change "harden" to share a WeakMap of already-frozen objects #195
Comments
|
can you use |
|
No, because const bad = Object.freeze([{}]);
// At this point, we have a frozen array containing
// a non-frozen object in its transitive API surface.
def(bad);If the call to |
|
In addition to labeling this an "enhancement" I also label it a "bug" because it is a huge performance bug. Normally, if there is no deviation from correct overt behavior I avoid "bug". But the performance shortfall here is huge. |
|
Noting again here that we're likely to change terminology from "deeply frozen" and such to "hardened". |
erights
changed the title
deepFreeze to share a WeakMap of already-frozen objects
|
This weakmap seems to be global mutable state. Why is that ok in this case? Also, is it shared between realms? Between calls to require('harden')? |
I'm going to open a separate issue to discuss this, I think we have an answer but I don't want to lose visibility when I close this as fixed in a few minutes. |
* remove `Nat` and `def` from the global environment #45
* provide a helper function named `s.makeRequire()` to build a `require`
endowment. This can be configured to enable `require('@agoric/nat')` or
`require('@agoric/harden')` (among others), so the same code can work
either inside or outside of a SES realm. For details of its configuration,
see the comments in the commit which landed it. #13
* harden() comes from `@agoric/make-hardener`, which doesn't climb
prototype/inheritance chains, but does complain if the prototype wasn't
already known to harden(). This avoids the "Ice-9" freeze-the-world
problem, and also serves to signal when an object from one realm is passed
into the harden() of a different realm. #15
* harden() now shares a WeakSet of previously-hardened objects #4
* use harden() instead of def() #39
* SES no longer depends upon Nat, but uses it during unit tests. Client code
that wants Nat should use `require('@agoric/nat')`. #45
* Include AsyncIteratorPrototype in the set of anonIntrinsics #58
* use eslint to format all SES code
Our current
def()function currently does too much work: it doesn't remember what's been frozen already, so it will re-freeze things like Function.prototype every time. To fix this, deepFreeze() needs to be turned into a "Freezer" object that retains a WeakMap of everything it has ever frozen, def() should take a Freezer, and the def() exposed as a global should close over the Freezer and deliver it here. deepFreezePrimordials() should use that same FreezerThis isn't a security issue, merely a performance one.
The text was updated successfully, but these errors were encountered: