►
Description
Peter Hoddie updates us on some thoughts about records and tuples and a desire to pursue a rigorous approach to immutability for objects in general. Leo reviews slides for the ShadowRealm update for next week’s plenary.
A
Okay,
welcome
to
the
SAS
meeting
at
the
September
7th
of
2022.
We
have
two
topics
on
the
agenda:
Peter
is
going
to
share
an
update
on
conversations
that
have
been
had
about
records
and
tuples,
followed
by
Leo
joining
us
after
a
long
Hiatus.
Welcome
back
to
discuss,
updates
on
Shadow
Realms
next
week
is
plenary,
and
if
we
get
a
little
bit
of
time
towards
the
end,
we'll
take
a
look
at
what's
on
the
agenda
and
make
sure
that
there's
nothing
in
our
blind
spots.
B
However,
you
want
to
Define
that
as
a
characteristic
of
objects,
perhaps
by
doing
something
like
extending
the
Integrity
levels,
as
has
has
been
discussed
on
the
reflector
and
that
that
came
back
up
as
a
result
of
some
implementation
work.
I
guess
it
had
been
done
on
on
spider
monkey
and
then
some
conversations
with
folks
there
and
so
we're
coming
back
to
that,
and
it
seems
I
mean
it
seems
like
there's
some
some
room
for
that.
C
B
I
mean,
let
me
it's
great.
You
pick
a
an
example
that
that
we
handle
today
in
in
excess,
so
I
can
kind
of
explain.
I
can
explain
it
in
that
context,
so
we
can
today,
in
excess,
take
an
instance
of
date
and
put
it
in
ROM,
at
which
point
it
is
profoundly
immutable
and
how
that
object,
gets
into
ROM
and
is
immutable.
Is
is
absolutely
like
just
magic
from
the
excess
Linker
perspective.
It's
not
even
in
the
language,
but
but
the
object
exists
and
is,
is
fully
deeply
immutable
in
every
possible
way.
B
C
B
C
So,
let's
go
with
impurities,
because
that
that
also
makes
it
clear
that
what
it
does
when
it
fails
is
it
gives
you
the
the
list
of
of
reasons
for
failure
and
it
so
so
yeah.
So
so
something
like
impurities
predicate
something
that
can
be
used
as
a
predicate
would
be
part
of
the
standard,
and
it
would
say
yes
or
no
on
a
date
exactly
according
to
whether
or
not
the
date
actually
were
deeply
immutable
and
then
you're
further
proposing.
C
Okay,
so
are
you
proposing
a
new
Integrity
level
that
is
part
of
the
semantic
state
of
an
object,
or
are
you
proposing
that
for
Records
for
for
plain
objects,
I'm
going
to
call
them
records,
no
I
shouldn't
call
them
records
for
playing
out
for
plain
objects.
Very
and
arrays.
Would
you
just
be
checking
that
they're
frozen
and
then
then
checking
recursively,
or
would
you
be
looking
for
a
new
Integrity
level.
C
B
C
C
Is
there
any
reason
not
to
not
to
specify
that
the
operation
for
bringing
about
the
new
Integrity
level
operates
on
dates
and
as
a
result
of
operating
on
a
date,
the
result
the
successfully
operating
a
date
produces?
It
brings
the
puts
the
date
into
that
new
Integrity
level
as
at
which
point
it
becomes
pure.
So
this.
B
This
gets
into
to
ground
that
that
I
think
you
mark
in
fact
had
had
kind
of
scared
us
off
from
because
you,
you
and
I,
maybe
misrepresenting
you
here.
So
you
know
feel
free
to
correct
me,
but
I
mean
that's
freeze
like
making
the
internal
Slots
of
an
object,
immutable
I,
think
you
described
it
as
an
attack
where,
if
you
were
to
do
that
like
to
the
private
fields
of
something
of
an
instance,
that
would
be
a
problem.
C
C
We
need
to
be
careful
about
under
what
circumstances
the
operation
succeeds
or
fails.
If
so,
for
so,
let's
just
go
through
cases
for
a
a
plane,
object
or
an
array.
You
can
already
phrase
it
so
being
able
to
just
looking
at
it
shallowly
being
able
to
purify
it
are
or
would
not
be
doing
for
a
plane,
object
or
an
array,
something
that
you
couldn't
do
already.
