Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

define harden rules using escape analysis? #35

Open
dckc opened this issue Feb 25, 2021 · 9 comments
Open

define harden rules using escape analysis? #35

dckc opened this issue Feb 25, 2021 · 9 comments
Labels
research-goal

Comments

@dckc
Copy link
Contributor

dckc commented Feb 25, 2021
edited
Loading

I seem to recall some difficulty figuring out static rules for harden() that weren't too onerous.

After last night's exploration (#34) the idea of using escape analysis to define when harden() is required popped into my head.

Here's hoping for time to explore / explain further...

src/compiler/escape-analysis.cc - v8/v8 - Git at Google
Escape Analysis in V8 with Tobias Tebbi - YouTube
Escape-Analysis-in-V8.pdf

Go: Introduction to the Escape Analysis | by Vincent Blanchon | A Journey With Go | Medium

compilers - What data-structure is best suited for escape analysis? - Computer Science Stack Exchange
@erights
Copy link

erights commented Feb 26, 2021

I would love to see this!

@dckc
Copy link
Contributor Author

dckc commented Feb 26, 2021
edited
Loading

reportedly...

Babel does escape analysis to detemine if there is actually a functional difference between the way var and let is used
-- javascript - Does ES6 `let` and `const` only work in compile time when compiled with babel? - Stack Overflow

should be in https://github.com/babel/babel/tree/main/packages/babel-plugin-transform-block-scoping somewhere...

p.s. oh my. let's hope we don't have to go there.

memory.ts does escape analysis, according to its readme. The code looks more reasonable, though I'm not sure which part of it is escape analysis.

@dckc
Copy link
Contributor Author

dckc commented Mar 14, 2021

I just re-discovered...

DoctorJS is based on Dimitris Vardoulakis‘s work this summer implementing CFA2 for JavaScript at Mozilla. -- Static Analysis FTW – Brendan Eich 2010

The DoctorJS link is dead (I haven't tried to find it elsewhere yet) but CFA2 looks interesting:

We describe CFA2, the first flow analysis with precise call/return matching in the presence of higher-order functions and tail calls.

@dckc
Copy link
Contributor Author

dckc commented Aug 14, 2021
edited
Loading

It occurred to me to add "coq" to my search terms for literature review of escape analysis; I haven't read these yet, but they look interesting:

@dckc dckc mentioned this issue Sep 28, 2021
Open
@dckc
Copy link
Contributor Author

dckc commented Jan 15, 2022

bingo!

II. B. Type Analysis
JSTAR performs a type analysis with flow-sensitivity and type-sensitivity for arguments.
-- JSTAR: JavaScript Specification Type Analyzer using Refinement

@dckc dckc mentioned this issue Jan 15, 2022
Open
@dckc dckc mentioned this issue Feb 15, 2022
Closed
@dckc
Copy link
Contributor Author

dckc commented Feb 24, 2023

@gibson042 presented some work on tsc extensions for static analysis of comparisons (to be sure our branded time stuff is used correctly everywhere). I asked about using a similar approach for checking correct usage of harden().

@michaelfig suggested that it's largely orthogonal to types, except that the never type might do control-flow-analysis in a way that could be relevant.

@gibson042 noted a tsc extension support library that enables advanced queries that might help too.

@dckc dckc mentioned this issue May 4, 2023
Merged
@dckc
Copy link
Contributor Author

dckc commented May 4, 2023

@Jake-Gillberg, you asked about ways to dig into the Agoric platform. This would be a fantastic one.

I think the rule that we're trying to enforce with static analysis is stated canonically in https://github.com/endojs/Jessie#must-freeze-api-surface-before-use :

To enable sound static reasoning, in Jessie all objects made by literal expressions (object literals, array literals, the many forms of function literals) must be tamper-proofed with harden before they can be aliased or escape from their static context of origin. Thus, direct property mutation can only be used to prepare an object for release. Use of harden then marks the object as being ready for use by its clients, who are thereby unable to mutate its properties. During an object's initialization phase, due to the lack of aliasing, each mutation can be reasoned about as-if it replaces the object in place with a derived object holding the new property.

@Jake-Gillberg
Copy link

Jake-Gillberg commented May 6, 2023
edited
Loading

collecting some links:

this thread proposes a "imperfect but worthwhile" linting rule that could probably be added to the jessie es-lint extension. i wonder if it got implemented - https://github.com/Agoric/agoric-sdk/pull/4553/files#r806450281

another thread on how harden should be used - Agoric/agoric-sdk#7585 (comment)

https://www.npmjs.com/package/@jessie.js/eslint-plugin - the jessie es-lint plugin doesn't seem to have a home on github?

hmm, this might be useful? https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-javascript-and-typescript/#source-nodes

@dckc
Copy link
Contributor Author

dckc commented May 6, 2023

https://www.npmjs.com/package/@jessie.js/eslint-plugin - the jessie es-lint plugin doesn't seem to have a home on github?

oops... missing link. But the source is https://github.com/endojs/Jessie/tree/main/packages/eslint-plugin

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
research-goal
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@dckc @erights @Jake-Gillberg