Document privacy model #137
Conversation
PRIVACY_MODEL.md
Outdated
|
|
||
| Previous documentation used the term "hard private" to explain the guarantees, but that term may lead some to false conclusions. Here, we use the term *hidden*, defined as follows: | ||
|
|
||
| > A class element is *hidden* with the syntax `#name`, which makes it inaccessible except to those granted explicit access to it. |
There was a problem hiding this comment.
also, it makes its presence unobservable - this is important too.
PRIVACY_MODEL.md
Outdated
| @@ -0,0 +1,61 @@ | |||
| This proposal introduces new metaprogramming concepts on private fields and methods. This document describes the invariants, guarantees and scope of this privacy as a whole, in light of this feature. | |||
|
|
|||
| ## Private fields and methods are *hidden* | |||
There was a problem hiding this comment.
I don’t personally find the term “hidden” clear; hidden things can be found, private things can’t.
There was a problem hiding this comment.
I'd like to avoid the term "hard private" due to both the concerns @allenwb raised, and the fact that it sounds a little funny. Do you have an idea for another term?
There was a problem hiding this comment.
It’s unfortunate that other languages have ruined “private” with “not actually private”, because tbh that’s really the best term.
How about going the verbose route: “unobservable and inaccessible”?
There was a problem hiding this comment.
How would "inaccessible" be? I think we need to create a piece of jargon that we can make use of easily.
There was a problem hiding this comment.
hmm, i dunno - "phantom", like a phantom limb?
PRIVACY_MODEL.md
Outdated
| - Decorating an element, e.g., in `class { @dec #x; #y; }`, `@dec` can see `#x` but not `#y`. | ||
| - Decorating a class containing the element, e.g., in `@dec class { #x; #y; }`, `@dec` can see `#x` and `#y`. | ||
|
|
||
| Future proposals may also grant access to hidden elements, but this will always be through a mechanism which is syntactically apparent; implicit access will never be granted. For example, a `protected` contextual keyword could be added to classes which grants access to subclasses, and this access grant would be similar to that which decorators do. |
There was a problem hiding this comment.
I think this is a poor choice of example that will distract from the point being made. Can we pick a less controversial one?
There was a problem hiding this comment.
Sure, do you have any suggestions? Honestly I personally think decorators will be enough, so it's hard for me to think of an example that I actually want to go towards.
There was a problem hiding this comment.
i suppose we could have some kind of grant(otherFunction) syntax? I also agree that decorators would be enough; maybe the example should just be omitted entirely?
There was a problem hiding this comment.
I'm not sure what you mean by grant.
I'd like to make a statement about language evolution. Do you think I should omit this statement entirely? Or, do you have an idea for how to rephrase it?
There was a problem hiding this comment.
I think the statement is fine; I'm concerned about the specific example.
PRIVACY_MODEL.md
Outdated
|
|
||
| Previous documentation used the term "hard private" to explain the guarantees, but that term may lead some to false conclusions. Here, we use the term *hidden*, defined as follows: | ||
|
|
||
| > A class element is *hidden* with the syntax `#name`, which makes it inaccessible (for reads, writes and observing its presence) except to those granted explicit access to it. |
There was a problem hiding this comment.
I'm not attempting to match the spec's style here.
PRIVACY_MODEL.md
Outdated
| for (let i = 0; i < descriptor.elements.length; i++) { | ||
| let element = descriptor.elements[i]; | ||
| let arr = typeof element.key === "object" ? privateElements : elements; | ||
| arr[arr.length] = element; |
There was a problem hiding this comment.
Both privateElements and elements are undefined.
PRIVACY_MODEL.md
Outdated
| } | ||
| let result = decorator({...descriptor, elements}); | ||
| for (let i = 0; i < privateElements.length; i++) { | ||
| result.elements[result.elements.length] = privateElements[i]; |
There was a problem hiding this comment.
This leaks if result.elements is a proxy.
As discussed in #136, this is an important missing piece of documentation. cc @allenwb @erights