"no strict"; directive

David Herman dherman at mozilla.com
Thu Nov 15 13:16:08 PST 2012


On Nov 15, 2012, at 1:15 PM, David Herman <dherman at mozilla.com> wrote:

> On Nov 15, 2012, at 1:04 PM, Allen Wirfs-Brock <allen at wirfs-brock.com> wrote:
> 
>> On Nov 15, 2012, at 12:37 PM, Andrea Giammarchi wrote:
>> 
>>> I believe with is much more problematic than caller for all Engines out there. A reference to "who is invoking" cannot be that bad ... is it?
>> 
>> Yes it is!  It is a capability leak.  It give a callee access to functions that would otherwise be inaccessible to the callee.  Who knows what mischief can be accomplished by calling such functions.
> 
> What's more, it's totally inadequate as a stack walking tool. If any function appears twice in a call stack (most commonly in the presence of recursion), you can't walk the whole stack. You either have to detect the repeat and give up, or loop infinitely. So in addition to being a security, performance, and engineering nightmare, arguments.caller is pretty much useless.

And to be clear, it *is* a problem for engines: it prevents proper tail calls (or even tail call optimization).

Dave



More information about the es-discuss mailing list