►
From YouTube: SES Meeting: Transparent Membranes for Isolated Realms
Description
Caridy PatiƱo demonstrates a proof of concept for transparent membranes between isolated realms.
B
Welcome
to
the
meeting
again
karidy,
take
it
away
all
right,
so
one
of
the
things
that
we
have
been
talking
about
for
the
last
few
weeks
related
to
the
new
proposal
for
the
roms
api,
the
what
we
call
the
call
level
boundary
as
a
term
used
by
shu.
I
think
I,
like
it
it's
a
callable,
boundary
and
and
and
and
one
of
the
questions
of
all
these
meetings
have
been
mostly
for
from
mark.
Does
he
does
he
work
for
membranes?
B
B
I
think
I
can
probably
list
it
here,
we're
talking
about
less
than
2k
g6
mini
5,
that's
a
very
tiny
library
about
300
lines
of
code.
Obviously
this
is
a
very
simple
membrane
implementation.
The
goal
was
to.
We
were
trying
to
figure
a
good
use
case,
and
one
of
the
use
cases
from
jordan
was
that
he
wanted
to
have
in
fact
identity
this
community.
B
B
You
can
access
eval,
you
can
do
eval
directly
here,
whatever
and,
and
you
can
import
anything,
we
can
actually
make
it
import
if
we
want
to
and
that
that
that's
a
very
simple
example
where,
on
top
of
the
new
api,
we
can
create
a
layer
that
provides
the
all
api.
That
means
it's
a
generalization
process
there.
So
that
was
the
goal.
So
as
a
result
of
this,
then
we
have
a
simple
page
in
this
case.
B
Obviously
we're
using
an
iframe
to
emulate
it
around,
because
we
don't
eventually
we
can
use
the
project
from
leo.
But
I
haven't
get
to
to
that
point,
and
then
we
have
an
index
that
what
he's
doing
is
basically
trying
to
get
a
around
and
in
that
realm
trying
to
do
access
the
globalities
and
the
same
kind
of
example
that
we
have
before
like
what
is
the
identity
of
the
array
versus
the
other
array?
What
happens
if
I
create
an
array?
What
is
the
length
of
it
on
the
other
side
and
so
on?
B
So
it's
basically
testing
that
the
membrane
is
transparent
in
the,
in
the
sense
that
you
have
access
to
all
the
objects
that
this
order.
Rom
has
obviously
through
through
proxies
and
and
it
gives
you
the
impression
that
you
are
actually
intertwining,
two
different
optic
graphs.
Basically,
you
have
access
to
two
global
values:
the
global
value
of
the
app
and
the
global
value
of
the
of
the
of
the
main
window,
the
incubator,
global
and
the
round
global.
A
Clear
clarifying
question
yep,
so
the
so
the
way
I
think,
of
a
transparent
membrane
at
a
realm
boundary
is,
it
seems
like
you're
still
at
a
realm
degree
as
if
there
was
no
membrane
there,
but
it's,
but
you
still
have
all
the
identity.
Discontinuities
of
my
array
versus
your
array
in
an
instance
of
your
array
is
not
instance
of
my
array,
constructor
and
then
there's
near
membrane
that
tries
to
make
those
identical
discontinuities
go
away.
A
B
B
Now
I
wanted
to
get
into
the
details
of
how
we
achieved
this,
which
I
think
that's
the
interesting
part
of
what
kind
of
infrastructure
we
have
created,
or
what
kind
of
mechanisms
we're
using
to
get
the
representation
of
an
object
from
another
rom
into
the
incubator
and
vice
versa.
What
kind
of
structure
we
use
for
that,
and
it
was
a
very
interesting
a
few
weeks
of
research,
and
I
think
it's
it's
it's
an
interest,
it's
very
interesting.
B
B
So
the
idea
is
that,
because
you
don't
have
a
way
to
pass
a
reference
to
an
object,
you
need
to
find
ways
to
somehow
provide
sufficient
information
to
the
other
side
about
the
proxy
that
they
have
to
create,
with
the
shape
of
that
proxy
and
and
let
the
other
side
to
create
it
for
you.
But
at
the
same
time,
you
still
need
to
have
a
way
to
communicate
the
identity.
B
If
that
proxy
comes
back
to
me
or
if
I
have
to
send
the
same
thing
again,
that's
really
the
the
point
of
the
membrane.
