Re: Dynamic class default (was Re: Class method addition...)
On 2008-04-07, at 12:25 EDT, Lars Hansen wrote: But there is a mixture of constrained and unconstrained defaults in our current choices FWIW, Dylan used only sealed/open for classes and methods and had the interesting default that classes and methods were open within a module (the equivalent of a package, if we still have them) but sealed outside the module unless explicitly declared otherwise. To put it in implementation terms, you don't burden the programmer with annotating code that the compiler can clearly analyze to determine intent, but you also let the complier make optimizations that would be painful or impossible to make in a linker. ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
I'm late to the party here, but agree 100% with Steven's point that a language cannot create security. In Dylan, we called the need to declare to get dynamic-ness pay as you go. The programmer is made aware, by requiring a non-default declaration, that the feature asked for costs more. If you're counting votes, I vote for not dynamic by default. But my reason is performance, not security. ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Dynamic class default (was Re: Class method addition...)
Whitelisting is better than blacklisting is not something you want applied to web pages and books, shops and products, and dare I say it, tourists and immigrants. Security maxims are useful to keep in mind, but aren't always appropriate. Security is fundamentally about preventing people from doing things. Of course, the aim is to prevent people from doing *bad* things, but there are two problems: 1) regardless of intentions, you invariably stop people from doing *good* things as well (deadlocked doors stop thieves, but also emergency workers); and 2) people have differing ideas on what's good and bad. Hence, compromise is essential. Javascript inhabits a strange world. Perhaps more than any other programming language, it is constantly used to mediate between strangers, so security would seem a vital concern. But it isn't. More on that in a moment. Typically, Javascript developers need to deal with 3 layers of code: the browser (or viewer), 3rd party libraries and the developer's own code (often split between libraries and immediate code). The last is the simplest case for changes: when developers find things that need changing in their own code, they can simply edit, rewrite or refactor. When developers find things that need changing in 3rd party libraries, they usually have two choices: they can edit the library (since the source is commonly available) or they can 'cascade' their own modifications, in the way style sheets can be cascaded. The second choice is usually best: there is a clean separation between the developers' code and the 3rd party library. Upgraded versions of the library can be incorporated with less fuss, because your extensions file behaves like a cvs patch file. Without prototypes (and overrides of classes and class members), the only way to achieve 'cascading scripts' is to write your own classes and functions that serve as proxies for the underlying classes and functions in the 3rd party library. This is invariably unwieldy because you constantly have to convert between your own class and the library class, even though they are entirely the same class from your own perspective. Then there is the browser. Developers have just one choice here: they can change the 'in-built library' through prototypes/overrides, or *not* *at* *all*. Not a big deal --- unless you're dealing with a browser vendor that has fallen asleep for 5 years, or you're dealing with browser developers who refuse to add your pet requests. Or, indeed, if you simply need to temporarily enhance or alter the default behaviour for whatever reasons. And there are plenty of reasons for developers to change browsers' in-built libraries. Often this is due to shortcomings in the browser. 'document.getElementsByClassName' from the Prototype library is an illuminating example that has recently been brought to light due to standardisation ( http://ejohn.org/blog/getelementsbyclassname-pre-prototype-16/ ). John (and many commenters there) take a pessimistic view of the grass-roots implementation of this method, but I consider this case an excellent example of just how valuable unfettered extensibility can be. Other times, the desire to 'extend the browser' is just a consequence of pragmatic needs. For example, I'm currently writing a Firefox extension that saves pages in a single html file (using data: urls). One of the problems I noticed was that when I saved a document to disk and then opened it, some elements appeared double. The reason was simple enough: these pages were using document.write to generate parts of the page. Since I was saving the generated page, the document.writes would run a second time. Due to the extensibility of Javascript, the solution was equally simple: set document.write to a null function during page load. I could give example after example, but I'll leave it there (although I do want to mention the possibility for grass-roots prototyping, and possibly implementation, of new markup languages). My point is not merely to show that extensibility is useful, but that *unfettered* extensibility is even more useful. (Lars asked the question.) Browser developers and library writers are neither omniscient nor seers. Innovation grows in unlikely places and evolution, despite what some people may want, is not directed by intelligent design. Even if you agree with me that unfettered extensibility can be useful, I would still have to show that it is no great threat to security. I'll repeat (and develop) what I've already said on Brendan's blog: security is the concern of the environment (browser, OS, etc.) not the language. Thankfully, security is also a fairly simple issue for browsers to handle. The take home message? Don't send cookies (data) between untrusted domains. Right now, browsers do this very wrong and put their users at risk. For any website, there are 3 relevant parties involved. The server, the user and the (potentially uninformed) 3rd party content providers (here just called the
Re: Dynamic class default (was Re: Class method addition...)
On Apr 6, 2008, at 8:10 PM, Kris Zyp wrote: Since you grant use-cases for sealing objects against mutation, are you simply arguing about what the default should be (that 'dynamic class' should not be required to get an extensible-instance factory, that 'class' should do that)? Well if it is up for debate... Can we have classes be dynamic by default, and non-dynamic if the class is declared to be final? 'final' already means can't be overridden for methods and can't be extended by subclassing for classes in several languages. Adding another meaning, even if it's of the same mood, seems like a bad idea to me. What's the point of your request? If you mean to promote AOP (a sacred cow, per my last message to you, reply-less :-P), you risk degrading overall integrity, or merely imposing a syntax tax as most class users have to say inextensible class (kidding, but it would have some contextual keyword in front -- and not static). The default should match the common case as decided by programmers using classes because they want greater integrity than they get with closures. Even if a class's instances are extensible, it doesn't mean the fixed properties (fixtures) can be AOP'ed. It just means certain objects can be dressed up to resemble others, by some like relation -- for good or ill. /be ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
'final' already means can't be overridden for methods and can't be extended by subclassing for classes in several languages. Adding another meaning, even if it's of the same mood, seems like a bad idea to me. What's the point of your request? If you mean to promote AOP I don't know what the connection would be. (a sacred cow, per my last message to you, reply-less :-P) I ran out of arguments :). , you risk degrading overall integrity, or merely imposing a syntax tax as most class users have to say inextensible class (kidding, but it would have some contextual keyword in front -- and not static). Just a idea for budget cuts, it's rejection doesn't bother me, not an important issue to me. Kris ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
Making classes dynamic by default is likely to make the verifier -- what we previously called strict mode -- less effective, because a reference o.x cannot be flagged as an error unless o is known to be an instance of a sealed class that doesn't have an 'x'; if classes are sealed by default then more errors will likely be caught early. Dynamic classes also incur nontrivial overhead in memory use and runtime performance. IMHO we'd want a fairly compelling argument for making all classes dynamic by default. ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
On Apr 7, 2008, at 10:37 AM, Steven Johnson wrote: Dynamic classes also incur nontrivial overhead in memory use and runtime performance. IMHO we'd want a fairly compelling argument for making all classes dynamic by default. It would probably put an end to the acrimony about ES4 being too different from ES3; I'm hesitant to speak for the views of others, but I suspect this change would make the language a lot more palatable for many currently opposed to it. In that light, compelling is going to be a highly subjective measurement. ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
It would probably put an end to the acrimony about ES4 being too different from ES3; I'm hesitant to speak for the views of others, but I suspect this change would make the language a lot more palatable for many currently opposed to it. In that light, compelling is going to be a highly subjective measurement. Since ES3 doesn't have true classes at all I'm not sure I entirely agree, but I get your point in terms of the feel of the language. Granted, putting an end to acrimony is a Good Thing and not to be ignored, but somehow I don't see any magic bullet that possibly achieve that on its own :-) Let me put it another way: aside from changing the perceived feel of the language, what specific use cases would be made better, faster, more secure, more extensible, more reliable, etc. by such a change? ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
RE: Dynamic class default (was Re: Class method addition...)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lars Hansen Sent: 7. april 2008 10:25 ... Kris is suggesting that classes should not be dynamic by default ... Of course what Kris is suggesting that classes *should* be dynamic by default. The 'not' is misplaced, just ignore it. --lars ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Re: Dynamic class default (was Re: Class method addition...)
On Mon, Apr 7, 2008 at 10:45 AM, Neil Mix [EMAIL PROTECTED] wrote: On Apr 7, 2008, at 10:37 AM, Steven Johnson wrote: Dynamic classes also incur nontrivial overhead in memory use and runtime performance. IMHO we'd want a fairly compelling argument for making all classes dynamic by default. It would probably put an end to the acrimony about ES4 being too different from ES3; I'm hesitant to speak for the views of others, but I suspect this change would make the language a lot more palatable for many currently opposed to it. In that light, compelling is going to be a highly subjective measurement. Speaking as one of the more vocal skeptics, this change would make ES4 less palatable for me. ES3.1 and ES4 are together moving in a good direction by making the degree of permissiveness controllable on a per-property and per-object basis. Subjectively, as someone interested in robustness, integrity, and security, ES3 made a huge mistake in having all these be as permissive as possible. Both ES3.1 and ES4, in order to be reasonably compatible with ES3+R, must continue to have the ES3 constructs default to overly permissive. For ES3.1 the best we can do is provide explicit operations (such as __defineProperty__) for overriding these defaults. To my mind, the main virtue of introducing a class syntax to an ES is an opportunity to get these defaults right this time. One principle of security engineering is deny by default is better than allow by default; which is closely related to whitelisting is better than blacklisting. For ES3.1, we're stuck with allow-by-default. If the ES4 class syntax were to get this wrong as well, I'd be even more puzzled about what its purpose is. Accordingly, my preference is for classes to default to non-dynamic and non-subclassable. For methods to default to non-overridable and non-enumerable. And for properties/members to default to non-settable and non-enumerable. Whatever these defaults are, it's an orthogonal question whether classes need to be a primitive construct, or whether they should be just sugar for a less-permissive-by-default usage of the class-like abstraction pattern of ES3.1. -- Cheers, --MarkM ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss
Dynamic class default (was Re: Class method addition...)
Since you grant use-cases for sealing objects against mutation, are you simply arguing about what the default should be (that 'dynamic class' should not be required to get an extensible-instance factory, that 'class' should do that)? Well if it is up for debate... Can we have classes be dynamic by default, and non-dynamic if the class is declared to be final? I realize that non-dynamic and final are not identical concepts, but they are similar. Keywords surely count towards the complexity budget, this would save us a buck. Kris ___ Es4-discuss mailing list Es4-discuss@mozilla.org https://mail.mozilla.org/listinfo/es4-discuss