Unsound container permissions possible

Question

Unsound container permissions possible

julian-klode opened this issue 7 years ago · 3 comments

It is possible to create unsound permissions for structs, array, slices, and maps, such as
or struct { om } (read-only struct containing mutable value).

convertTo probably should restrict element permissions to the outer permission, using an intersection.

Answer 1 · 2017-08-31T15:57:43.000Z

Alternatively, one could introduce a consistency pass that either makes a permission consistent or checks consistency of a permission. This would keep convertTo()'s job limited to extending a (partial) annotation permission to a given type permission (by converting the type permission to the annotation).

Answer 2 · 2017-08-31T15:58:18.000Z

A consistency pass should also allow us to implement #3.

Answer 3 · 2017-08-31T16:06:52.000Z

Silly me, that should be handled by convert(p, p.GetBasePermission()) after convert(typePermission, annotation).