Security Demands Simplicity (was: Private Slots)

Mark S. Miller erights at google.com
Thu Jan 17 09:27:28 PST 2013


(As usual, trying to write code in a hurry actually cost more time :(.
Sorry to have spent every else's time as well :(. )

class Purse {
    constructor(private balance) {}
    getBalance() { return balance; }
    makePurse() { return new Purse(0); }
    deposit(amount, srcPurse) {
        private(srcPurse).balance -= amount;
        balance += amount;
    }
}

expansion

let Purse = (function() {
    let amp = WeakMap();
    function Purse(balance) {
        amp.set(this, Object.seal({ balance: balance }));
    }
    Purse.prototype = {
        getBalance: function() { return amp.get(this).balance; },
        makePurse: function() { return new Purse(0); },
        deposit: function(amount, srcPurse) {
            amp.get(srcPurse).balance -= amount;
            amp.get(this).balance += amount;
        }
    }
    return Purse;
})();


When I said previously

"Ignore the use of accessors so that private field names track
variables. If we had instead stored the state in the private field and
compiled getBalance to use the field, that doesn't affect the
important issue."

it turns out only the second representation works, as above.

In any case, the "ignore" statement remains. This is all besides the
point I'm really trying to make. I hope my code is now corrected
enough for the real point to be clear. The Ephemeron gc technique
contributes nothing to the ability to reclaim space for such code
because of the relative lifetimes of the map and its keys.


More information about the es-discuss mailing list