Release Notes for 433

Notes for Release 433


Client Difference Log

API Changes

Added Function void StudioService:ShowPlaceVersionHistoryDialog() {RobloxScriptSecurity}
Added Function float Workspace:CalculateJumpDistance(float gravity, float jumpPower, float walkSpeed) {RobloxScriptSecurity}
Added Function float Workspace:CalculateJumpHeight(float gravity, float jumpPower) {RobloxScriptSecurity}

Added Tag [NotReplicated] to Class MultipleDocumentInterfaceInstance

Changed the security of Class DataModelSession 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Class MultipleDocumentInterfaceInstance 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Property Plugin.HostDataModelType 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Property Plugin.HostDataModelTypeIsCurrent 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Property Plugin.MultipleDocumentInterfaceInstance 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Function Plugin:GetItem 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Function Plugin:Invoke 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Function Plugin:OnInvoke 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Function Plugin:OnSetItem 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Changed the security of Function Plugin:SetItem 
	from: {PluginSecurity}
	  to: {RobloxScriptSecurity}

Removed Property Lighting.LegacyOutlines

(Click here for a syntax highlighted version!)


Aw. This feature was older than me–I mean my Roblox account! It’s quite sad to see it go :frowning_face:. Bid farewell, my friend :wave:!

Well, I better unpack my tables quick (about 15% faster :clock10: than normal):

Jokes aside, though, I really like this change (or will, when it comes out):

Because look at it now:

When your teacher tells you your computer handwriting is bad.

As you can clearly see, the white frame represents the text bounds (or what the property shows). There is noticeable margin, usually more in the Y direction than the X, but both are always present.

As always, lovin’ these Release Notes lately, keep it up, Roblox! :roblox: :roblox_light:


It’s here, rejoice!

Jokes aside, this was much needed; thanks!


Hope we can get this optimization for the shorthand too in the future when the code has type definitions, since I pretty much exclusively use the shorthand way where I can in all of my code. :crossed_fingers:


Does this mean chat messags that wrap one word past the first line will no longer be truncated? I’ve noticed sometimes when I chat, and the last word in my message overflows to the next line, the last word won’t show up in chat.


Agreed, and it would be neat if we could get a heads up if this is in the pipeline. I specifically recall changing all of my main modules from using next to pairs() due to the speed improvements, only to have said improvements ported over to the former a few weeks after.


It’s unfortunately much harder for us to implement this optimization for method call syntax, so it’s unlikely that we’re going to do that (soon).

The issue is that if you write string.byte, we know with 99% certainty that you’re referring to builtin method, and the only thing that’s necessary to confirm it is that the function environment hasn’t been substituted. Compared to that, :byte() requires more nuanced analysis to determine that, and requires a special-cased mechanism in the VM to confirm the prediction.

Once we have type information stable and universally available we can start investing into ways to use it to improve codegen, but it’s going to take quite some time. Very confident this won’t happen this year.


coroutine.wrap & coroutine.create

coroutine.wrap and coroutine.create supporting c-functions is cool, but I am slightly worried that it will break some games. Also does this mean c-functions can yield now? I don’t remember them being able to (similar to most metamethods)

I myself have built anti-cheats based off using the functionality that coroutine.wrap will always error when called with a c function. I have used this behavior to make sure that the function I’m about to call is a c-function and not changed to a lua function generated by some rogue client.

I have absolutely no clue if anyone else has shipped an anti exploit using a similar method, but there I personally would expect other people to have considering how keen some feel for anti-exploit development.

String library optimizations

NOO!!! All my beautiful micro-optimized (""):byte() calls!! Glad to switch though. I will for sure eat up that x4 faster call speed from string.byte!


I rely on the same create/wrap behaviour, but not for an anti exploit. H3x (my script sandboxing library) relies on it I believe, as well as several other currently private projects. I am, however, super glad for this change anyway because it means I can finally get some very cool stuff going I had ideas for a while back.


Some C-functions can yield; obviously one example is coroutine.yield :smiley: but also pcall and xpcall now support yielding.

This change can be useful when writing generic code, e.g. if I recall correctly some promise implementations need to work around this - you may want to run code that might yield, but it also might not yield, and you don’t know what function is being passed externally (Lua or C) so you couldn’t blindly use coroutine library and now you can.

As for the games breaking - so far I don’t think we’ve seen negative effects of this short of a malicious script module that started malfunctioning (which… seems… good?). In general though code that relies on odd corner cases of Lua API is fragile by definition. I’m not even sure the exploit detection based on this behavior is useful because Lua 5.1 also prohibits calling coroutine.wrap on C functions (Lua 5.2 relaxes this), and I’d expect exploiters to use a variant of Lua 5.1.

Anyway, the larger point is that when we fix an obscure corner case in Lua API in a way that doesn’t break any code that doesn’t rely on the specific error behavior, we generally speaking won’t treat some anti-exploit or obfuscation code breaking as a problem, since otherwise it’s too hard for us to evolve the platform.