-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
buffer: Prevent Buffer constructor deopt #4158
Conversation
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt.
LGTM |
LGTM. Good catch. |
LGTM. Obligatory CI: https://ci.nodejs.org/job/node-test-pull-request/926/ |
LGTM as CI is happy :) |
+1 go for it @JungMinu |
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: #4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Thanks, landed in 7239494 |
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: #4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: #4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: #4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Wow, does passing arguments[n] really deopt? That's amazing. We have a lot of these cases, in order of level of concern (imho) in:
Those should all be addressed then, no? |
only if n >= arguments.length |
Aaah, understood. Thank you. No cause for alarm then I guess. |
The Buffer constructor will generally get inlined, but any call to the Buffer constructor for a string without encoding will cause an eager deoptimization of any function that inlined the Buffer constructor. This is due to a an out-of-bounds read on `arguments[1]`. This change prevents that deopt. PR-URL: nodejs#4158 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
The Buffer constructor will generally get inlined, but any call to the Buffer
constructor for a string without encoding will cause an eager deoptimization
of any function that inlined the Buffer constructor. This is due to a an
out-of-bounds read on
arguments[1]
. This change prevents that deopt.This example script demonstrates the deoptimization:
If run with
--trace-deopt
:Here is the output of IRHydra showing the deopts:
We can see that the Buffer constructor has been inlined:
The inlined Buffer constructor has been deoptimized due to
arguments[1]
out-of-bounds read:After this patch, the Buffer constructor no longer will get deoptimized for out-of-bounds arguments reads:
(no output)
cc: @trevnorris