memory safety and weak references

Marius Gundersen gundersen at gmail.com
Mon Apr 1 13:22:34 PDT 2013


This seems to be more a problem with the garbage collector than with weak
references. If I understood it correctly, any double value can look like a
pointer, and the garbage collector will check what it is pointing at. To me
this seems like a source for memory leaks. This problem exists even without
weak references (or weak iterable maps/sets); the weak references just
makes it observable. Does this mean the main reason weak references (or,
again, weak iterable maps/sets) are not to be implemented is because of a
bug in the garbage collector of popular JS enginges? As noted earlier, the
implementation of the garbage collector is not specified in the ecmascript
standard, so this is a problem with implementors, not with the
specification.

Again, I'm far from an expert on GC or JS implementations (and would love a
simplified explanation if I have misunderstood the problem), but this seems
less like a problem with weak references, and more like a problem with
specific implementations of GCs.

Marius Gundersen


On Fri, Mar 29, 2013 at 3:47 AM, Oliver Hunt <oliver at apple.com> wrote:

>
> On Mar 29, 2013, at 7:36 AM, David Herman <dherman at mozilla.com> wrote:
>
> > On Mar 27, 2013, at 4:52 AM, Sam Tobin-Hochstadt <samth at ccs.neu.edu>
> wrote:
> >
> >> On Tue, Mar 26, 2013 at 11:44 PM, Oliver Hunt <oliver at apple.com> wrote:
> >>> That said I believe that this does kill any dreams i may have had
> w.r.t primitive-keyed WeakMaps, kudos to MarkM.
> >>
> >> Wouldn't a primitive-keyed WeakMap just be a strong Map for those
> >> keys?  And therefore immune to any GC attacks?
> >
> > Indeed, and also deeply misleading (a weak map with strongly held
> entries?), which is why I argued that WeakMap should disallow primitive
> keys.
> >
> > Oliver-- can you clarify what you were hoping for?
>
> I was dreaming of primitive keys, i was convinced in an earlier meeting of
> the problems that they would cause, but this security problem is a nail in
> the coffin :-/
>
> >
> > Dave
> >
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20130401/2350e86b/attachment.html>


More information about the es-discuss mailing list