So
as
a
the
fundamental
issue
to
resolve,
was
it
precisely
that?
How
can
I
create
a
foreign
proxy?
I
call
it
a
foreign
proxy,
a
proxy
on
the
other
side,
whose
operations
on
any
operation
on
top
of
that
proxy
should
be
reflected.
B
The
mechanisms
that
I
came
up
with
for
these
and
and
hopefully
I
will
be
able
to
articulate
it-
is
that
normally,
when
you
implement
the
regular
membrane-
and
let
me
go
to
the
the
membrane,
so
this
is
the
handler
of
a
membrane
very
straightforward
in
terms
of
if
you
know
how
to
do
membranes.
This
is
this.
This
is
very
easy
to
understand.
So
what
we,
what
we're
doing
here
is
a
regular
operation.
B
Where
is
getting
the
stuff
that
you
need
from
the
proxy
hook
and
the
shadow
target
and
figure
out
what
the
target
is,
which
is
associated
to
the
handler
to
some
degree
and
perform
a
reflect
operation
on
that
object.
The
target,
so
that's
the
the
normal
mechanism
of
a
membrane,
is
that
you
get
the
pieces
that
you
need.
You
understand
what
operation
you
need.
You
have
the
original
target.
You
have
the
shadow
target
and
then
you
carry
on
reflective
operations
based
most
of
the
via
reflect.something.
B
So
in
the
case
of
apply
you
use,
reflect
or
apply
in
the
case
of
construct.
You
use
reflector
construct
in
the
case
of
defined
property,
you
use
the
the
similar
mechanism
and
so
on.
So
if
you
read
this
code
and
you
understand
membranes,
you
will
probably
get
a
fair
amount
of
it.
Now,
of
course,
because
we
don't
have
access
to
the
target,
we
need
to
figure
out
how
to
do
this
operation.
B
On
the
other
side,
the
technique
that
I'm
using
basically
for
each
of
these
reflective
operations
that
you
normally
carry
on
on
a
proxy
trap
for
a
reflection
mechanism.
I
create
a
version
of
that
reflector
applied
in
this
case
and
reflect
that
construction
scale
that
can
work
through
the
membrane
and
what
that
means
is
really
that
it
it
it
it's
very
similar.
B
But
it's
not
the
same
thing
and
let
me
try
to
explain
how
it's
very
similar,
it's
very
similar
in
the
amount
of
information
that
needs
to
be
passed
around
it's
very
similar
into
the
result
of
that
operation,
but
because
you
cannot
pass
objects,
you
have
to
pass
something
and
for
this
implementation
I
use
I
use
the
term
pointer,
which
is
probably
very
wrong,
but
the
pointer
is
basically
a
function
that
can
be
passed
around
between
the
the
realms
and
every
time
that
you
pass
it.
It
gets
wrapped,
obviously
and
so
on.
B
But
the
point
of
that
function
is
that
when
someone
call
it
invoke
it
it
will,
it
will
set
up
a
local
reference
on
that
side
of
the
realm
that
owns
the
function.
It
will
set
a
local
reference
that
you
could
use
immediately
after
from
the
rom.
Basically,
it's
kind
of
a
allocation.
You
allocate
something,
and
then
you
carry
on
the
operation
on
that
on
that
thing,
so
that
way.
A
B
B
What
you
have
at
hand
is
what
I
call
a
target
pointer
target
pointer
is
a
function,
so
when
you
call
this
function
that
is
coming,
it's
called.
It's
called
foreign,
because
it's
coming
from
the
other
side,
it's
callable,
because
it
can
be
traveled
through
the
the
callable
boundary,
and
this
is
the
implementation
of
it.
This
is
delete
property
reflection
and
when
I
call
this
function,
this
function
will
receive
a
function.
That
is
wrapped.
It's
going
to
be
wrap
again
and
the
key
for
it.
And
let
me
let
me
look
for
that
for
that
implementation.
B
B
B
B
Yes,
so
we'll
get
we'll
get
to
that
in
a
second
we'll
get
to
that
in
a
second.
But
first
let
me
let
me
walk
you
through
the
delete.
So
when
the
delete
caller
wall
reflective
mechanism
is
invoked
with
a
target
pointer,
that
is
a
function.
