events: make abort_controller event trusted

[benjamingr]

Fire abort event as trusted, fixes #35748

Checklist

• [ x make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

[addaleax]

We should avoid this:

• It tanks perf, see events: re-use the same isTrusted getter #34459 / https://twitter.com/tverwaes/status/1285497796540473344
• If we make kTrustEvent a symbol property, it’s not unforgeable anymore, which means we might as well stop using an own property here

[benjamingr]

@addaleax given these conflicting requirements (unforgeable and the fact we need some events to be trusted internally) - what should we do?

Regarding performance - I am not sure the performance of isTrusted for EventTarget is that important (is it?)

[benjamingr]

@addaleax hmm, actually I can capture it from the closure - let me try and let me know what you think - though it will likely tank performance just as bad.

[addaleax]

I am not sure the performance of isTrusted for EventTarget is that important (is it?)

It’s not the performance of isTrusted, it’s the performance of new Event() that matters here :)

[benjamingr]

@addaleax please take a look. I think what I ended up doing shouldn't tank performance or introduce a closure. Should I run benchmarks?

(Also thanks, I didn't know this tanks perf 🙏 )

[addaleax]

Should I run benchmarks?

I think that would be helpful, yes :) And maybe also update the benchmarks to account for situations in which sometimes new Event() creates a trusted event and sometimes not :)

[addaleax]

LGTM if the benchmarks are good with it :)

[benjamingr]

Looks mostly OK:

benjamingruenbaum@Benjamins-MBP node % git checkout fix-abortcontroller-trusted-event
Switched to branch 'fix-abortcontroller-trusted-event'
benjamingruenbaum@Benjamins-MBP node % make -j12 > /dev/null                         
benjamingruenbaum@Benjamins-MBP node % ./out/Release/node ./benchmark/events/eventtarget.js
events/eventtarget.js listeners=1 n=1000000: 3,067,260.432666775
events/eventtarget.js listeners=5 n=1000000: 2,797,382.2678592885
events/eventtarget.js listeners=10 n=1000000: 2,318,102.157338759
benjamingruenbaum@Benjamins-MBP node % git checkout master
Switched to branch 'master'
benjamingruenbaum@Benjamins-MBP node % make -j12 > /dev/null 
benjamingruenbaum@Benjamins-MBP node % ./out/Release/node ./benchmark/events/eventtarget.js
events/eventtarget.js listeners=1 n=1000000: 3,144,785.5756887244
events/eventtarget.js listeners=5 n=1000000: 2,704,624.177365229
events/eventtarget.js listeners=10 n=1000000: 2,340,452.7737892433
benjamingruenbaum@Benjamins-MBP node % 

Just for sport - here are benchmarks with the "old" (property) fix:

benjamingruenbaum@Benjamins-MBP node % ./out/Release/node ./benchmark/events/eventtarget.js
events/eventtarget.js listeners=1 n=1000000: 1,039,763.9506252201
events/eventtarget.js listeners=5 n=1000000: 937,062.0643370639
events/eventtarget.js listeners=10 n=1000000: 829,347.3311018195

I ran each a few times (but didn't run the t-test thing). Anyway - good catch @addaleax :]

[ExE-Boss]

This should use a SafeWeakSet, so that the isTrusted getter function between a trusted and untrusted event is the same:

Object.getOwnPropertyDescriptor(trustedEvent, "isTrusted").get === Object.getOwnPropertyDescriptor(untrustedEvent, 'isTrusted').get;

Suggested change

	const isTrustedFalse = () => false;
	const isTrustedTrue = () => true;
	const isTrustedSet = new SafeWeakSet();
	const isTrusted = ObjectGetOwnPropertyDescriptor({
	get isTrusted() {
	return isTrustedSet.has(this);
	}
	}, 'isTrusted').get;

[benjamingr]

Please see Anna's comment above - this would introduce a (rather big) performance regression. The initial implementation was a bit like this (except without a WeakSet which IIRC incurs its own separate performance penalty in 8).

That said - that's a very good point (regarding wanting the reference to be the same for false/true cases.

