Are Private name and Weak Map the same feature? and the Assoc API

Sam Tobin-Hochstadt samth at ccs.neu.edu
Wed Dec 21 03:41:55 PST 2011


On Wed, Dec 21, 2011 at 5:25 AM, Andreas Rossberg <rossberg at google.com> wrote:
>
>>> Hm, isn't this example rather demonstrating that the ability to do
>>> self stealing -- i.e., the lack of lexical `this' -- is violating
>>> basic abstraction principles (as we all know)?
>> This particular example used 'this', but similar examples may not.
>> -----
>> let marker = (function(){
>>    let n = new Name();
>>    let counter = 0;
>>
>>    return {
>>        mark: function(o){
>>            o[n] = counter++;
>>        }
>>        readMark: function(o){
>>            return o[n];
>>        }
>>    };
>> })();
>>
>> marker.mark(maliciousProxy);
>> -----
>>
>> ...and the name just leaked allowing a malicious proxy to mess with the
>> marking.
>
> Sure, but o here is just a random argument, and you can never make any
> assumptions about what gets passed as an argument (unless you have
> some kind of nominal type or branding mechanism).

In the absence of proxies, David's example is actually safe,
regardless of what object `o' is.  And you really need David's example
to work to make private names as useful as they can be -- otherwise,
it's just re-enabling |private| from Java, and not adding anything
more.
-- 
sam th
samth at ccs.neu.edu


More information about the es-discuss mailing list