That's
coming
from
the
other
side,
so
it's
wrap,
but
it's
wrapped
of
a
function
that
was
oriented
and
provided
by
this
rom
and
we'll
get
to
that
in
a
second.
But
it's
a
function
that
has
been
wrapped
twice,
but
remember
that
the
specification
does
not
define
this
multi-wrapping.
B
In
fact,
one
of
the
things
that
we
got
from
google
was:
does
it
work?
Can
this
be
optimized?
Therefore,
if
you
wrap
a
wrap
function,
you
don't
need
to
do
a
double
wrapping
or
double
call
you.
You
go
straight
into
the
the
target,
so
you
can
reduce
the
the
the
multi-wrapping
problem
so
this
function,
when
you
invoke
it,
its
job
is
to
simply
set
something
allocate
something
in
memory
that
can
be
retrieved
by
calling
a
local
function,
which
is
the
get
reference,
and
this
is
a
little
tricky.
B
But
once
you
understand
the
concept,
it
becomes
clear
that
when
you
do
an
operation
when
you
need
to
do
an
operation
on
the
other
side,
the
job
is
to
say
this
is
my
pointer.
I
give
it
to
you
and
obviously
the
pointer
was
not
created
by
me.
It's
coming
from
the
other
side,
because
I'm
just
giving
it
back
to
the
other
side
and
with
that
pointer,
the
other
side
will
be
able
to
invoke
that
function
will
set
something
in
memory.
A
B
And
at
that
point
I
have
the
target,
so
I
cannot.
I
can
perform
the
regular
operation
on
that
target
and
return
the
value,
because
in
this
case
the
operation
returns
the
true
false.
This
is
the
reflect.delete
property.
Basically,
there's
nothing
special
about
this.
This
is
just
cache.
Okay,
so,
and
it's
the
same,
it's
the
same
kind
of
process
every
time.
Now.
B
What
is
this
target
function?
Let
me
go.
Let
me
go
there.
The
target
function
is
the
weak
map
implementation.
Basically,
let
me
see
if
I
can
look
really
quickly
here
so
when
I
need
to
create
a
pointer
to
give
it
to
the
other
side,
and
I
need
to
do
so
every
time
that
I
need
to
pass
an
object
around
the
membrane
around
the
the
boundary,
because
I
cannot
pass
the
object.
I
need
to
create
a
pointer
for
that
object,
whether
that's
an
object,
functional
array
doesn't
matter.
I
need
to
create
a
pointer.
B
B
What
kind
of
name
does
that
function
have
what
kind
of
proto
it
has
in
case,
that
is
an
arrow
function
or
a
regular
function
and
so
on.
So
this
is
the
information
that
the
membrane
needs
in
order
to
create
a
shadow
target
on
the
other
side,
and
this
information
are
bits.
Basically,
this
is
just
regular,
boolean
and
and
string
values.
B
B
Therefore,
when
whenever
this
arrow
function
comes
back
to
me,
this
is
the
pointer.
Whenever
it
comes
back
to
me,
I
will
be
able
to
invoke
it.
It
will
be
able
to
set
the
reference,
which
is
a
local
method
here,
and
I
will
be
able
to
get
the
reference
out
of
it
immediately.
After
of
of
the
invocation
of
the
of
of
the
of
the
proxy
of
the
pointer,
that's
basically
the
artifact
that
we
use
for
the
membrane.
B
Yeah,
so
if
I,
if
I
push
a
proxion
to
the
other
side,
obviously
in
order
to
do
that,
I
need
to
give
the
pointer
the
pointer
has
a
reference
in
the
closure
to
value
which
is
the
original
target.
I
probably
should
call
the
target.
Let
me
put,
let
me
call
it
real
time,
so
it's
a
real
target
or-
or
you
know,
target
better-
that's
the
term
that
we
normally
use
or
you
know
target.
B
B
B
Right,
but
it's
the
same
thing:
if
no
one
is
releasing
first,
but
no
one
is
pointing
to
anything
on
the
cycle.
The
buckle
there
is
the.
This
is
the
same,
the
same
mechanism
that
is
used
today
with
iframes.
It's
essentially
the
same
thing,
so
you
have
to
romp
you
you're.
Basically,
the
the
exotic
wrapping
function
is
essentially
just
an
extra
wrapper
around
a
function
that
allows
you
to
collect
this
cycles,
the
same
way
that
the
iframe
does
it
today,
it's
not
it's
not
different.
So.
B
I
I
have
an
experimental
revoked,
because
api
doesn't
give
you
the
ability
to
revoke
through
the
membrane,
but
certainly
if
you
hold
reference
to
all
the
revocable
functions,
you
will
be
able
to
shut
down
the
membrane
because,
basically
you're
shooting
down
the
handler,
the
handler
is
disconnected
the
handle
goes
away.
The
garbage
collector
collects
the
handler
and
the
pointers
you
don't
have
a
pointer
anymore.
So
there's
an
operation
that
you
can
carry
on
from
that
point.
A
Okay,
so
I
don't
see
a
flaw
in
this,
but
if
this
actually
works
as
it
seems
to
it's
very
surprising,
because
when
I
first
introduced
weak
maps
into
ecmascript,
I
the
the
two
garbage
collection
problems
that
membranes
make
you
face,
cycles
crossing
the
membrane
and
then
on
the
one
hand
and
collection
of
the
subgraph
when
the
membrane
is
revoked.
On
the
other
hand,
at
the
time
I
thought
that
you
had
to
use
ephemeron
collection
in
the
garbage
collector
itself.
A
If
the
key
is
reachable
and
the
map
is
reachable
and
that
normal
garbage
collection
without
weak
maps
only
gives
you
ore.
Something
is
reachable
if
you
know
any
of
the
number
of
things
that
lead
to
it
are
reachable,
so
this
is
only
using
or
normal
or
garbage
collection.
So
if
it's
able
to
solve
both
of
those
problems,
then
my
original
reasoning
way
back
when
were
it
was
terribly
flawed.
B
B
A
B
A
C
A
B
C
A
B
But
that
would
be
a
weak
bond
that
has
to
be
a
weak
man
that
case
it
has
to
be
with
mine.
But
okay,
we
don't
do
that,
got
it
got
it.
Yes,
yes,
I
was.
I
was
thinking
about
the
same
right
now.
It's
like
okay,
if
when
we
create
a
proxy
which
is
new
proxy
here,
if
we
want
to
do
revoke,
we'll,
have
to
store
this
into
a
local
weak
map
and
expose
that
so
at
any
given
time
you
can
shut
it
down.
C
I
have
a
I
have
a
couple
sidebar
things
here
to
bring
up
first
off.
Regarding
the
finalization
registry,
I
found
out
the
hard
way
that
getting
that
it's
not
yet
as
reliable,
at
least
in
the
testing
world,
as
you
might
hope
about
a
week
ago,
I
was
writing
up
a
test
for
garbage
collection
on
something
that
should
have
been
garbage
collected
and
it
used
finalization
registry.
C
A
C
C
B
A
C
A
B
It
turns
out
that,
in
order
for
the
membrane
to
get
ready
to
function,
the
both
sides
of
the
membrane
has
to
be
ready
and
both
sides
have
to
share
or
or
share,
the
call
of
all
that
are
needed
in
order
to
do
operations
on
the
other
side
and
that
I
ended
up
doing
pretty
much
the
same.
That
daniel
was
proposing
originally,
where
there
is
a
tdc
aspect
of
it.
You
have
to
boot
up
the
two
sides
of
the
membrane
start
sharing
those
hooks
in
between
who
shared
first
and
so
on.
B
B
On
the
other
side,
it
could
be
a
module
that
I
run
on
the
other
side
and
so
on,
whatever
the
way
to
get
that
function
ready
on
the
other
side,
it's
important
to
have
it
in
both
sides.
Then,
when
we
have
it
in
both
sides,
then
what
we
do
is
basically
we
have
the
the
the
local
one
and
the
foreign
one,
and
then
you
have
to
do
the
initialization
with
a
bunch
of
functions
that
needs
to
be
stored
on
the
other
side.
B
In
order
for
the
other
side
to
interact
with
you,
I'm
a
little
tricky
there,
but
it's
an
interesting
conversation
to
have
in
the
future
how
to
maybe
make
this
a
little
easier.
Maybe
we
don't
need
it.
