memory safety and weak references

Brendan Eich brendan at mozilla.com
Mon Apr 1 13:39:43 PDT 2013


Marius Gundersen wrote:
> This seems to be more a problem with the garbage collector than with 
> weak references. If I understood it correctly, any double value can 
> look like a pointer,

No, that's not the issue in this (sub-)thread. Oliver was just 
recollecting thoughts about a position he took in favor of WeakMaps 
having non-object keys.

You're right that any double (e.g.) that might be confused for a pointer 
in a VM implementation makes a bad bug, and VMs must carefully avoid 
(find and fix!) such bugs.

The issue about non-object WeakMap keys was about semantics only, not 
implementation safety bugs. If I can put "42" in a WeakMap, it can never 
be removed, since I can "forge" that value by uttering the "42" literal 
again, or (in a way refractory to analysis) concatenating "4" and "2", etc.

/be

> and the garbage collector will check what it is pointing at. To me 
> this seems like a source for memory leaks. This problem exists even 
> without weak references (or weak iterable maps/sets); the weak 
> references just makes it observable. Does this mean the main reason 
> weak references (or, again, weak iterable maps/sets) are not to be 
> implemented is because of a bug in the garbage collector of popular JS 
> enginges? As noted earlier, the implementation of the garbage 
> collector is not specified in the ecmascript standard, so this is a 
> problem with implementors, not with the specification.
>
> Again, I'm far from an expert on GC or JS implementations (and would 
> love a simplified explanation if I have misunderstood the problem), 
> but this seems less like a problem with weak references, and more like 
> a problem with specific implementations of GCs.
>
> Marius Gundersen
>
>
> On Fri, Mar 29, 2013 at 3:47 AM, Oliver Hunt <oliver at apple.com 
> <mailto:oliver at apple.com>> wrote:
>
>
>     On Mar 29, 2013, at 7:36 AM, David Herman <dherman at mozilla.com
>     <mailto:dherman at mozilla.com>> wrote:
>
>     > On Mar 27, 2013, at 4:52 AM, Sam Tobin-Hochstadt
>     <samth at ccs.neu.edu <mailto:samth at ccs.neu.edu>> wrote:
>     >
>     >> On Tue, Mar 26, 2013 at 11:44 PM, Oliver Hunt <oliver at apple.com
>     <mailto:oliver at apple.com>> wrote:
>     >>> That said I believe that this does kill any dreams i may have
>     had w.r.t primitive-keyed WeakMaps, kudos to MarkM.
>     >>
>     >> Wouldn't a primitive-keyed WeakMap just be a strong Map for those
>     >> keys?  And therefore immune to any GC attacks?
>     >
>     > Indeed, and also deeply misleading (a weak map with strongly
>     held entries?), which is why I argued that WeakMap should disallow
>     primitive keys.
>     >
>     > Oliver-- can you clarify what you were hoping for?
>
>     I was dreaming of primitive keys, i was convinced in an earlier
>     meeting of the problems that they would cause, but this security
>     problem is a nail in the coffin :-/
>
>     >
>     > Dave
>     >
>
>     _______________________________________________
>     es-discuss mailing list
>     es-discuss at mozilla.org <mailto:es-discuss at mozilla.org>
>     https://mail.mozilla.org/listinfo/es-discuss
>
>
> _______________________________________________
> es-discuss mailing list
> es-discuss at mozilla.org
> https://mail.mozilla.org/listinfo/es-discuss


More information about the es-discuss mailing list