[ioquatix]

I'd argue that Vulkan IS designed for adversarial input. It deliberately provides a layer mechanism within the driver for validation of function calls. It's trivial to create your own layers and they can be used to validate EVERY entry point into the Vulkan driver.

[Rusky]

Validation layers were created so drivers could remove checks to improve performance. And regardless, properly handling adversarial input is much more involved than just a validation layer.

[ioquatix]

Yes, you are right, but solving the problem of adversarial input is probably NP. A validation layer can intercept every API call and validate it. It's probably the best you can do. The nice thing about it, is that you could actually use it in many different contexts, since, you know, Vulkan makes it a standard feature of the driver.

[Rusky]

It's not NP (whatever that means) if you're allowed to change the API instead of just inserting checks at each call.

Besides, Javascript doesn't really need driver support to intercept function calls...

[ioquatix]

NP means non-determinstically polynomial. Validating a GPU shader is undecidable if it include flow control. This is a problem for security.

> if you're allowed to change the API instead of just inserting checks at each call.

The only case is where you simply make the API so limited that it becomes decidable, e.g. remove all backwards flow control and recursion.

> Besides, Javascript doesn't really need driver support to intercept function calls...

Nope, it doesn't, but it makes for a more flexible approach when there is an existing model and implementation (validation layer) which supports this approach.

Improving the quality of the validation layer means that everyone benefits. It's also a massive job and thus, that something already exists, and is standardised, is a good approach.

[Rusky]

I know what NP means, my parenthetical implied that you used it in a way that made no sense.

Undecidable control flow does not inherently make validation undecidable, or NP, or anything else really. The key (like with any sort of type system) is that it's okay to reject some subset of valid programs in exchange for easy enforcement of the invariants you need.

[ioquatix]

> remove checks to improve performance

In addition to my other points, the Vulkan validation layers are objectively (and IMHO significantly) better for debugging than OpenGL ever was. It's not just to improve performance. The debugging and development experience is significantly improved.