C
It
is
true
that
dates
themselves,
don't
have
a
you
know,
don't
currently
have
any
notion
of
of
being
of
being
non-modifiable
and
then
so
it's
not
now
a
question
about.
Are
we
willing
to
just
have
it
be
part
of
the
semantics
of
the
date
that
it
can
make
that
a
mutable
day
can
make
a
transition
to
being
a
non-mutable
date,
and
then
the
big
question,
which
I
think
goes
to
the
heart
of
of
of
of
what
you're
asking
is
for
instances
of
classes?
C
The
the
class
is
written
by
a
class
author
to
you
know,
provide
a
set
of
defensive
services
such
that
they
can
be
shared
by
multiple
clients,
without
the
clients
being
able
to
damage
the
shared
service
and
thereby
damage
each
other,
so
so
it
so.
In
that
case,
it
doesn't
matter
whether
you
say
that
the
operation
for
bringing
about
the
new
Integrity
level
comes
from
the
implementation
or
the
host
or
the
language.
C
C
D
And
I
I
have
a
lot
of
questions
so
from
when
I
so
to
the
first
point
that
was
just
discussed
here.
Yes,
very
much
I
don't
want
to
see
something
like
freeze
where
the
engine
would
impose
something
on
the
target
object
without
consent.
So
something
based
on
a
protocol
would
make
a
lot
more
sense
for
me,
but
then
that
raises
the
next
question.
D
I
ask
you
to
purify
yourselves,
make
you
I
like
the
concept
of
more
of
inerts,
so
that,
like
if
I
interact
with
you
but
I,
know
nothing
else.
Nothing
is
going
to
happen
who's
in
charge
of
enforcing
that.
If
the
target
can
lie
yeah
sure
I'm,
not
pure
whatever
you
do
to
me,
nothing
is
going
to
change.
D
D
Having
an
effects
side
effects
when
when
when,
when
interacted
with
proxies,
is
obviously
one
of
them
and
so
on,
like
how
I
I
have
a
hard
time
in
seeing
how
you
can
make
an
object,
pure,
so
that
the
engine
wouldn't
force
that
any
interaction
with
the
object
would
not
execute
any
user
code.
That
has
a
recorded
effects.
C
C
Is
that
well
one
one
choice
that
has
some
some
big
downsides,
but
is
a
choice
to
examine
is
that
the
proxies
can
simply
not
be
purifiable,
in
which
case
the
attempt
to
purify
them
always
fails,
and
the
impurities
check
on
them
always
says
it's
not
pure,
because
it's
a
proxy.
The
big
downside
of
that
is,
of
course
you
lose
practical
membrane
transparency.
It
violates
the
whole
transparency
called
the
proxies
right,
the
other.
The
other
thing
you
could
do
for
proxies
is
to
say
well.
D
D
C
We
will
we
need
to
we
need
to.
You
know
this
is
tc39.
We
have
to
take
a
long-term
perspective
on
these
things.
Now
that
one
engine
has
a
much
better
weak
map
that
has
better
complexity,
measure
a
a
a
benchmark
that
makes
that
visible
and
more
and
more
deployed
programs
like
what
agorak
is
building
that
work
well
on
Xs
and
work
painfully
bad
on
something
else,
for
we
for
for
reasons
that
jump
out
in
a
benchmark
that
brings
about
pressures
and
the
pressures
work
both
ways.
D
So,
to
get
back
to
the
problem
here
with
one
solution
would
be
like.
So
if
the
object
with
a
protocol
claims
now
that
it
is
pure
any
further
interaction
that
is
recorded
on
the
object
in
an
internal
slot
and
any
further
interaction
with
that
object
can
like
without
having
a
preemptive
check,
would
it
be
possible
to
Mark
the
execution
involving
that
object
as
having
to
be
pure
so
that
if
it
touches
or
tries
to
modify
any
other
object
after
that
execution
throws,
or
something
like
that.
C
C
You
know,
as
we've
talked
about
for
for
out
of
memory
situations
where
you
can't
maintain
invariance,
that
you
must
maintain.
The
only
option
is
to
destroy
the
world,
but
it
would
just
never
occur.
I
mean
the
thing
that
the
Integrity
level
I,
think
was
the
right
concept.
To
start
from
an
Integrity
level
is
something
that
is
not
according
to
the
object.
C
D
C
The
the
the
proxy
issue
is,
you
know,
as
a
standalone
question
can
be
examined
on
in
the
you
know,
the
hypothetical.
Where,
for
all
the
plain
non-problematic
cases,
we
can
do
the
Integrity
level
and
we
can
do
the
check
that
the
engine
stands
for
and
then
having
taken
care
of
sort
of
a
baseline
where
you've
done
the
non-problematic
uses.
Then
you
say:
okay,
given
that
we've
done
the
non-problematic
cases,
can
we
do
the
problematic
cases
so
in
the
in
the
proxy
case?
C
D
Yeah
the
reason
I
took
the
proxy
example
is
because
it
we
couldn't
make
the
simplification
of
if
it's
an
object,
that
has
only
data
properties
and
is
frozen,
and
so
on.
You
know
avoiding
the
whole
accessor
complexity.
That's
one
way
of
saying
an
object
is
pure.
If
it,
if
it
is
not
a
proxy,
doesn't
have
any
accessors
throughout
then
that
object
is
pure
yeah.
C
C
But
my
let
me
let
me
propose
the
hypothesis
that
that
really
all
of
the
problems
for
the
fancier
engines
are
going
to
come
down
to
closure,
optimization
that
if
you
want
a
uniform
rule
about
whether
a
closure
is
pure
or
not,
then
you
need
a
uniform
rule
about
what
variables
it
captures
and
having
the
runtime
representation
of
closures
reflect
any
kind
of
of
cross-engine
agreement
about
what
variables
are
captured.
That
seems
to
me
to
me
the
most
likely
sticking
point
other
than
that
I
don't
see
likely
sticking
points.
C
With
with
so
with
scope,
you
just
say
anything
any
lexical
variable,
that's
that
goes
through
a
with
block
is
not
pure
and
an
attempt
to
purify.
It
fails
underneath
him
to
test
it
for
Purity
says
it's
not
pure
right.
I
mean
you've,
always
got
the
out
unless
you're
running
into
another
criteria.
Like
membrane
transparency,
you
always
have
the
out
of
saying
okay,
this
problematic
case
we're
just
always
going
to
say
it's
impure.
D
C
Well,
then,
the
that
object
can't
be
purified
and
with
regard
to
the
object
itself,
that's
the
end
of
the
story
and
with
regard
to
Global
variables,
this
the
the
spec
puts
tight
constraints
on
you
know
if
you've
got
a
if
you've
got
a
const
Global
variable,
that's
not
terminated
in
the
global
object,
that's
terminating
the
global
lexical
scope
that
has
none
of
these
problems,
so
I
think
I.
Think
you
just
say
that
it's
you
know
if
the
host
provides
a
not
purifiable
global
object.
D
C
D
A
B
Yeah
I
mean
I
would
just
just
to
kind
of
bring
it
bring
it
back
to
to
Mark's
question
I.
Think
Mark
I
mean
this.
Is
these
kinds
of
questions
are?
Why
I
think
From
audible's
perspective?
We
would
be
willing
to
accept
an
initial
normative
solution
that
that
doesn't
try
to
describe,
doesn't
try
to
solve
all
these
problems,
but
but
lays
the
groundwork
for
them
to
being
addressed
down
the
line
or
to
be
be
addressed
by
the
host.
So.
B
I
I
mean
I
think
very
strongly.
What
moddable
wants
to
see
is
that
immutability
is
handled
is,
is
more
fully
defined
by
the
language
and
is
is
consistently
applied
across
objects.
That's
what
we
want.
What
we're
saying
is
the
ability
to
make
where
we're.
Where
we're.
We
think
it's
practical
to
limit.
B
C
B
And
I
mean
the
idea
of
having
a
protocol
that
would
allow
a
class
to
opt
into.
This
is
great
with
us.
You
know
to
other
people
who
may
have
different
opinions,
and
so
that's
just
an
example
of
of
where
I
think,
pragmatism
and
and
having
extensibility
down
the
line.
Maybe
maybe
the
right
answer,
perhaps.
