On 06/18/2010 11:29 AM, Daniel Koch wrote:
Yes it does. I've now studied Appendix A.
To clarify my position, I think that this thread is discussing 3 different things:
1. The requirements for shader validation.
2. The ways in which a shader could be maliciously manipulated to create a denial-of-service exploit.
3. The problems and issues connected with hardware and O/S features relating to overcoming 2. above.
My focus is on 2. I believe that for the widespread adoption of WebGL it is essential that all possible steps are taken to avoid DOS attacks.
If one of the ways of doing this is to put restrictions on the capabilities of the shaders then I would hope that:
1. Those restrictions should apply to all shader implementations
2. They should be clearly defined in the WebGL specification.
Sadly, although the points that have been discussed may help, I have a feeling that without some kind of enforceable timeout, malicious individuals will determine ways to write shaders which can pass validation but will still take an unacceptably long time to execute. Since it appears that the timeout is not going to be easy