Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Alternative `harden` implementation approach

See original GitHub issue

What is the Problem Being Solved?

The current implementation of harden uses membership in a WeakSet to determine whether various objects, functions, etc. have already been hardened. This prevents infinite recursion and improves performance by preventing walking already-frozen object graphs. The algorithm cannot just use isFrozen for the test because a user could manually freeze objects that reference still-mutable state.

That hardened WeakSet can get very large, whereas in both typical JavaScript programs and in Agoric’s model using harden, Object.freeze is rarely used. Can we eliminate the need for the large hardened set?

Description of the Design

This alternative implementation approach is inspired by the assumption that we harden many more objects than we just freeze. So we record the usages of freeze instead.

change the hardened WeakSet to a onlyFrozen WeakSet.
shim Object.freeze to both freeze the object and add it to the onlyFrozen set
isFrozen is unchanged
harden just recursively freezes. If it finds a frozen object, it checks whether it’s in the onlyFrozen set. If so, it removes it from the set and recurs on it
if freeze cannot be shimmed early enough, then lockdown may use a hardened set to recur into frozen things it has not seen before.

As a result, isHardened(o) is isFrozen(o) && !onlyFrozen.has(o)

Security Considerations

3 potential concerns:

objects frozen before lockdown is called
freezing things without using Object.freeze
things that get frozen by the execution semantics

Re #2, @erights had some insight:

Need to also patch Object.preventExtensions, {Object,Reflect}.{defineProperty,defineProperties} since those can make an object frozen. Actually, once an object is non-extensible, it is too easy to make it accidentally frozen, such a property deletion. I think you should mark everything made non-extensible, since that’s a narrower funnel. IIUC, it does not hurt to take a non-extensible but non-frozen object and put it into onlyFrozen just in case. [I agree]

Issue Analytics

State:
Created 2 years ago
Comments:12 (11 by maintainers)

Top GitHub Comments

1reaction

erightscommented, May 4, 2021

Also, Dean found a third case that I forgot: The ThrowTypeError object. But it is already included in our primordials and hardened on lockdown, so not a problem.

1reaction

erightscommented, May 4, 2021

because isFrozen can never be true for them.

Unless they’re empty, in which case, like the templates array, they’re transitively immutable anyway, and so not a threat.

Top Results From Across the Web

The updated Consolidated Framework for Implementation ...

Determinant frameworks provide a base set of concepts, terms, and definitions by which to articulate dynamic complex contexts and develop much ...

Planning for Implementation Success Using RE-AIM and CFIR ...

Our study addresses an important gap in implementation science—illustrating how complementary application of evaluation (RE-AIM) and explanatory ...

Using an implementation science approach to ... - Springer Link

Using an implementation science approach to implement and evaluate patient-reported outcome measures (PROM) initiatives in routine care settings.

Step 7: Implementing Alternative - NDSU Agriculture

This step relies on methodologies described in previous steps (primarily steps 5 and 6). The emphasis in transitional plan is on envisioning and...

Speculative Load Hardening — LLVM 13 documentation

Alternative: Harden the loaded value int value2 = *pointer2 ... The performance is heavily dependent on a particular architecture's implementation strategy.