Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatic conversion of ""platform"" code #14

Open
benjamingr opened this issue May 31, 2018 · 3 comments
Open

Automatic conversion of ""platform"" code #14

benjamingr opened this issue May 31, 2018 · 3 comments

Comments

@benjamingr
Copy link

I think there is a lot of value in prototyping a tool that converts "regular" code not using originals into code that is "safe" and using originals.

Ideally, we would use such a tool in Node.js to enforce nodejs/node#18795 and the web platform can use it to safely write APIs in JavaScript and expose them to the window.

This would require optimisation from the engine in order to be viable for platforms but this is definitely interesting to us.

Once the semantics here are finalised (let me know) I would love to take a stab at this and possibly build such a tool under the Node.js foundation. (cc @hashseed)

@benjamingr benjamingr changed the title Automatic conversion Automatic conversion of ""platform"" code May 31, 2018
@domenic
Copy link
Owner

domenic commented May 31, 2018

Yeah, we're actively exploring building such tooling in the Chrome team too. I jotted down some initial notes at https://github.com/domenic/get-originals#automatic-rewritingenforcement-of-robustness.

@ljharb
Copy link

ljharb commented Jun 1, 2018

How would you reliably detect usage of prototype methods? For example, ".has" does a brand check on Maps, but it could be called on any object at all, and many objects will have a method called "has".

@domenic
Copy link
Owner

domenic commented Jun 1, 2018

There's a lot of options, and a lot of exploration left to do. Off the top of my head:

  • With a type system, you would be able to tell if the LHS of the "." is a Map. This is complicated by the unsoundness of TypeScript as a popular type system; I can't tell if Flow is sound, although I see vague gestures in that direction. But soundness is only necessary if we want 100% perfection, which would be nice but IMO is not necessary if we have good enough heuristics.
  • As noted in the above link, one approach would be to just disallow all usage of "." at all. This is over-cautious, but in a generally good way, e.g. it would also prevent you from accidentally using your own API's public methods/properties when you really should be using private state. It remains to be seen whether this would work in practice, but skimming some of the code in async-local-storage, jsdom, and Chrome's Streams implementation, it looks like it might work.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants