6fb7e8d93b
This commit adds new "--deny-*" permission flags. These are complimentary to "--allow-*" flags. These flags can be used to restrict access to certain resources, even if they were granted using "--allow-*" flags or the "--allow-all" ("-A") flag. Eg. specifying "--allow-read --deny-read" will result in a permission error, while "--allow-read --deny-read=/etc" will allow read access to all FS but the "/etc" directory. Runtime permissions APIs ("Deno.permissions") were adjusted as well, mainly by adding, a new "PermissionStatus.partial" field. This field denotes that while permission might be granted to requested resource, it's only partial (ie. a "--deny-*" flag was specified that excludes some of the requested resources). Eg. specifying "--allow-read=foo/ --deny-read=foo/bar" and then querying for permissions like "Deno.permissions.query({ name: "read", path: "foo/" })" will return "PermissionStatus { state: "granted", onchange: null, partial: true }", denoting that some of the subpaths don't have read access. Closes #18804. --------- Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com> Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com> |
||
---|---|---|
.. | ||
00_ffi.js | ||
call.rs | ||
callback.rs | ||
Cargo.toml | ||
dlfcn.rs | ||
ir.rs | ||
lib.rs | ||
README.md | ||
repr.rs | ||
static.rs | ||
symbol.rs | ||
turbocall.rs |
deno_ffi
This crate implements dynamic library ffi.
Performance
Deno FFI calls have extremely low overhead (~1ns on M1 16GB RAM) and perform on par with native code. Deno leverages V8 fast api calls and JIT compiled bindings to achieve these high speeds.
Deno.dlopen
generates an optimized and a fallback path. Optimized paths are
triggered when V8 decides to optimize the function, hence call through the Fast
API. Fallback paths handle types like function callbacks and implement proper
error handling for unexpected types, that is not supported in Fast calls.
Optimized calls enter a JIT compiled function "trampoline" that translates Fast
API values directly for symbol calls. JIT compilation itself is super fast,
thanks to tinycc
. Currently, the optimized path is only supported on Linux and
MacOS.
To run benchmarks:
target/release/deno bench --allow-ffi --allow-read --unstable ./test_ffi/tests/bench.js