WeakMap API questions?

Bradley Meck bradley.meck at gmail.com
Fri Aug 27 06:35:43 PDT 2010

It is native code, all ECMAScript based solutions would leak as of right

I am also unsure you could tell what has been collected since you would need
to maintains a reference to that object, you could however tell how many
objects are left for possible collection. You could do a complex reverse
hashing possibly on a WeakMap an attacker creates, but then, if that
information was privy, why make the WeakMap key exposed outside of a
closure? A last point I would make on this if an Object used as a key is
near death (available for collection but 1 reference), if that reference
were in a non-key WeakMap, it would be possible to find out this information
anyway if i understand the gc algorithm. All you would need is to set a map
to contain the first object and have the second object point to the first
All in all I wanted to point out some valid uses of the keys that I
currently use. Both of which would leak terribly / not work if using
anything else.

On Thu, Aug 26, 2010 at 11:03 PM, Brendan Eich <brendan at mozilla.com> wrote:

> On Aug 26, 2010, at 8:19 PM, Bradley Meck wrote:
> I am not sure that would make it a regular map. Having the keys available
> does not ensure that the keys will not be collected.
> That's the crux of the matter. Mark Miller should weigh in, since he has
> argued this point in the past with some good arguments.
> The issue is that enumeration or even a weakmap.length property would
> convey what has been collected as garbage, and what has not yet been
> collected even though weakly referenced by a map entry. There could be
> strong refs elsewhere, or the GC might just not have gotten around to
> collecting the still-enumerated or counted-by-length entry.
> This makes a covert channel from the implementation's garbage collector,
> and it can be abused. The GC schedule may be deterministic, so as I
> understand it the issue is not non-determinism (or it's more than ND vs. D
> -- it's really the ability of attackers to tell what the GC considers live
> still).
> I personally use the keys on a personal implementation to check and see
> what callbacks may be outstanding, and if I need to reference all the
> Objects of a given type at once.
> How does your implementation work (or is it native code)?
> /be
> On Thu, Aug 26, 2010 at 8:14 PM, Waldemar Horwat <waldemar at google.com>wrote:
>> Erik Arvidsson wrote:
>>> 3. Why isn't there a way to iterate over the keys?
>> Because then it would be a regular map, not a weak map.  This is something
>> that only a debugger should be able to do.
>>   Waldemar
>> _______________________________________________
>> es-discuss mailing list
>> es-discuss at mozilla.org
>> https://mail.mozilla.org/listinfo/es-discuss
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20100827/44042e19/attachment.html>

More information about the es-discuss mailing list