-
Notifications
You must be signed in to change notification settings - Fork 107
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document privacy model #137
Conversation
PRIVACY_MODEL.md
Outdated
|
||
Previous documentation used the term "hard private" to explain the guarantees, but that term may lead some to false conclusions. Here, we use the term *hidden*, defined as follows: | ||
|
||
> A class element is *hidden* with the syntax `#name`, which makes it inaccessible except to those granted explicit access to it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also, it makes its presence unobservable - this is important too.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Right, will add this.
PRIVACY_MODEL.md
Outdated
@@ -0,0 +1,61 @@ | |||
This proposal introduces new metaprogramming concepts on private fields and methods. This document describes the invariants, guarantees and scope of this privacy as a whole, in light of this feature. | |||
|
|||
## Private fields and methods are *hidden* |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don’t personally find the term “hidden” clear; hidden things can be found, private things can’t.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd like to avoid the term "hard private" due to both the concerns @allenwb raised, and the fact that it sounds a little funny. Do you have an idea for another term?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It’s unfortunate that other languages have ruined “private” with “not actually private”, because tbh that’s really the best term.
How about going the verbose route: “unobservable and inaccessible”?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How would "inaccessible" be? I think we need to create a piece of jargon that we can make use of easily.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmm, i dunno - "phantom", like a phantom limb?
PRIVACY_MODEL.md
Outdated
- Decorating an element, e.g., in `class { @dec #x; #y; }`, `@dec` can see `#x` but not `#y`. | ||
- Decorating a class containing the element, e.g., in `@dec class { #x; #y; }`, `@dec` can see `#x` and `#y`. | ||
|
||
Future proposals may also grant access to hidden elements, but this will always be through a mechanism which is syntactically apparent; implicit access will never be granted. For example, a `protected` contextual keyword could be added to classes which grants access to subclasses, and this access grant would be similar to that which decorators do. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is a poor choice of example that will distract from the point being made. Can we pick a less controversial one?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure, do you have any suggestions? Honestly I personally think decorators will be enough, so it's hard for me to think of an example that I actually want to go towards.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i suppose we could have some kind of grant(otherFunction)
syntax? I also agree that decorators would be enough; maybe the example should just be omitted entirely?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not sure what you mean by grant
.
I'd like to make a statement about language evolution. Do you think I should omit this statement entirely? Or, do you have an idea for how to rephrase it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the statement is fine; I'm concerned about the specific example.
PRIVACY_MODEL.md
Outdated
|
||
Previous documentation used the term "hard private" to explain the guarantees, but that term may lead some to false conclusions. Here, we use the term *hidden*, defined as follows: | ||
|
||
> A class element is *hidden* with the syntax `#name`, which makes it inaccessible (for reads, writes and observing its presence) except to those granted explicit access to it. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oxford comma :-p
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not attempting to match the spec's style here.
PRIVACY_MODEL.md
Outdated
for (let i = 0; i < descriptor.elements.length; i++) { | ||
let element = descriptor.elements[i]; | ||
let arr = typeof element.key === "object" ? privateElements : elements; | ||
arr[arr.length] = element; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both privateElements
and elements
are undefined
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
PRIVACY_MODEL.md
Outdated
} | ||
let result = decorator({...descriptor, elements}); | ||
for (let i = 0; i < privateElements.length; i++) { | ||
result.elements[result.elements.length] = privateElements[i]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This leaks if result.elements
is a proxy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed
As discussed in #136, this is an important missing piece of documentation. cc @allenwb @erights