1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-22 15:24:46 -05:00
denoland-deno/ext/ffi
Asher Gomez 6fb7e8d93b
feat(permissions): add "--deny-*" flags (#19070)
This commit adds new "--deny-*" permission flags. These are complimentary to
"--allow-*" flags.

These flags can be used to restrict access to certain resources, even if they
were granted using "--allow-*" flags or the "--allow-all" ("-A") flag.

Eg. specifying "--allow-read --deny-read" will result in a permission error,
while "--allow-read --deny-read=/etc" will allow read access to all FS but the
"/etc" directory.

Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly
by adding, a new "PermissionStatus.partial" field. This field denotes that
while permission might be granted to requested resource, it's only partial (ie.
a "--deny-*" flag was specified that excludes some of the requested resources).
Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for
permissions like "Deno.permissions.query({ name: "read", path: "foo/" })"
will return "PermissionStatus { state: "granted", onchange: null, partial: true }",
denoting that some of the subpaths don't have read access.

Closes #18804.

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
2023-08-03 13:19:19 +02:00
..
00_ffi.js fix(ext/ffi): UnsafeCallback can hang with 'deno test' (#19018) 2023-05-07 10:31:01 +00:00
call.rs feat(permissions): add "--deny-*" flags (#19070) 2023-08-03 13:19:19 +02:00
callback.rs feat(permissions): add "--deny-*" flags (#19070) 2023-08-03 13:19:19 +02:00
Cargo.toml 1.35.3 (#19947) 2023-07-26 10:18:02 -04:00
dlfcn.rs feat(permissions): add "--deny-*" flags (#19070) 2023-08-03 13:19:19 +02:00
ir.rs feat(ext/ffi): Replace pointer integers with v8::External objects (#16889) 2023-02-22 19:32:38 +02:00
lib.rs feat(permissions): add "--deny-*" flags (#19070) 2023-08-03 13:19:19 +02:00
README.md fix(ext/ffi): trampoline for fast calls (#15139) 2022-07-12 06:33:05 +05:30
repr.rs feat(permissions): add "--deny-*" flags (#19070) 2023-08-03 13:19:19 +02:00
static.rs feat(ext/ffi): support marking symbols as optional (#18529) 2023-04-03 21:32:21 +03:00
symbol.rs fix(ext/ffi): disallow empty ffi structs (#17487) 2023-01-21 21:21:14 +05:30
turbocall.rs perf: const op declaration (#18288) 2023-03-31 14:42:14 +02:00

deno_ffi

This crate implements dynamic library ffi.

Performance

Deno FFI calls have extremely low overhead (~1ns on M1 16GB RAM) and perform on par with native code. Deno leverages V8 fast api calls and JIT compiled bindings to achieve these high speeds.

Deno.dlopen generates an optimized and a fallback path. Optimized paths are triggered when V8 decides to optimize the function, hence call through the Fast API. Fallback paths handle types like function callbacks and implement proper error handling for unexpected types, that is not supported in Fast calls.

Optimized calls enter a JIT compiled function "trampoline" that translates Fast API values directly for symbol calls. JIT compilation itself is super fast, thanks to tinycc. Currently, the optimized path is only supported on Linux and MacOS.

To run benchmarks:

target/release/deno bench --allow-ffi --allow-read --unstable ./test_ffi/tests/bench.js