WeakMap API questions?

Bradley Meck bradley.meck at gmail.com
Fri Aug 27 06:35:43 PDT 2010


It is native code, all ECMAScript based solutions would leak as of right
now.

I am also unsure you could tell what has been collected since you would need
to maintains a reference to that object, you could however tell how many
objects are left for possible collection. You could do a complex reverse
hashing possibly on a WeakMap an attacker creates, but then, if that
information was privy, why make the WeakMap key exposed outside of a
closure? A last point I would make on this if an Object used as a key is
near death (available for collection but 1 reference), if that reference
were in a non-key WeakMap, it would be possible to find out this information
anyway if i understand the gc algorithm. All you would need is to set a map
to contain the first object and have the second object point to the first
weakly.
All in all I wanted to point out some valid uses of the keys that I
currently use. Both of which would leak terribly / not work if using
anything else.

On Thu, Aug 26, 2010 at 11:03 PM, Brendan Eich <brendan at mozilla.com> wrote:

> On Aug 26, 2010, at 8:19 PM, Bradley Meck wrote:
>
> I am not sure that would make it a regular map. Having the keys available
> does not ensure that the keys will not be collected.
>
>
> That's the crux of the matter. Mark Miller should weigh in, since he has
> argued this point in the past with some good arguments.
>
> The issue is that enumeration or even a weakmap.length property would
> convey what has been collected as garbage, and what has not yet been
> collected even though weakly referenced by a map entry. There could be
> strong refs elsewhere, or the GC might just not have gotten around to
> collecting the still-enumerated or counted-by-length entry.
>
> This makes a covert channel from the implementation's garbage collector,
> and it can be abused. The GC schedule may be deterministic, so as I
> understand it the issue is not non-determinism (or it's more than ND vs. D
> -- it's really the ability of attackers to tell what the GC considers live
> still).
>
>
> I personally use the keys on a personal implementation to check and see
> what callbacks may be outstanding, and if I need to reference all the
> Objects of a given type at once.
>
>
> How does your implementation work (or is it native code)?
>
> /be
>
>
> On Thu, Aug 26, 2010 at 8:14 PM, Waldemar Horwat <waldemar at google.com>wrote:
>
>> Erik Arvidsson wrote:
>>
>>> 3. Why isn't there a way to iterate over the keys?
>>>
>>
>> Because then it would be a regular map, not a weak map.  This is something
>> that only a debugger should be able to do.
>>
>>   Waldemar
>>
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
>>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20100827/44042e19/attachment.html>


More information about the es-discuss mailing list