Maybe
this
is
sufficient
for
anyone
to
set
up
the
membrane
on
both
sides
of
the
fence,
and
it's
not
only
membrane
anything
that
requires
some
sort
of
coordination
between
the
two
of
the
two
sides.
B
You
might
need
to
use
these
functions
and
share
functions
with
the
different
size
in
order
to
be
able
to
call
call
back
to
the
other
side.
So
that
was
interesting
as
well,
and
then
the
final
thing
was
this
call
this
this
thing
that
I
call
undefined
symbol,
and
this
is
particularly
when
someone
tried
to
set
up
or
trying
to
define
a
a
property
on
a
proxy
in
one
side
that
needs
to
be
done
in.
B
On
the
other
side,
the
problem
there
was
related
to
the
fact
that
you
can
have
a
partial
descriptor,
not
a
real
full
descriptor,
specifically
when
you
do
free
freezing
or
you
do,
operations
that
carry
on
define
operations
on
the
on
the
target
itself.
Those
operations
use
what
I
call
a
a
partial
descriptor,
and
so
the
undefined
values
has
implications.
You
assume
that
those
are
undefined
when
you
pass
the
descriptor
from
one
side
to
the
other.
B
So
in
that
particular
case,
I
have
to
do
some
extra
work
on
telling
the
other
side
whether
the
value
was
undefined,
because
the
operation
is
saying
that
is
undefined
or
whether
the
value
was
not
existent,
and
because
of
that
I
had
to
use
something
that
the
other
side
understand.
That
is
not
undefined.
That
is
something
different.
That's
the
only
detail
there
and
there.
A
B
Yeah,
so
so
let
me
see
if
I
can
find
it
here,
something
a
good
example
when
you
do
when
you
do
in
the
proxy
here
when
you
do
when,
when
the
fine,
where
is
it
the
fine
property
when
it
is
invoked
the
the
trap?
This
is
a
trap
when
it
is
invoked,
the
descriptor
that
you
receive
my
or
might
not
be
a
full
qualifying
descriptor.
B
It
could
be,
for
example,
that
you're
just
setting
up
the
the
the
changing
the
configurability
of
of
the
of
the
descriptor,
for
example,
okay,
in
which
case
you
need
to
do
that
operation
on
the
other
side.
But
you
cannot
assume
that
all
the
other
things
that
you're
passing
to
the
other
side
will
be
undefined,
because.
B
Right,
okay,
I
I
mean,
let
me
try
to
explain
so
one
way
to
go
about
it
is
that,
oh,
I
receive
an
object
and
I
will
proxy
that
object
and
give
it
to
the
other
side
and
let
the
other
side
to
the
side.
That's
a
the
most
likely,
the
safest
way
to
do
it,
but
that
would
be
considerable
slower.
So
I
always
from
that
point
of
view,
I'm
always
trying
to
do
certain
things
that
will
speed
up
the
membrane,
so
it
doesn't
really
carry
on
a
a
significant
amount
of
of
overhead.
B
B
Different
behavior
that
my
effect
is,
but
I'm
trying
to
follow
the
process
of
how
the
default
trap
will
carry
on
this
operation,
trying
to
do
this
operation
on
one
side
extracting
the
data
pass
it
to
the
other
side,
build
the
thing
on
the
other
side
and
run
it
on
the
other
side,
on
the
reflective
and
in
that,
and
that
process
is
when
I
found
okay.
Well,
there
are
cases
in
which
undefined
needs
to
be
different
from
not
existing
and.
A
B
B
The
arguments
that
I'm
passing
it.
This
is
actually
the
function
here.
You
can
see
it
here.
This
is
the
function,
I'm
calling
a
defined
property
on
the
other
side,
it's
a
foreign
call
callable,
I'm
passing
the
pointer
biasing
the
key,
and
I'm
passing
the
information
about
each
of
the
things
that
you
need
in
that
descriptor,
some
of
them.
If
they
are
not
existent,
I
need
to
tell
that
is
not
existence
or
the
other
side
can
recreate
it
the
same
way
if
it
is
undefined
it
passes
on
the
phone.
B
A
B
B
I
think
there
are
two
two
cases
in
which
I
use
this
trick,
because
the
on
keys
returns,
an
array
of
properties
in
this
case
symbols
or
strings,
and
you
don't
have
a
way
to
return
that
object,
because
it's
a
callable
membrane
instead,
the
trick
that
I'm
using
is,
I
create
a
callback
and
I
give
the
callback
to
the
other
side
so
the
other
side
rather
than
returning
a
trade.
It
calls
the
callback-
and
I
use
the
arguments
of
that-
to
build
the
array
without
having
to
do
the
membrane
around
it.
B
But
so
he
was
calling
me
on
there's
a
limit
on
the
amount
of
arguments
that
you
can
pass
in
different
browsers.
So
you
have
to
be
careful
about
this,
but
I
was
trying
to
avoid
creating
extra
the
extra
thing
so
using
the
callback
trick
when
you
need
to
give
me
a
an
instructor.
That
is
an
object.
I
don't
want
to
build
that
object
and
push
it
to
the
other
side.
I
wanted
to
be
able
to
find
ways.
B
You
just
call
a
function
that
provides
that
that's
an
interesting
thing,
but
I
I
feel
that
this
is
probably
very
safe
unless
that
you're
using,
I
don't
know
the
limit
of
arguments
in
terms
of
an
object
or
a
an
object
or
an
array
that
has
too
many
elements
that
the
number
of
keys
will
exceed
the
the
number
of
arguments
that
can
be
passed
around,
which
be
rare.
That's
the
only
thing
so
this.
B
B
I
haven't
digging
that
that,
deep
into
these,
to
give
you
a
straight
answer,
but
I
will
I:
will
there
there's
there's
something
going
on
with
the
structuring
on
on
these,
and
I
used
the
structuring
on
the
other
example
here,
which
I
haven't
been
able
to
run.
This
is
the
structuring
that
was
fading.
Basically,
this
line
here
this
local
get
ref
is
basically
returning
the
array
which
is
a
proxy
of
an
array
on
the
other
side,
and
it
was
failing
here
with
some
errors.
B
B
C
B
A
B
That
idea
start
getting
into
shape,
but
it
took
me
a
while
took
me
a
while
to
to
get
there,
but
I
feel
that
if
we
can
get
these
out
there
saying
hey
with
what
we
are
proposing,
you
can
do
these
other
things.
If
you
want
to
there's
not
a
lot
of
code,
it
could
be
a
simple
library.
This
case
is
just
a
class
around
realm
to
do
this
iphone
realm.
It's
very
very
tiny,
two
case,
that's
nothing,
and
if
it
works
fast
enough,
we
can
validate
that
too.
B
We
will
have
some
people
already
doing
some
perf
on
this
see
how
far
it
goes
in
terms
of
curve.
What
is
the
penalty
that
we're
paying
I'm
very
eager
to
see
if
the
curve
of
these
is
significantly
less
that
we
have
today
in
the
neon
membrane
implementation
that
we
have?
Obviously
the
code
is
a
lot
less
a
lot
of
less
weak
maps
lookups
and
all
these
other
things
so
I'll
be
interested
to
see
what's
going
on
there.
B
So
we're
going
to
compare
this
with
the
neon
membrane
that
we
have
adding
distortion
is
releasing
just
each
size
can
apply
whatever
instruction
they
want
by
providing
a
callback.
Then,
when
you
call
it
with
the
object,
it
returns
a
different
object.
That's
it
what
that's
a
function
now,
so
it's
very
straightforward:
the
identity
correction,
I'm
not
planning
to
do
on
this
project,
but
it
would
be
interesting
to
also
explore,
but
I
I
don't
see
any
any
problem
after
I
build
my
mental
model.
I
don't
see
any
problem
implementing
any
of
these.
B
Yeah
and
maybe
tactically,
we
don't
want
to
go
that
deep
into
membranes
now
we
know
it
works.
Hopefully
we
can
validate.
You
know
issue
with
the
memory
and
cycles
and
all
that,
but
if,
if
all
works
fine,
then
when
we
go
into
the
presentation
we
we
can
focus
on.
This
is
the
api
that
works
for
for
implementers.
C
C
A
A
C
So
I
you
know,
I
share
mark's
concern
about
how
it's
important
that,
whatever
tests,
we
add
as
part
of
this
effort,
are
run
habitually
by
people
who
maintain
javascript
implementations.
That
is
not
the
case
with
different
places
that
test
262
has
expanded
out
and
made
things
outside
of
the
main
path,
for
example
the
the
parser
tests.