Meta: Update Explainer for Isolated Realms #292
Conversation
explainer.md
Outdated
| realm.globalThis.top; | ||
| realm.globalThis.location; | ||
| // Custom properties can be added to the Realm | ||
| // The resolution callback is used as the current API can't wrap promises |
There was a problem hiding this comment.
It's not quite clear to me what this means.
There was a problem hiding this comment.
yes, I wrote this while modifying the example. It makes no sense so I removed it.
| }); | ||
| ```javascript | ||
| export default function() { | ||
| const someRealmIntrinsicsNeededForWrappers = extractIntrinsicsFromGlobal(customGlobalThis); |
There was a problem hiding this comment.
What is customGlobalThis at this point? Why is it not simply globalThis since this executes in the realm.
There was a problem hiding this comment.
I need to review this example with @caridy, it seems like the approach would be different now and there is more to be changed here.
Co-authored-by: Mathieu Hofman <86499+mhofman@users.noreply.github.com>
Co-authored-by: Mathieu Hofman <86499+mhofman@users.noreply.github.com>
explainer.md
Outdated
| @@ -153,22 +158,23 @@ Instances of Realm Objects and their Global Objects have their lifeline to their | |||
|
|
|||
| ### <a name='Evaluation'></a>Evaluation | |||
|
|
|||
| The Realms API does not introduce a new way to evaluate code, it is subject to the existing evaluation mechanisms such as the [Content-Security-Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy). | |||
| The Realms API does not introduce a new way to evaluate code. Any code is subject to the existing evaluation mechanisms such as the [Content-Security-Policy (CSP)](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy). | |||
There was a problem hiding this comment.
Nit: I guess the current API (unlike a previous draft which was just based on globalThis.eval) does create multiple new evaluation mechanisms, it just fits into the existing CSP schema. So, you might want to tweak the wording.
There was a problem hiding this comment.
This new mechanism is basically indirect eval, or just mirrors indirect eval, with the restriction that evaluate won't accept non-string values as argument and won't be able to return Non Callable Objects.
I'm tweaking this out for clarification but I believe one could still debate saying this isn't a new evaluation mechanism.
There was a problem hiding this comment.
I agree with you; I was making a very narrow comment about the wording. The new wording looks great. This is very much analogous to things that CSP already controls.
explainer.md
Outdated
| ```javascript | ||
| export default function() { | ||
| const someRealmIntrinsicsNeededForWrappers = extractIntrinsicsFromGlobal(customGlobalThis); | ||
| Object.defineProperties({ |
There was a problem hiding this comment.
Maybe missing the first argument here?
explainer.md
Outdated
| - may have host defined properties in addition to the properties defined in this specification. This may include a property whose value is the global object itself. | ||
|
|
||
| ``` | ||
| Yes! It only creates a new copy of the built-ins from ECMAScript. |
There was a problem hiding this comment.
Hmm, maybe we should link to the issue where we're discussing which globals to include?
There was a problem hiding this comment.
I haven't discussed that yet but I believe this new API model leads me to insist more in just providing a copy of the intrinsics. I hope this API resolves that matter.
| @@ -50,6 +50,7 @@ See some examples [in the Explainer file](explainer.md). | |||
|
|
|||
| ## <a name='History'></a>History | |||
|
|
|||
| * we moved on from the exposed globalThis model to a lean isolated realms API (see #289 and #291) | |||
There was a problem hiding this comment.
isolated realms => Realm with Callable Boundary or something like that...
we chatted about this with Shu, and I believe we should avoid using the term isolated realm all together.
There was a problem hiding this comment.
Another alternative is also "Callable Realms"
There was a problem hiding this comment.
I find the names that @caridy is suggesting confusing, though avoiding the word "isolated" could be useful to avoid other kinds of confusion. Maybe we could avoid giving this version a name for now, until we're really confident in one, since it's awkward to change names later.