[benjamingr]

Hmm, @addaleax I would like to (if possible) make the issue @ExE-Boss raised work, namely:

Object.getOwnPropertyDescriptor(trustedEvent, "isTrusted").get === Object.getOwnPropertyDescriptor(untrustedEvent, 'isTrusted').get;

Any clever trick or idea for getting the reference of different functions to equal without creating an additional closure for every event target or running into the "have a non-configurable own accessor property on an object without the overhead of creating the dictionary for slow properties" thing?

[addaleax]

Hm … I think the above suggestion by @ExE-Boss might work rather well, actually? If we always use the same getter, then performance-wise we’re good, and SafeWeakSet should give us the guarantees we’d want here in terms of unforgeability

[benjamingr]

I'll try

[benjamingr]

Oh, I think I misunderstood the solution - this is actually pretty clever (creating the temp object and getting the reference to avoid the different property.

[benjamingr]

Benchmarks look good.

[ExE-Boss]

Suggested change

	get: shouldTrust ? isTrustedTrue : isTrustedFalse,
	get: isTrusted,

[ExE-Boss]

Suggested change

	const shouldTrust = (options != null && options[kTrustEvent]);
	if (options != null && options[kTrustEvent]) {
	isTrustedSet.add(this);
	}

[benjamingr]

PTAL @ExE-Boss - neat trick 🙏

[benjamingr]

@ExE-Boss

P.S. since I applied the changes manually and I feel like your contribution to this PR was important - I have added you as Co-Authored-By (same as if I pressed ""Commit Suggestion" in GitHub when squashing).

I have used the same username/email combo GitHub used for you when this happened in the past - but if you prefer a different email/name combo please let me know and I'll gladly change it to whatever. Alternatively if you want me to remove you as "Co-Authored-By" let me know and I will do that instead. Whatever you prefer.

[jasnell]

The docs should be updated also: See: https://nodejs.org/dist/latest-v15.x/docs/api/events.html#events_event_istrusted

[Trott]

LGTM with any necessary doc updates applied

[benjamingr]

Any idea on what the docs should say?

> Type: {boolean} Returns `false` for user constructed events and `true` for Node.js internal events. 

Currently only `AbortSignal`s' `"abort"` event is fired with `isTrusted` set to `true`.

Or something?

[jasnell]

That works, I think. We can revisit it later if necessary.

[ExE-Boss]

This should be sorted alphabetically:

Suggested change

	Symbol,
	SymbolFor,
	SafeWeakSet,
	ObjectGetOwnPropertyDescriptor,
	ObjectGetOwnPropertyDescriptor,
	SafeWeakSet,
	Symbol,
	SymbolFor,

[ExE-Boss]

To ensure that the Event constructor has the correct length, options should be initialised to null:

Suggested change

	constructor(type, options) {
	constructor(type, options = null) {

This also makes it possible to use strict equality comparison when checking options !== null.

[benjamingr]

This sounds like a separate change from this one - @jasnell given past experience - would you prefer it if I made it here or if we opened an issue and it went on a separate PR?

[jasnell]

Either works I think. If you do it here make it a separate Commit but a separate pr also works

[benjamingr]

Actually, I don't understand this - IIUC length is determined by the number of arguments - so Event.length should be 2 anyway.

I can add a test for that though - I'll push it in #35806

[benjamingr]

Added in https://github.com/nodejs/node/pull/35806/files#diff-7177d219f295c5297f8e5d119cea177fc0b50c1df33161729ec0e1213f6c3b24R412

[ExE-Boss]

@benjamingr

The length property defaults to the number of leading parameters without an initializer, and options = null makes the parameter have an initializer, thus the length will be 1:

https://tc39.es/ecma262/#sec-function-definitions-static-semantics-expectedargumentcount

[benjamingr]

I fixed it in the other PR :]

[devsnek]

Suggested change

	const isTrusted = ObjectGetOwnPropertyDescriptor({
	get isTrusted() {
	return isTrustedSet.has(this);
	}
	}, 'isTrusted').get;
	function isTrusted() {
	return isTrustedSet.has(this);
	}

[ExE-Boss]

That will make the isTrusted getter function incorrectly have an own prototype property and the [[Construct]] internal method.

It will also cause it to have the wrong name.

[benjamingr]

@ExE-Boss would you mind explaining why this doesn't work?

