Add resource contention considerations (#765)

anssiko · github-actions[bot] · anssiko · commit 7249d3ecd516 · 2024-10-24T13:59:32.000Z
SHA: 2cc59c5 Reason: push, by anssiko Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
diff --git a/index.html b/index.html
@@ -7,7 +7,7 @@
   <link href="https://www.w3.org/StyleSheets/TR/2021/W3C-ED" rel="stylesheet">
   <meta content="Bikeshed version 44fb9b41e, updated Mon Oct 21 15:57:35 2024 -0700" name="generator">
   <link href="https://www.w3.org/TR/webnn/" rel="canonical">
-  <meta content="d1d71ede14cbb59a4a84dc6f1dbdffe34c2a6d09" name="revision">
+  <meta content="2cc59c56b5faa8250cee3e97fa5d095a30585b97" name="revision">
   <meta content="dark light" name="color-scheme">
   <link href="https://www.w3.org/StyleSheets/TR/2021/dark.css" media="(prefers-color-scheme: dark)" rel="stylesheet" type="text/css">
 <style>
@@ -1488,6 +1488,7 @@ <h2 class="heading settled" data-level="3" id="security"><span class="secno">3.
     This specification defines a low-level API for neural network inference hardware acceleration. This API is considered a powerful feature <a data-link-type="biblio" href="#biblio-powerful-features" title="Secure Contexts">[POWERFUL-FEATURES]</a> because it grants low-level access to a user’s computer. To meet the authentication and confidentiality expectations of a powerful feature and to prevent man-in-the-middle attacks, all interfaces defined by this specification are only available in a secure context. 
    <p>This API is disabled by default in all cross-origin frames using the <a href="#permissions-policy-integration">§ 6.4 Permissions Policy Integration</a>. This prevents third-party content from using this API unless the embedding page explicitly sets a policy that grants permission.</p>
    <p>This API allows creation of an <code class="idl"><a data-link-type="idl" href="#mlcontext" id="ref-for-mlcontext">MLContext</a></code> from a <code class="idl"><a data-link-type="idl" href="https://gpuweb.github.io/gpuweb/#gpudevice" id="ref-for-gpudevice">GPUDevice</a></code> defined by WebGPU specification. See <a href="https://gpuweb.github.io/gpuweb/#security-considerations">WebGPU Security Considerations</a> for more information regarding security characteristics of this context.</p>
+   <p>This API provides an abstraction across GPU, CPU, and dedicated ML accelerator hardware. When using a GPU, <a href="https://www.w3.org/TR/webgpu/#security-dos">denial of service</a> considerations similar to WebGPU apply. When using a CPU or a dedicated ML accelerator, the types of potential resource contention are different and mitigations will be implementation and configuration dependent. Implementations should use whatever mechanisms are available from the platform to prevent sites from using an unfair amount of system resources. These compute units are shared resources, and the use of any compute API will affect overall performance on a fully-loaded system.</p>
    <p>Once the graph is fully constructed and compiled, the input shapes into each of the operations in the graph are inferred and finalized. The bounds checking occurs when the compute method is invoked that executes the graph against the actual data. No actual data is bound to the compiled graph before this stage. It is the implementation’s responsibility to make sure proper bounds checking occurs against the shapes of the data already inferred by that time.</p>
    <p class="issue" id="issue-9e2aaedc"><a class="self-link" href="#issue-9e2aaedc"></a> Document operations susceptible to out-of-bounds access as a guidance to implementers.</p>
    <p>Implementations must defend against control-flow attacks based on changes to data considered to be constant. For example, optimizations in the underlying platform may assume that a weight remains unchanged throughout a computation. If the API allowed the contents of buffers holding weights to change during a computation then those optimization assumptions would be invalidated, causing undefined behavior in the underlying platform. The API mitigates this category of attacks from script by always copying or transferring buffers, but implementations should consider additional defenses such as process isolation of data assumed to be constant.</p>
