Hacker News new | past | comments | ask | show | jobs | submit login

Think about bindless as raw pointers vs handles.

In bindless (pointers) you say "at this GPU memory location I have a texture with this params".

In non-bindless you say "API create a texture with these params and give me a handle I will later use to access it".

Bindless gives you more flexibility, but it's also harder to use since it's now your responsability to make sure those pointers point at the right stuff.




It's a bit more complex than that. In classical OpenGL (and thus WebGL) "bindless" is more significant: You had to bind resources to numbered stages like TEXTURE2 in order to render, so every object with a unique texture required you to make a bunch of API calls to switch the textures around. People rightly rejected that, which led to bindless rendering in OpenGL. Even then however you still had to create textures, the distinction is that you no longer had to make a billion API calls per object in order to bind them.

Critically however, things like vertex buffers and fragment/vertex shaders are also device state in OpenGL, and bindless textures don't fix that. A fully bindless model would allow you to simply hand the driver a bundle of handles like 'please render vertices from these two vertex buffers, using this shader, and these uniforms+textures' - whether or not you have to allocate texture handles first or can provide the GPU raw texture data is a separate question.


How badly can you wreck state in bindless? Badly enough to see the pointers of another process or detect a lot of high-detail information on what computer is running the program?

If so, that'd be a non-starter for a web API. Web APIs have to be, first and foremost, secure and protect the user's anonymity.


On Windows GPU memory space is virtualized by the OS, so it has the same kinds of access controls as regular system memory.

Linux/Mac also support GPU virtualized memory, but I'm not sure if it's always enabled.


“The web” should not first and foremost protect anonymity. It should do what humans need it to do ideally while keeping users private and secure. If there’s a concern, my browser should ask me if I’m willing to share potentially sensitive information with a product or service. I fucking hate this weird angsty idea that the web is only designed for anonymous blobs and trolls.


Letting advertisers identify you through some web accessible GPUs interface so they can track your every move and sell the data to all comers … won’t help you fight anonymous online trolls.


So let me opt in to it rather than neuter it.


All of this is in the context of a browser. If a misbehaving web app uses pointers for memory from another process, that should be blocked by all of the same things that prevent non-privileged apps from doing the same thing.


Agreed, as long as they sandbox properly (because it's also important that you can't use the API to find out information from another tab).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: