►
Description
This week, Alex discussed his idea to add Promise.allProperties to the language, concluding that a Promise.allEntries might be a suitably general foundation for shallow object and Map resolution. We discussed invariants that the language must or should preserve to avoid introducing zero-day exploits to lockdown shims in the wild.
A
A
Yes,
all
properties
is
what
what
what
alex
has
put
on
the
agenda
so
so
we'll
we'll
start
off
with
clarifying
what
that
is,
and
next
week
we
have
a
packed
agenda.
The
first
half
of
our
meeting
is
we
have
invited
guests,
the
proponents
of
module
assertions
to
discuss
the
enforceability
of
module
assertions
and,
and
then
the
second
half
we're
meeting
with
jordan,
and
hopefully
we
can
send
a
reminder
so
that
all
of
that
stays
on
the
rails.
A
C
Basically,
when
I
was
looking
at,
I
saw
some
code
that
came
across
my
screen,
where
we
would,
we
would
be
defining
an
object
in
an
asynchronous
function,
but
we
would
have
to
await
individual
properties
and
that
bothered
me
it's
not
how
promises
are
should
be
used,
it's
legal,
but
it's
not
the
way
that
asynchronous
operations
should
happen.
What
would
happen
is
you'd
have
to
wait
for
the
shape
property
in
this
example,
and
then
the
color
property
and
then
the
mass
property.
C
C
C
E
A
I
don't
think
that
this
is
a
secure.
It's
not
a
security
related
thing,
but
it
is
promises
and
promises
were
brought
in
for
security-related
reasons
so
it'd
be
this.
Is
this
is
a
right
audience
to
talk
about
promises?
I
think
very
much.
I
don't
think
that
it
needs
any.
It
certainly
doesn't
need
to
be
blessed
by
this
group
to
be
proposed.
D
I
agree
with
that
last
point,
but
I
disagree
actually
that
it
belongs
in
the
language
and
it's
for
a
practical
reason
that
this
is
so
analogous
to
the
object
copy
problem.
There
are
numerous
dimensions
that
are
going
to
be
flexed
in
different
ways
for
different
use
cases.
Things
like
deep
versus
shallow,
eager
versus
lazy,
innumerable
versus
all
owned,
let's
symbol,
properties
versus
string
value
only
like
there's,
there's
so
many
things
that
that
this
kind
of
thing
basically
becomes
use
case
specific
and
it's
practical.
D
B
B
We
have,
we
do
have
an
abstraction
called
all
comparable
that
takes
a
a
promise
for
a
passable.
I'm
sorry
takes
it.
Passable,
which
includes
promise
for
past,
takes
passable,
which
may
have
promises
at
the
leaves
and
returns
a
promise
for
a
comparable
where
a
comparable
in
the
distributed
object.
Semantics
is
something
whose
pass
by
copy
superstructure
terminates
only
in
in
atomically
comparable
leads,
which
is
primitive
values,
and
I
I
and
remotable
objects
which
are
objects
with
unforgivable
identity.
C
May
I
respond
sure,
first
and
foremost,
I'm
not
familiar
with
the
object
copy
problem
as
you've
described
it.
Maybe
I
am,
but
not
as
that
under
that
name,
I
am
familiar
with
the
with
the
fact
that
recursively
diving
in
is
a
complicated
problem
that
is
generally
left
out
of
the
language,
and
I'm
fine
with
that.
A
C
B
A
C
F
B
A
Alex,
I
think,
in
summary,
that
you
can
antici
that
if
you
were
to
bring
this
forth
to
tc39,
that
it
would,
the
the
shallow
with
the
narrowest
profile
would
be
a
shallow
version
of
this,
and
I
think
that
you
that
we've
visited
some
of
the
arguments
it'll
immediately
run
up
against.
I
got
a
choice
about
what
what
kind
of
all
properties
it'll
be
and
yeah
I'd.
Welcome
the
conversation.
C
C
B
B
F
C
E
So
for
any
given
module
loaded
and
each
of
its
dependencies
in
particular,
you
try
to
resolve
it
asynchronously
and
then
you
populate
a
job.
The
job
is:
what's
going
to
be
used
to
store
things
like
the
source
text
that
it
loads
and
hold
on
to
the
module.
Namespace
object
for
some
other
operations
going
on.
E
E
E
It
looks
like
our
original
intent
was
to
allow
for
this
module
map
to
have
direct
first
class
values
as
the
keys,
rather
than
a
string
or
a
url,
but
that's
likely
never
gonna
come
to
fruition,
but
right
now
we
do
essentially
this
on
a
map
object
where
both
the
left
and
right
hand,
the
key
and
the
value
are
both
promises.
Essentially,
usually
the
right
hand
is
not
a
promise
it's
already
resolved,
but
we
keep
it
wrapped.
E
A
F
A
A
B
F
B
They
were
and
the
the
reason
why
they
were
introducing
it
revealed
that
there
were
previous
proposals
that
I
should
have
blocked
on
these
grounds
that
I
didn't
because
of
inattention
every
time.
I
think
that
there's
some
big
area,
like
dates
or
regex
breakx,
was
a
specific
one
in
this
case
or
internationalization
that
well
surely.
This
is
just
about
this
specialized
area
that
doesn't
have
any
security
implications.
