Are Private name and Weak Map the same feature? and the Assoc API

David Bruant bruant.d at gmail.com
Tue Dec 20 12:06:58 PST 2011


Le 20/12/2011 14:45, Andreas Rossberg a écrit :
> On 17 December 2011 00:24, Sam Tobin-Hochstadt <samth at ccs.neu.edu> wrote:
>> I used to think this way about private names and proxies, and argued
>> for this position. However, I was wrong and it's a bad idea.  Here's
>> why:
>>
>> You might want to implement an object with a private field and a
>> public method like this:
>>
>> let o = (function () { let n = new Name(); return { [n]: 0; get:
>> function() { return this[n]; }}})();
>>
>> But, if we don't censor private names in proxies, this abstraction leaks!
>>
>> Consider:
>>
>> let p = new Proxy(...);
>> o.get.call(p);
>>
>> Now the name is leaked to the proxy.  And there's no way you can fix
>> this, without resorting to some other method of hiding things like
>> closures.
> Hm, isn't this example rather demonstrating that the ability to do
> self stealing -- i.e., the lack of lexical `this' -- is violating
> basic abstraction principles (as we all know)?
This particular example used 'this', but similar examples may not.
-----
let marker = (function(){
    let n = new Name();
    let counter = 0;
   
    return {
        mark: function(o){
            o[n] = counter++;
        }
        readMark: function(o){
            return o[n];
        }
    };
})();

marker.mark(maliciousProxy);
-----

...and the name just leaked allowing a malicious proxy to mess with the
marking.


> That is, in JS you have
> to manually fix such abstractions using .bind on your methods (or
> potential nicer alternatives in ES6). Arguably, the problem is not
> proxies or private names (under David's semantics) per se.
>
> But of course, we cannot really fix `this', so we introduce public
> name conversion (and other ad-hoc complications surrounding private
> names) as compatibility hacks that prevent blatant leaks for existing
> JS idioms. It's not puristic, but it is convenient and pragmatically
> safer.
Indeed. What do you think of the different alternative proposals
(especially regarding the "ad-hoc complications" you point out)?

David


More information about the es-discuss mailing list