[ExE-Boss]

Because the following will no longer throw a TypeError:

new (Object.getOwnPropertyDescriptor(new Event('foo'), "isTrusted").get)();

And the following will return "object" instead of "undefined":

typeof Object.getOwnPropertyDescriptor(new Event('foo'), "isTrusted").get.prototype;

And the following will return true instead of false:

Object.getOwnPropertyDescriptor(new Event('foo'), "isTrusted").get.hasOwnProperty("prototype");

[benjamingr]

We should add a test for this across the EventTarget properties :]

[Trott]

Suggested change

	* Type: {boolean} Returns `false` for user constructed events and `true`
	* Type: {boolean} Value is `false` for user-constructed events and `true`

[benjamingr]

All other properties (like event.returnValue) just use "True if..." so I will change to that?

[Trott]

Sure, that works.

[Trott]

Benchmark CI: https://ci.nodejs.org/view/Node.js%20benchmark/job/benchmark-node-micro-benchmarks/673/

Update: Results show no significant change:

10:08:54                                               confidence improvement accuracy (*)   (**)   (***)
10:08:54  events/eventtarget.js listeners=10 n=1000000                 3.45 %       ±5.08% ±6.82%  ±9.02%
10:08:54  events/eventtarget.js listeners=1 n=1000000                 -2.23 %       ±4.07% ±5.47%  ±7.22%
10:08:54  events/eventtarget.js listeners=5 n=1000000                  6.69 %       ±7.09% ±9.49% ±12.47%
10:08:54 

[ExE-Boss]

This line is unnecessary, as the Event constructor is available as a global property.

Suggested change

const { Event } = require('internal/event_target');

It also causes the test to fail without the ‑‑expose‑internals flag.

[benjamingr]

Event is currently not exposed globally as far as I know. Good catch on the flag - I'll add that.

[benjamingr]

(Event is not exposed at all at the moment because as you can tell - there are still a bunch of rough edges we need to iron out - I intended to work on this a lot more a few months ago and am only getting to it now)

[ExE-Boss]

Event is exposed since #35496, which shipped in v15.0.0:

node/lib/internal/bootstrap/node.js

Lines 143 to 148 in 9ff25b1

	const {
	EventTarget,
	Event,
	} = require('internal/event_target');
	exposeInterface(global, 'EventTarget', EventTarget);
	exposeInterface(global, 'Event', Event);

[Trott]

/ping @benjamingr Good to make this change or not so much?

[benjamingr]

I have no strong feelings regarding this - I didn't realize that we expose event globally and totally missed it.

[benjamingr]

@ExE-Boss very cool I missed this!

[benjamingr]

Thanks for the review and benchmark run Trott - please take a look at the wording :]

[Trott]

@Trott what is the process now? Do I just add the commit queue label?

You can apply the commit-queue label on a PR like this, but it will fail because CI has not been run. There's a label for that too, though! request-ci

I'll add the request-ci label now.

In general, there are a number of cases where commit-queue can fail and you will need to manually land or at least adjust things. I don't use the commit-queue label much (yet!) so I'm not familiar with all of them, but I'm sure others who use it have a pretty good handle on when it works and when it doesn't.

The up-to-date process for landing a PR would ideally be in https://github.com/nodejs/node/blob/master/doc/guides/collaborator-guide.md#landing-pull-requests but I see that the commit-queue label is not mentioned there, so uh...it's still good if you need to go the manual route.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/33911/

[benjamingr]

@Trott ok - I see there are two failed tests in the CI that are unrelated - how should I proceed?

[Trott]

@Trott ok - I see there are two failed tests in the CI that are unrelated - how should I proceed?

Best thing to do with unrelated failures is to use "Resume Build" on the left nav. That will rebuild only the Jenkins subtasks that failed before. I'll go ahead and click "Resume Build" right now so you don't have to.

Optional thing you can do if you want to be a good citizen: Check to make sure that there are open issues for the tests that failed.

• If not, open an issue.
• If there are open issues and they haven't been updated in a while, consider leaving a comment and a copy/paste of the error trace so that it's clear that the issue is ongoing (and a recent trace will be more accurate/useful than a dated one).
• If there are open issues and they have been updated recently, consider opening a PR to mark the test flaky.

[nodejs-github-bot]

CI: https://ci.nodejs.org/job/node-test-pull-request/33914/

[github-actions]

Landed in 81ba3ae...f20a783

[benjamingr]

@Trott it worked - this is pretty cool!