Design Review #682

#682: State extension for JS Self-Profiling API.

Opened Oct 23, 2021

Braw mornin' TAG!

I'm requesting a TAG review of State extension for JS Self-Profiling API.

Non javascript execution is hard to identify in traces captured with JS Self-Profiling API: From a trace we cannot differentiate idle activity from top level UA activity, so for example code that triggers asynchronous rendering work cannot be measured properly.

Explainer¹: https://github.com/WICG/js-self-profiling/blob/main/markers.md
Security and Privacy self-review²: https://github.com/WICG/js-self-profiling/blob/main/markers.md#security-and-privacy-questionnaire
Primary contacts (and their relationship to the specification):
- [Corentin Pescheloche] (@cnpsc), [Facebook] (editor)
- [Andrew Comminos] (@acomminos), [Facebook] (editor)
Organization/project driving the design: Facebook
External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): https://www.chromestatus.com/feature/5676352050036736

Further details:

I have reviewed the TAG's Web Platform Design Principles
The group where the incubation/design work on this is being done (or is intended to be done in the future): WICG
The group where standardization of this work is intended to be done ("unknown" if not known): unknown

You should also know that...

this is an extension of draft specification published by WICG: https://wicg.github.io/js-self-profiling/

We'd prefer the TAG provide feedback as (please delete all but the desired option):

💬 leave review feedback as a comment in this issue and @-notify @cnpsc @acomminos

Discussions

2021-12-Madripoor

Minutes

Dan: so one feedback is that they jump right into talking about JS profiling without talking about the developer or user need.... A sentence such as "this is in service of making web apps more reliable" etc.. might be helpful.

Yves: can it be used to detect on the mobile if you are on battery saver mode... If you're profiling and you realise youre running slower than usual...

Dan: Fingerprinting issue?

Lea: seems like a stretch

Ken: Agree

Dan: Worth asking the question - have they considered how this could be used by fingerprinters and mitigation strategy...?

Ken: this is the extension of the existing profile API using markers... adding a marker to what's going on... so more detailed information... The developer marks what they're interested in .. they get a timestamp ..

Ken: not just scripting... also css, etc... system might work well on your super fast machine .. but might be very expensive layout on older devices...

Yves: if it's just markers then...

Ken: The sspec is called js self profiling but profiling things that are not javascript...

Lea: given that these markers are predefined the scope seems limited. At first I thought it was general purpose but doesn't seem to be the case...

Ken: you give the profiling a set of markers...

Dan: any cross-origin info?

Ken: no it's only for that tab - only for that origin.

Dan: seems like they need to be explain the mitigation a but more... leaves comment.

Ken: fine with the API... No difference.

Dan: it does enlarge of the scope ....

Ken: Definitely. Maybe it would be nice if ... it's good gor UAs ...

2022-02-14

Minutes

Dan: ken left a comment... no response so far...

assigns Sangwhan

Dan: this is about JavaScript performance. Explainer does not define the user need ...

Sangwhan: provenance - it's from a non-browser org... so this makes sense. Presumably they want to capture traces & profiles at the end user level instead of having to capture with devtools?

Dan: leaves comment

2022-02-21

Minutes

Max: We need to wait for a response from requester

Sangwhan: did we do any technical analysis?

Dan: my comments were all about process

Sangwhan: I'll look at it

2022-02-28

Minutes

Max: waiting for the authors to respond...

2022-04-04

Minutes