qianqians'blog

The security requirements for WebGPU are the same as ever for the web, and are likewise non-negotiable. The general approach is strictly validating all the commands before they reach GPU, ensuring that a page can only work with its own data.

WebGPU的安全要求与web的安全要求一样，同样是不可妥协的。一般的方法是在所有命令到达GPU之前严格验证它们，确保页面只能使用自己的数据。

2.1.1. CPU-based undefined behavior

A WebGPU implementation translates the workloads issued by the user into API commands specific to the target platform. Native APIs specify the valid usage for the commands (for example, see vkCreateDescriptorSetLayout) and generally don’t guarantee any outcome if the valid usage rules are not followed. This is called “undefined behavior”, and it can be exploited by an attacker to access memory they don’t own, or force the driver to execute arbitrary code.

WebGPU实现将用户发出的工作请求转换为目标平台的特定API命令。本机API指定命令的有效用法（例如，请参见vkCreateDescriptorSetLayout），如果不遵循有效用法规则，通常不保证任何结果。这被称为“未定义行为”，攻击者可以利用它来访问他们不可访问的内存，或强制驱动程序执行任意代码。

In order to disallow insecure usage, the range of allowed WebGPU behaviors is defined for any input. An implementation has to validate all the input from the user and only reach the driver with the valid workloads. This document specifies all the error conditions and handling semantics. For example, specifying the same buffer with intersecting ranges in both “source” and “destination” of copyBufferToBuffer() results in GPUCommandEncoder generating an error, and no other operation occurring.

为了禁止不安全的使用，WebGPU为任何输入定义了允许的行为范围。一个实现必须验证来自用户的所有输入，并且只使用有效的工作负载到达驱动程序。本文档指定了所有错误条件和处理语义。例如，在copyBufferToBuffer（）的“源”和“目标”中指定具有相交范围的相同缓冲区会导致GPUCommandendCoder生成错误，并且不会发生其他操作。

See § 20 Errors & Debugging for more information about error handling.

见§ 20 Errors & Debugging，了解有关错误处理的更多信息。

Graphics Processing Units, or GPUs for short, have been essential in enabling rich rendering and computational applications in personal computing. WebGPU is an API that exposes the capabilities of GPU hardware for the Web. The API is designed from the ground up to efficiently map to the Vulkan, Direct3D 12, and Metal native GPU APIs. WebGPU is not related to WebGL and does not explicitly target OpenGL ES.

图形处理单元，简称GPU，对于在个人计算中实现丰富的渲染和计算应用至关重要。WebGPU是一种API，它暴露了用于Web的GPU硬件的功能。该API从头设计，能够高效地映射到Vulkan、Direct3D 12和Metal原生GPU API。WebGPU与WebGL无关，也不明确对应OpenGL ES。

WebGPU sees physical GPU hardware as GPUAdapters. It provides a connection to an adapter via GPUDevice, which manages resources, and the device’s GPUQueues, which execute commands. GPUDevice may have its own memory with high-speed access to the processing units. GPUBuffer and GPUTexture are the physical resources backed by GPU memory. GPUCommandBuffer and GPURenderBundle are containers for user-recorded commands. GPUShaderModule contains shader code. The other resources, such as GPUSampler or GPUBindGroup, configure the way physical resources are used by the GPU.

WebGPU将物理GPU硬件视为GPU适配器。它通过GPUDevice（管理资源）和设备的gpu队列（执行命令）提供到适配器的连接。GPUDevice可能有自己的内存，可以对处理单元进行高速访问。GPUBuffer和GPUTexture是GPU内存支持的物理资源。GPUCommandBuffer和GPURenderBundle是用户记录命令的容器。GPUShaderModule包含着色器代码。其他资源，如GPUSampler或GPUBindGroup，配置GPU使用物理资源的方式。

GPUs execute commands encoded in GPUCommandBuffers by feeding data through a pipeline, which is a mix of fixed-function and programmable stages. Programmable stages execute shaders, which are special programs designed to run on GPU hardware. Most of the state of a pipeline is defined by a GPURenderPipeline or a GPUComputePipeline object. The state not included in these pipeline objects is set during encoding with commands, such as beginRenderPass() or setBlendConstant().

GPU执行GPUCommandBuffers中编码的命令，方法是通过管道传送数据，这是固定功能和可编程阶段的混合。可编程阶段执行着色器，着色器是专为在GPU硬件上运行而设计的特殊程序。管道的大部分状态由GPURenderPipeline或GPUComputePipeline对象定义。这些管道对象中未包含的状态是在使用命令（如beginRenderPass()或setBlendConstant()进行编码时设置的。