-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibly deoptimizing use of arguments
in libs
#10323
Comments
I'm not familiar enough with V8 to know whether these uses of |
Eslint has a rather radical rule for all |
Interesting, nice findings @vsemozhetbyt . Fixing the possible out of bound access to the I'm not familiar with node internals so I might be wrong, but here is an example: What might be slightly more interesting in terms of performances, but might break some people's code, would be to set |
@vhf Thank you for the answer. As I have said, I'm also not aware of all the system. For example, the mentioned And thank you for the second comment. It will need more checks for other similar cases. Is this feature connected with v8 hidden classes you've described recently? I've also read about it in another article (chapter "Objects") |
I suspect the only functions where it could make a material difference are Fixing the other functions might still be worthwhile from a code hygiene perspective, but not if it significantly affects complexity or readability. |
(If you'd like to help fix this look here.) My assessment:
|
Well, suppose we have only the first argument ( |
Do rest parameters have the same deopt problems as the |
@mgol, rest parameters are a known Crankshaft bailout (deoptimization) reason at this time. |
@mgol Rest parameters force optimization via TurboFan, which should be fine in many cases, esp. with V8 5.6 and later (not yet available for Node.js tho). |
@Fishrock123 |
Actually, what I said wasn't correct. It's a bug in Crankshaft that we disable optimization (in 5.6 and later) for |
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: nodejs#10323 and this specific case might become a more serious performance issue in upcoming V8 releases.
This updates util.inspect() to avoid accessing out-of-range indices of the `arguments` object, which is known to cause optimization bailout. Based on an average of 10 runs of the benchmark in `benchmark/util/inspect.js`, this change improves the performance of `util.inspect` by about 10%. Relates to nodejs#10323 PR-URL: nodejs#10569 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jackson Tian <shyvo1987@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: #10323 and this specific case might become a more serious performance issue in upcoming V8 releases. PR-URL: #10568 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates util.inspect() to avoid accessing out-of-range indices of the `arguments` object, which is known to cause optimization bailout. Based on an average of 10 runs of the benchmark in `benchmark/util/inspect.js`, this change improves the performance of `util.inspect` by about 10%. Relates to nodejs#10323 PR-URL: nodejs#10569 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jackson Tian <shyvo1987@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: nodejs#10323 and this specific case might become a more serious performance issue in upcoming V8 releases. PR-URL: nodejs#10568 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates util.inspect() to avoid accessing out-of-range indices of the `arguments` object, which is known to cause optimization bailout. Based on an average of 10 runs of the benchmark in `benchmark/util/inspect.js`, this change improves the performance of `util.inspect` by about 10%. Relates to nodejs#10323 PR-URL: nodejs#10569 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jackson Tian <shyvo1987@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: nodejs#10323 and this specific case might become a more serious performance issue in upcoming V8 releases. PR-URL: nodejs#10568 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates util.inspect() to avoid accessing out-of-range indices of the `arguments` object, which is known to cause optimization bailout. Based on an average of 10 runs of the benchmark in `benchmark/util/inspect.js`, this change improves the performance of `util.inspect` by about 10%. Relates to nodejs#10323 PR-URL: nodejs#10569 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jackson Tian <shyvo1987@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: nodejs#10323 and this specific case might become a more serious performance issue in upcoming V8 releases. PR-URL: nodejs#10568 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
This updates util.inspect() to avoid accessing out-of-range indices of the `arguments` object, which is known to cause optimization bailout. Based on an average of 10 runs of the benchmark in `benchmark/util/inspect.js`, this change improves the performance of `util.inspect` by about 10%. Relates to nodejs#10323 PR-URL: nodejs#10569 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Brian White <mscdex@mscdex.net> Reviewed-By: Jackson Tian <shyvo1987@gmail.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
