WeakMap not the weak needed for zombie views

Till Schneidereit till at tillschneidereit.net
Sun Jul 6 11:27:50 PDT 2014


On Sun, Jul 6, 2014 at 7:45 PM, Filip Pizlo <fpizlo at apple.com> wrote:

> On Jul 6, 2014, at 9:30 AM, "Mark S. Miller" <erights at google.com> wrote:
>
> On Sun, Jul 6, 2014 at 7:47 AM, Katelyn Gadd <kg at luminance.org> wrote:
>
>> There are some fairly recent es-discuss threads about weak references.
>> I don't know if there is a consensus yet (it is very hard to tell) but
>> some people like Brendan are on record that there are real use cases
>> that require them. I've been pushing hard for them, along with the
>> author of embind. The question is mostly whether solving those
>> problems is worth the cost of exposing GC to content JS (though, if
>> memory serves, there was a claim in one of the discussion threads that
>> you can implement weakrefs without exposing GC - I'm not sure if that
>> was an 'I've figured it out' statement or just a hypothesis).
>>
>
> I would be very curious. It seems impossible by definition. Could you (or
> anyone) please try to find this? Thanks.
>
> What I have claimed is that we can isolate the communications channel that
> this provides in ways that make it a reasonable (IMO) security risk.
> Perhaps this is what you are thinking of?
>
>
> I've read this exchange and might be missing context. I'm intrigued by it
> and want to know more.
>
> Is the main opposition to weak references just the security implications
> of information revealed by GC?  Has anyone quantified how much information
> is leaked, or proved that this information cannot be obtained through
> already exposed APIs or language features?  I presume it has something to
> do with detecting if anyone else has a reference to an object.
>

Security is one concern, but I think that Mark's proposal covers this with
the "only collect weakrefs between turns" semantics.

I CC'd a few people who voiced strong opposition on our dev mailing list.
Posts containing arguments for their position are:
https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/zCjQrnnMtAMJ
https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/FHx26ioYyUkJ
https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/hLJiNqd8Xq8J
https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/IByxb_ZjulgJ

And an argument for alternative solutions to common weakref use cases:
https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/Zweq9VEqI0cJ

There's a lot more in that thread, but I think this roughly covers the main
arguments against weakrefs.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140706/2c2e51b3/attachment.html>


More information about the es-discuss mailing list