C
You
could
say
that,
as
of
a
given
version
of
the
spec,
it
fails
on
proxies
and
therefore,
as
of
that
version
of
the
spec,
you
could
use
it
to
reveal
a
proxy.
But
it's
explicitly
the
case
that
the
plan
is
to
grow
the
language
to
where
that
error
case
becomes
a
non-error,
which
means
that
programs,
whose
correctness
is
supposed
to
last
beyond
a
given
version
of
the
language
spec.
C
D
And
then
there
is
the
other
elephant
in
the
room,
which
is
equality
and
usage
of
values,
as
so,
it's
not
just
equality
inequality
predicate
it's
also
like
where
that
equality
predicate
is
used.
For
example,
if
you
want
to
use
one
of
those
immutable
object
as
a
map
or
in
a
map
or
a
set
as
a
key,
it's
an
old
extension
tool
to
those
containers
to
be
able
to
like
recognize
to
make
it
equivalent
to
record
and
tackles
to
recognize
two
immutable
values
as
as
equal
for
that
usage.
Okay,.
C
C
I
I
I
understand
that,
and
we
discussed
that
last
time
we
talked
about
DP
quality.
A
consequence
of
introducing
new
DP
quality
operators
is
that
you
know
the
the
you
lose
one
of
the
main
motivators
for
records
and
tuples,
which
I'm
willing
to
lose
by
the
way,
which
is
that
you're
not
extending
the
quality
behavior
of
existing
existing
abstractions
like
maps
and
sets.
C
C
It
would
be
useful
to
have
a
non-transitive
version
of
the
new
Integrity
level,
which
is
just
sort
of
a
a
you
know.
I'll
just
call
it
a
Super
Freeze
for
lack
of
a
better
term,
but
that
does
things
like
freezing
dates
and
does
things
like
freezing
class
instances
that
have
opted
into
being
frozen,
but
is
not
by
itself
transitive,
and
then
you
have
the
other.
Then
the
transitive
test
is
just
a
a
transitive,
a
test
for
the
transitivity
of
the
application
of
this
new
super
phrase.
C
C
A
E
A
A
D
To
be
to
be
precise,
last
time
or
main
concern
was
asynchronous
entire
living
points
that
were
not
marked
by
syntax
or
not,
obviously,
my
syntax.
So
we're
like
everything
we
don't
like
syntax
new
syntax,
but
if
it's
limited
there
might
be,
it
might
be
good
enough.
So
just
need
to
look
at
what
the
new
shape.
A
C
D
C
A
This
is
Nicholas
fabulous,
pull
request
to
the
spec
that
paves
the
way
for
all
of
the
module
proposals
to
be
simplified,
that
is
to
say,
moving
the
transitive
exploration
of
the
dependency
graph
from
HTML
to
262
and
I'm.
I
can
happily
report
that
I
saw
a
message
yesterday
from
Dominic
saying
that
he
has
been
converted
from
skeptic
to
supporter
for
this
proposal.
C
A
I
can't
answer
that
question.
My
my
impression
is
that
the
changes
to
262
are
at
least
close
to
not
breaking
anything
and
the
HTML
changes
might
break
something
a
little,
but
not
a
lot,
and
that
I
think
that
the
browser
vendors
are
open
to
it.
But
I
don't
I
again,
I
can't
answer
the
question
it
might.
The
answer
might
be
yes,.
E
E
E
There's
a
quick
example
here
on
how
we
do
use
Shadow,
Realms
and
Salesforce.
That's
like
considering
like
a
one
use
case
for
accessible
web
applications.
I'm
gonna
be
classier
to
make
time
so
for
these
web
accessible
web
applications.
We
have
like
our
Salesforce
internal
components
and
we
have
custom
components
tailored
by
the
customers,
which
is
in
case
is
like
what
we
usually
call
is
forced
to
third
party,
and
especially
as
third
party,
we
have
the
app
exchange,
which
is
our
Salesforce
Marketplace
for
plugins
and
extensions.
E
Let's
say
you
have
components
that
will
show
will
display
the
items
you
have,
and
this
is
what
we
talked
when
we
discuss
first
third-party
components
and
with
the
shadow
Realms,
we
can
have
improv
improved
Integrity
previously
I
also
mentioned
like
improved
integrity
and
security,
but
I
don't
want
to
mention
this
word
FTC
39,
because
you
know
like
it
will
be
called.