This commit makes sure EventEmitter.emit() doesn't get deoptimized by V8. The deopt happens when accessing out of bound indexes of the `arguments` object. This issue has been raised here: nodejs#10323 and this specific case might become a more serious performance issue in upcoming V8 releases. PR-URL: nodejs#10568 Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
The initial comment is updated considering this opinion and all the committed fixes. |
This updates fs to prevent accessing out-of-range indices on the arguments object, which is known to cause V8 optimization bailout. Related to issues discussed here: nodejs#10323
This commit adds a guard against an out of bounds access of arguments, and replaces another use of arguments with a named function parameter. Refs: nodejs#10323 PR-URL: nodejs#11242 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Removed or fixed use of arguments in execFile(), normalizeExecArgs(), and normalizeSpawnArguments(). Refs: #10323 Refs: https://bugs.chromium.org/p/v8/issues/detail?id=6010 PR-URL: #11535 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
It seems all the mentioned cases have been fixed or reasonably rejected, so this can be closed. |
This commit adds a guard against an out of bounds access of arguments, and replaces another use of arguments with a named function parameter. Refs: #10323
This commit adds a guard against an out of bounds access of arguments, and replaces another use of arguments with a named function parameter. Refs: #10323
Removed or fixed use of arguments in execFile(), normalizeExecArgs(), and normalizeSpawnArguments(). Refs: #10323 Refs: https://bugs.chromium.org/p/v8/issues/detail?id=6010 Backport-Of: #11535 PR-URL: #11748 Reviewed-By: James M Snell <jasnell@gmail.com>
I've started to read the v8-bailout-reasons, in particular the "Bad value context for
arguments
value" part. @vhf refers to this part of more detailed research, where we can find some safety rules aboutarguments
. So I've tried to scan Node.js libs for possible violations of these rules. Here are the suspicious fragments I've found.arguments
:(Possibly is not worth the efforts; see this comment)domain.js
: functionDomain.prototype.intercept
leaks here.(Possibly is not worth the efforts; see this comment)domain.js
: functionDomain.prototype.bind
leaks here.(Possibly is not worth the efforts; see this comment)internal/process.js
: functionsetupConfig
leaks here.(It does not cause deopt; see this PR)internal/util.js
: functionexports._deprecate
leaks here.arguments[index]
with a possibility ofindex
to be out of thearguments
bounds.This is more difficult case to check, but I've inferred possible
arguments.length
variability from docs and code comments. Maybe I'm wrong for some or all cases. I will refer to a first possible violation in a function, the function can contain more.(Fixed)child_process.js
: functionnormalizeExecArgs
uses possible out of bounds index(es) from here.(Fixed)child_process.js
: functionexports.execFile
uses possible out of bounds index(es) from here.(Fixed)child_process.js
: functionnormalizeSpawnArguments
uses possible out of bounds index(es) from here.(Fixed)dgram.js
: functionSocket.prototype.bind
uses possible out of bounds index(es) from here.(Fixed)events.js
: functionEventEmitter.prototype.emit
uses possible out of bounds index(es) from here.There is a sign of awareness in the code, but maybe ES6 makes it possible to resolve this difficulty in the
EventEmitter.prototype.emit
itself.(they are not called without parameters; see this PR)fs.js
: all the functions withmaybeCallback
ormakeCallback
calls can use possible out of bounds index(es).(Fixed)util.js
: functioninspect
uses possible out of bounds index(es) from here.(Possibly is not worth the efforts; see this comment)_debugger.js
: functionInterface.prototype.scripts
uses possible out of bounds index(es) from here.(Possibly is not worth the efforts; see this comment)_debugger.js
: functionInterface.prototype.watchers
uses possible out of bounds index(es) from here.I am not sure about any of these cases: if they are real violations, if these violations have any real impact on the performance and so on. And unfortunately, I have not sufficient knowledge of all the codebase system to propose any changes here. So take this as a start point memo for contributors who consider it to be worth any attention and close it if this is some needless overagitating.
P.S. Part 2.
The text was updated successfully, but these errors were encountered: