insecure.

Outcome

APIs for spawning additional processes for a given application and killing processes which have been spawned. This must include at least:

Ideally, for performance optimization purposes, this would also include control over process and thread scheduling: freezing processes, setting process/thread priorities and core affinities.

RByers commented 9 months ago

Apple's newly announced BrowserEngineKit provides support for multiple processes as documented here. An initial review suggests the design looks reasonable, but we'll need to actually test it to be sure.

We have not yet succeeded in testing this in Chromium due to two issues:

Probably we are just making some mistake, but the limited documentation and lack of working sample code make this challenging. We are reaching out to Apple for support. I'd love to hear if anyone else has gotten this to work, perhaps we can use this issue as a public information sharing forum?

bratell-at-opera commented 6 months ago

While the use of multiple processes is reasonable based on security, it is still unclear how Apple's Application Extension model fits the monolith that is Chromium's architecture.

Application Extensions are supposed to be small add-on processes that perform a specific task or access a specific API only application extensions are allowed to use. For Chromium we reasonably have to use wrapper binaries on top of a shared Chromium binary and as far as I can tell, it is not clear from Apple's documentation if they are ok with such a solution. They are known to scan binaries for disallowed use of APIs and the shared binary will contain code that will reference APIs that are limited to specific Application Extensions. At the very least, Apple should make clear that this is ok.