It
will
derail
the
discussion
where
I
wanted
to
to
go.
C
E
And
then
I
reintroduced
the
shadow
realm
API
and
I'm
gonna
go
with
the
status
like
the
intentions
for
this.
This
is
39
million
is
to
really
introduce
like
to
give
an
update
on.
How
is
the
current
implementation-
and
this
is
a
reminder-
Salesforce-
is
sponsoring
egalia
to
ship
shutter
rounds
in
web
browsers.
We
did
some
work
on
webkit.
We
we,
including
this
work
to
some
overview
on
the
Chrome
browser,
there's
a
chance
that
might
be
invested
in
implementation,
not
the
final
yet
and
the
implementation
status.
So
far.
E
E
C
Yeah
I
mean,
can
I
suggest
that
it's
not
something
that
you
should
look
at,
that
that
the
part
of
the
whole
point
of
the
moddable
engine
is
that
it's,
it
has
no
re
need
for
multiple
ROMs
and
it
continues
to
have
no
need
for
multiple
Realms,
because
it
supports
hardened.
You
know
supports
hardened
JavaScript.
It
has
full
support
for
Mutual
suspicion
within
a
realm.
B
E
E
This
is
the
my
the
major
Milestones
remaining
and
we
do
have
work
there
like
we
sponsoring
the
gala
to
to
continue
this
work
and
finish
this
HTML
integration,
so
review
was
done,
review
was
applied
and
we
need
to
get
traction
from
the
maintainers
of
that
pull
request,
and
but
it's
still
going
to
make
this
clear
here.
This
is
like
what
I'm
hoping
to
for
us
to
get
cleared
and
move
ahead
with
it.
E
We
do
have
some
new
PRS.
We
have
one
in
tutorial
and
we
have
some
fixes.
I
will
expand
the
slides
to
to
tell
we
have
the
like
the
error,
handling
and
or
propagating
the
error
details.
Karidi
is
working
on
it.
I.
Don't
think
that
we're
gonna
have
like
they're,
both
in
refill
and
I,
don't
think
we
we
can
tell
like.
We
have
well
everything
ready
to
be
merged
onto
this
meeting.
I,
don't
want
to
assume
that
security
is
also
like
taking
some
time
off
sick.
E
E
I
am
delayed
on
the
slides
to
expand
this.
This
part
I
hope
to
have
some
expansion
on
at
the
meeting
for
the
tc39
meeting,
saying
that
Community
doesn't
want
to
show
this
at
c39
I
kind
of
like
see
the
point,
but
I
also
like
want
to
show
because
of
the
following
slide
as
well:
I
intend
to
eventually
bring
in
a
follow-up
proposal
in
expansion
to
Shadow
Realms,
where
we
can
have
the
wrapped
module,
namespacesortic
objects
for
Sharon
Realms,
meaning
we
can
have
a
keyboard
method
equivalent
to
the
data
making
board.
E
That
gets
a
wrapped
modern
name
spaces
on
a
conject.
This
is
not
even
presented
as
stage
zero
or
requests
in
stage
one.
This
is
just
like.
It
should
remain
stage
zero
at
this
midi
next
week.
We
need
to
make
it
like
a
food
proposal
document
and
bring
it
back
to
the
SAS
meetings
and
eventually
to
the
next
gc39
meeting,
but
this
is
a
approval
and
funny
enough
where
I
wanted
to
to
get
the
discussions
here.
This
is
a
bitter
surprise
for
everyone,
I'm,
so
sorry
to
get
everyone
off
guard.
E
E
E
E
E
D
E
I
was
informed
of
this
yesterday,
I'm,
bringing
it
here
like
as
like
I
just
had
like
an
internal
discussions.
I
still
like
we're
still
calling
legal
at
Salesforce
to
understand
better
like
how
this
is
gonna,
be
implied
like
how
this
affects,
as
I
said
like
how
does
it
affect
us
as
illegal
and
we're
still
assessing
like
what
we
we
need
to
do
so
this
is
pretty
early
like
we.
We
just
heard
of
it
like
at
this
moment,
like
we
just
had
like
our
first
internal
talk.
Yesterday
is.