I'm aware of all those things, but look up-thread to see that this was about the performance and resource consumption argument where multi-process is the inferior choice, that's what this argument is about.
> And for bugs that just cause crashes without security implications, you can crash a single tab and let other tabs continue, let the main UI continue.
That's using non-security bugs as an argument for increasing memory footprint. It would be preferable to have those bugs fixed instead.
> Developing a strong IPC layer is not extremely difficult as it essentially boils down to reading a stream of messages from an untrusted source and detecting invalid messages without compromising yourself.
That's implementation complexity. But you also have to consider the performance overhead of proxying method access to arbitrary objects and bouncing each method invocation and its results back and forth. That's needed for backwards compatibility with addon code unaware of the process separation.
> And for bugs that just cause crashes without security implications, you can crash a single tab and let other tabs continue, let the main UI continue.
That's using non-security bugs as an argument for increasing memory footprint. It would be preferable to have those bugs fixed instead.
> Developing a strong IPC layer is not extremely difficult as it essentially boils down to reading a stream of messages from an untrusted source and detecting invalid messages without compromising yourself.
That's implementation complexity. But you also have to consider the performance overhead of proxying method access to arbitrary objects and bouncing each method invocation and its results back and forth. That's needed for backwards compatibility with addon code unaware of the process separation.
https://developer.mozilla.org/en-US/Firefox/Multiprocess_Fir...