Every
time
I
I
drop
my
guard
on
that
something
that's
fatal
to
security
slips
in
that
we
then
have
to
clean
up
later.
B
The
the
problem
is
not
that
there
was
new
api
that
returned
an
iterator
or
an
iterable.
The
problem
was
that
the
way
in
which
the
api
was
introduced
purely
based
on
preserving
tradition
from
from
what
was
seen
as
the
tradition
of
previous
apis,
was
to
introduce
essentially
a
new
iterator
class
with
its
own
primordials.
Its
own
prototype
object
in
particular
to
represent
the
new
iter,
iterable
or
iterator
class,
which
was
cut,
which
is
completely
unnecessary,
and
the
intel
thing
is
not
blocked.
B
A
Let's
I
I
want
to
I've
been
thinking
about
this,
and
I've
been
thinking
about
what
is
the?
What
is
the
hard
security
invariant
this?
This
has
been
a
concern
of
a
concern
of
mine
from
a
future
future
compatible
or
ensuring
the
future
security
of
the
lockdown
shim
that
new
language
syntax
would
introduce
the
new
language
syntax
like,
for
example,
if
we
were
to
add
observable
functions
to
the
languages
has
been
proposed
in
the
past
as
a
as
a
dual
to
iterator
functions.
A
A
B
Yeah
and
we've
we've
had
that
situation
before
with
the
old
kaha
scs,
that
was
when
engines
started
rolling
out,
implementations
of
async
function.
Async
function
made
new
primordials,
reachable
only
by
syntax.
Our
white
listing
mechanism
was
therefore
not
able
to
detect
or
remove
them,
and
we
had
a
zero
day.
A
Yeah,
so
I
think
that
the
strong
language
invariant
that
we
need
to
propose
to
tc39
at
some
future
meeting
is
the
invariant
that
the
language,
if
it
does
add
additional
syntax
that
reveals
intrinsics,
that
those
intrinsics
also
be
accessible
by
property
access,
discoverable
from
by
discoverable
by
walking
properties
starting
at
global.
This
and
then
mark-
and
I
were
bantering
yesterday
about
what
the
shape
of
that
would
look
like.
A
Would
it
be
something
like
like,
for
example,
to
backfill
the
principle
onto
proposals
that
have
already
violated
this
in
order
to
establish
a
pattern
for
future
fixes?
Would
we
introduce
something
like
realm.async
iterator
prototype,
not
realm,
but
something
with
something
something
done.
You
think
iterator
prototype
accessible
from
global
and
then
suggest
or
mandate
that
any
future
proposal
that
adds
syntax
also
provide
it,
provide
access
to
that
prototype
in
that
location.
B
B
I
have
not
compared
these
to
each
other
for
coverage,
but
it's
unfortunate
that
people
keep
need
needing
to
try
to
do
this
and
that
it's
accident-prone-
and
there
was
even
one
case
for
which
there
was
a
primordial
enumerated
by
the
language
that
nobody
could
figure
out
how
to
reify
using
code
in
the
language,
and
it
was
a
big
mystery
for
a
while.
It
was
a
security.
You
know
it
was
potential
security
vulnerability.
It
was
the
sink
to
async,
iterable,
adapter
or
something
the.
B
So.
I
think
that
not
just
making
new
primordials
findable
by
name-based
traversal,
starting
from
the
global
but
taking
all
of
the
old
ones
that
were
not
discoverable
in
this
way
and
making
them
discoverable
naming
all
of
them,
I
think,
would
be
good
starting
from
the
one
that
was
introduced
in
es5,
which
is
the
the
type
throw
type
type
thrower.
I
forget
what
it's
called
the
thing
that
was
representing
the
poisoning
of
function.caller
and
function.arguments.
B
A
B
B
B
A
A
The
the
the
next
step
above
that
would
be
obviously
to
satisfy
the
desire
for
the
the
the
language
as
it
stands,
to
establish
a
firm
precedent
for
for
future
editions
by
backfilling
that
principle
to
other
things
that
have
been
added
in
the
past,
like
async,
iterator
and
then
the
next
more
firm
above
that
would
be
I
which
is
like
I.
I
do
not
think
that
I
do
not
think
that
the
intel
proposal
actually
violated
either
of
those
two
invariants
it
it
it
it.
B
Well,
it's
it's.
When
you
say
return
from
functions,
it's
any
any
refinable
primordial
the
you
know.
Any
new
reifiable
primordial
should
be
discoverable
by
property.
Traversal
and
refillable
means
it's
not
necessarily
just
that
it
returns.
It
might
pass
it
as
an
argument
to
a
callback
function
or
a
zillion
ways
in
which
something
might
be
reified.
I
don't
think
we
need
to
to
distinguish
return
values.
B
A
A
B
B
And
I
think
that
we
can
bundle
this
name
based
enumeration
with
another
issue
that
that
that
we've
been
facing,
that
the
that
the
controversies
over
their
own
proposal
makes
yet
more
urgent,
which
is
a
we've.
We've
talked
about
the
need
to
have
some
kind
of
platform
provided
enumeration
of
the
safe
standard,
globals
the
safe
standard,
javascript
globals,
I.e,
omitting
the
hosts
but
including
safe
globals,
introduced
as
the
language
evolves,
so
that
old
lockdowns
can
potentially
honor
new,
safe
globals.