There was a problem hiding this comment.
| * we moved on from the exposed globalThis model to a lean isolated realms API (see #289 and #291) | |
| * we moved on from the exposed globalThis model to a revisited format of Realms with a Callable Boundary API (see #289 and #291) |
How about this? We can't explain what this is in a single line, but we can further explain the function auto wrapping creates this callable boundary.
explainer.md
Outdated
| @@ -107,7 +112,7 @@ These programs must currently contend for the global shared resources, specifica | |||
|
|
|||
| Attempting to solve these problems with existing DOM APIs will require to implement an asynchronous communication protocol, which is often a deal-breaker for many use cases. It usually just adds complexity for cases where a same-process Realm is sufficient. It's also very important that values can be immediately shared. Other communications require data to be serialized before it's sent back and forth. | |||
|
|
|||
| __The primary goal of this proposal is to provide a proper mechanism to control the execution of a program, providing a new global object, a new set of intrinsics, no default access to the incubator realm's global object, a separate module graph and synchronous communication with the incubator realm__. | |||
| __The primary goal of this proposal is to provide a proper mechanism to control the execution of a program, providing a new global object, a new set of intrinsics, no immediate access to objects cross-realms, a separate module graph and synchronous communication between both realms, while not forcing fingerprints in the constructed realm__. | |||
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
I also continue having a hard time understanding the finderprints issues with the previous proposal. can you elaborate more?
There was a problem hiding this comment.
I'm skeptical that this proposal changes the fingerprinting surface. I think that it'd be best to remove this claim, since it could cause more of these negative reactions about this proposal's authors claiming too much.
There was a problem hiding this comment.
I also continue having a hard time understanding the finderprints issues with the previous proposal. can you elaborate more?
That's just about identifying identity from other realms through objects that would then be accessed by globalThis. Of course any framework would handle that, and that's not any new complication (iframe allows that already).
I'll remove this part.
| @@ -50,6 +50,7 @@ See some examples [in the Explainer file](explainer.md). | |||
|
|
|||
| ## <a name='History'></a>History | |||
|
|
|||
| * we moved on from the exposed globalThis model to a lean isolated realms API (see #289 and #291) | |||
There was a problem hiding this comment.
I find the names that @caridy is suggesting confusing, though avoiding the word "isolated" could be useful to avoid other kinds of confusion. Maybe we could avoid giving this version a name for now, until we're really confident in one, since it's awkward to change names later.
explainer.md
Outdated
| @@ -268,18 +270,35 @@ A big codebase tend to evolve slowly and soon becomes legacy code. Old code vs n | |||
|
|
|||
| Modifying code to resolve a conflict (e.g.: global variables) is non-trivial, specially in big codebases. | |||
|
|
|||
| The Realms API can provide a _lightweight_ mechanism to preserve the integrity of the intrinsics.0 Therefore, it could isolate libraries or logical pieces of the codebase per Realm. | |||
| The Realms API can provide a _lightweight_ mechanism to preserve the integrity of the intrinsics. Therefore, it could isolate libraries or logical pieces of the codebase per Realm. | |||
|
|
|||
| ### <a name='Templatelibraries'></a>Template libraries | |||
There was a problem hiding this comment.
I still think that this example should be removed. It will likely initially be too expensive to instantiate this many Realms; we don't want to be telling developers that this is expected to be cheap.
There was a problem hiding this comment.
I can remove, but it doesn't require many Realms. You could freeze a realm to operate the templates inside.
explainer.md
Outdated
| a1 instanceof globalTwo.Array; // yield false | ||
| a2 instanceof globalOne.Array; // yield false | ||
| ``` | ||
| This code is **not** possible with the Realms API! Non-primitive values are not transfered cross-realms using the Realms API. | ||
|
|
||
| ## <a name='Example:NodesvmobjectsvsRealms'></a>Example: Node's vm objects vs Realms | ||
|
|
||
| If you're using node's `vm` module today to "evaluate" javascript code in a different realm, you can replace it with a new Realm, e.g.: |
There was a problem hiding this comment.
This is no longer quite true, given the restrictions. You probably want to explain that.
There was a problem hiding this comment.
It's not much but it provides some honest information. WDYT, @littledan?
Co-authored-by: Caridy Patiño <caridy@gmail.com>
It's not part of our primary goals anyway
|
@caridy @littledan I believe I addressed the latest feedback. PTAL |
|
I'll be glad to address any new feedback in a follow up PR. I'm merging this now to avoid confusion before the TC39 meeting. |
No description provided.