Mark S. Miller (2013-12-07T21:42:58.000Z)
domenic at domenicdenicola.com (2013-12-10T02:23:02.718Z)
On Sat, Dec 7, 2013 at 11:41 AM, Allen Wirfs-Brock <allen at wirfs-brock.com>wrote: > If the primary motivation is to ensure the integrity of freeze (and > seal??) then a [[Freeze]] mop operations seems like a better solution to > me. Actually, freeze and seal are examples. As another example, the SES startup uses Object.getOwnPropertyNames to do a thorough walk of the initial primordials, aside from the global object, and remove anything not on its whitelist. If it does find something not on its whitelist that it can't delete and doesn't know to be safe for other reasons, then it declares that this platform cannot be made SES-safe. That's why https://bugzilla.mozilla.org/show_bug.cgi?id=724768#c8 was such a problem for us. What the combination of non-extensible and getOwnProperties gives us is confidence that there's nothing there beyond what we see. > BTW, this seems like old territory, at one time we had a [[SetIntegrity]] > mop operation that could be used to implement both Object.freeze and > Object.seal. Why did we get rid of it? I remember I was for a time in favor of [[SetIntegrity]], and made arguments in support of it. However, it was additional semantic state that was approximately redundant with the state already there, and could get out of sync with it. If now were earlier in the ES6 cycle I would be open to reconsidering it. But it raised so many open questions that I don't think we should reopen it unless something is broken with the current plan. If we do reopen [[SetIntegrity]], we should decide to slip the schedule.
domenic at domenicdenicola.com (2013-12-10T02:22:46.259Z)
On Sat, Dec 7, 2013 at 11:41 AM, Allen Wirfs-Brock <allen at wirfs-brock.com>wrote: > If the primary motivation is to ensure the integrity of freeze (and > seal??) then a [[Freeze]] mop operations seems like a better solution to > me. Actually, freeze and seal are examples. As another example, the SES startup uses Object.getOwnPropertyNames to do a thorough walk of the initial primordials, aside from the global object, and remove anything not on its whitelist. If it does find something not on its whitelist that it can't delete and doesn't know to be safe for other reasons, then it declares that this platform cannot be made SES-safe. That's why < https://bugzilla.mozilla.org/show_bug.cgi?id=724768#c8> was such a problem for us. What the combination of non-extensible and getOwnProperties gives us is confidence that there's nothing there beyond what we see. > BTW, this seems like old territory, at one time we had a [[SetIntegrity]] > mop operation that could be used to implement both Object.freeze and > Object.seal. Why did we get rid of it? I remember I was for a time in favor of [[SetIntegrity]], and made arguments in support of it. However, it was additional semantic state that was approximately redundant with the state already there, and could get out of sync with it. If now were earlier in the ES6 cycle I would be open to reconsidering it. But it raised so many open questions that I don't think we should reopen it unless something is broken with the current plan. If we do reopen [[SetIntegrity]], we should decide to slip the schedule.