Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JS: Fix jump steps generated by IIFEs and exception flow #18043

Draft
wants to merge 15 commits into
base: js/shared-dataflow-branch
Choose a base branch
from
Draft

JS: Fix jump steps generated by IIFEs and exception flow #18043

wants to merge 15 commits into from
+308 −33

Conversation

asgerf
Copy link
Contributor

@asgerf asgerf commented Nov 20, 2024
edited
Loading

This PR fixes a few issues that cause performance (and precision) problems:

  • Removes jump steps generated by local flow into and out of immediately-invoked function expressions (IIFEs), and fixes some bugs so that the same flow is now handled by regular flow rules. IIFEs are special-cased in the local flow relation, which benefits things like type tracking and type inference, but is unhelpful for the data flow library.
  • Removes jump steps resulting from exception-propagating flow steps. A flow summary is now used to propagate exceptions out of callbacks. Apart from the added precision of not using jump steps, the new version also errs on the side of propagating exception more often, using a denylist rather than an allowlist to specify functions that propagate exceptions from callbacks.
  • js/insecure-randomness now blocks flow through test cases. Perhaps more queries ought to do this, but it seems particularly problematic for this query. Also broadens our classifications of test files a bit.

Evaluation of d1c9e47 looks good:

  • Yet another 78% speedup on vscode, which means it is down to being "only" 79% slower than on main (the similar numbers is a coincidence).
  • 48 fixed FPs, mainly due to the change to js/insecure-randomness
  • 2 gained FPs, due to imprecise higher-order function flow combined with more exception propagation.

Evaluation of d1c9e47 against main shows that we're down to a median 26% slowdown, with a 100% worst-case slowdown.

Evaluation of ce00bd2 vs d1c9e47 is underway

@asgerf
JS: Add exception test case
5ed362f
@asgerf
JS: Port exception steps to a universal summary
7acc568
@asgerf
JS: Add test case for false flow through IIFEs
7f2eae0 
We generate local flow steps into and out of IIFEs, but these come jump steps automatically, resulting in FPs.
@asgerf
JS: Remove jump steps from IIFE steps
37676f4
@asgerf
JS: Disable variable capture heuristic
023dcce 
Bailing out can be more expensive as the resulting jump steps themselves
cause perf issues. The limit of 100 variables per scope has also been
added in the interim, which handles the cases that this needed to cover.
@asgerf
JS: Add tests explaining why the IIFE in f2 didn't work
d2daec4
@asgerf
JS: Use getUnderlyingValue() a few places in VariableCapture
80a5a59
@asgerf
JS: Block InsecureRandomness flow into test files
0166990
@asgerf
JS: More aggressive test file classification
d1c9e47
@github-actions github-actions bot added the JS label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@asgerf