WeakMap not the weak needed for zombie views

Filip Pizlo fpizlo at apple.com
Sun Jul 6 13:11:19 PDT 2014


Thanks for gathering those links. I rather like Mark's proposal. Does anyone believe that there are security holes if we do the between-turns semantics?

My reading of the linked Mozilla discussions seems to be that some GC implementors think it's hard to get the feature right and that it pessimises the theoretical performance of some algorithms. Jvms have had this feature for a long time and at least one JS engine (JSC) has had it internally for years, and combining weak refs with all manner of exotic GCs is very well understood in the art.

-Filip

> On Jul 6, 2014, at 11:27 AM, Till Schneidereit <till at tillschneidereit.net> wrote:
> 
>> On Sun, Jul 6, 2014 at 7:45 PM, Filip Pizlo <fpizlo at apple.com> wrote:
>>> On Jul 6, 2014, at 9:30 AM, "Mark S. Miller" <erights at google.com> wrote:
>>> 
>>>> On Sun, Jul 6, 2014 at 7:47 AM, Katelyn Gadd <kg at luminance.org> wrote:
>>>> There are some fairly recent es-discuss threads about weak references.
>>>> I don't know if there is a consensus yet (it is very hard to tell) but
>>>> some people like Brendan are on record that there are real use cases
>>>> that require them. I've been pushing hard for them, along with the
>>>> author of embind. The question is mostly whether solving those
>>>> problems is worth the cost of exposing GC to content JS (though, if
>>>> memory serves, there was a claim in one of the discussion threads that
>>>> you can implement weakrefs without exposing GC - I'm not sure if that
>>>> was an 'I've figured it out' statement or just a hypothesis).
>>> 
>>> I would be very curious. It seems impossible by definition. Could you (or anyone) please try to find this? Thanks.
>>> 
>>> What I have claimed is that we can isolate the communications channel that this provides in ways that make it a reasonable (IMO) security risk. Perhaps this is what you are thinking of?
>> 
>> I've read this exchange and might be missing context. I'm intrigued by it and want to know more. 
>> 
>> Is the main opposition to weak references just the security implications of information revealed by GC?  Has anyone quantified how much information is leaked, or proved that this information cannot be obtained through already exposed APIs or language features?  I presume it has something to do with detecting if anyone else has a reference to an object. 
> 
> Security is one concern, but I think that Mark's proposal covers this with the "only collect weakrefs between turns" semantics.
> 
> I CC'd a few people who voiced strong opposition on our dev mailing list. Posts containing arguments for their position are:
> https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/zCjQrnnMtAMJ
> https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/FHx26ioYyUkJ
> https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/hLJiNqd8Xq8J
> https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/IByxb_ZjulgJ
> 
> And an argument for alternative solutions to common weakref use cases:
> https://groups.google.com/d/msg/mozilla.dev.tech.js-engine.internals/V__5zqll3zc/Zweq9VEqI0cJ
> 
> There's a lot more in that thread, but I think this roughly covers the main arguments against weakrefs.
> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/es-discuss/attachments/20140706/1c2fd701/attachment.html>


More information about the es-discuss mailing list