The `--security-revert={cvenum}` command line flag is a special purpose
flag to be used only in stable or LTS branches when a breaking change
is required to address a security vulnerability. Whenever a vulnerability
requires a breaking change, and a CVE has been assigned, the flag can
be used to force Node to revert to the insecure behavior that was
implemented before the fix was applied.
Note that this flag is intended to be used only as a last resort in the
case a security update breaks existing code. When used, a security
warning will be printed to stderr when Node launches.
The `--security-revert={cvenum}` flag takes a single CVE number as an
argument. Multiple instances of the `--security-revert={cvenum}` flag
can be used on the command line to revert multiple changes.
Whenever a new `--security-revert={cvenum}` is enabled, it should be
documented in the release notes and in the API docs.
Master and the first release of a new major (e.g. v6.0) should not have
any reverts available.
Every time a new `--security-revert={cvenum}` is added, there should be
a semver-minor bump in the stable and LTS branch.
PR-URL: https://github.com/nodejs/node-private/pull/26
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Stop using the deprecated `GetHiddenValue()` and `SetHiddenValue()`
methods, start using `GetPrivate()` and `SetPrivate()` instead.
This commit turns some of the entries in the per-isolate string table
into private symbols.
PR-URL: https://github.com/nodejs/node/pull/5045
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Move argument validation out of C++ and into JS. Improves performance
by about 15-20%.
PR-URL: https://github.com/nodejs/node/pull/4484
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
process.hrtime() was performing too many operations in C++ that could be
done faster in JS. Move those operations over by creating a length 4
Uint32Array and perform bitwise operations on the seconds so that it was
unnecessary for the native API to do any object creation or set any
fields.
This has improved performance from ~350 ns/op to ~65 ns/op. Light
benchmark included to demonstrate the performance change.
PR-URL: https://github.com/nodejs/node/pull/3780
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Improve performance of process._getActiveHandles by sending handles in
batches to JS to be set on the passed Array. Add test to check proper
active handles are returned.
Alter implementation of GetActiveRequests to match GetActiveHandles'
implementation.
PR-URL: https://github.com/nodejs/node/pull/3780
Reviewed-By: Fedor Indutny <fedor@indutny.com>
The initial implementation of setPropByIndex() set the value of an Array
by index during development. Though the final form of the function
simply pushes passed values to an array as passed by arguments. Thus the
functions have been renamed to pushValueToArray() and
push_values_to_array_function() respectively.
Also add define for maximum number of arguments should be used before
hitting the limit of performance increase.
Fixes: 494227b "node: improve GetActiveRequests performance"
PR-URL: https://github.com/nodejs/node/pull/3780
Reviewed-By: Fedor Indutny <fedor@indutny.com>
PR-URL: https://github.com/nodejs/node/pull/4264
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process
Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
Finally, change the behavior of --abort-on-uncaught-exception so that,
if the domain within which the error is thrown has no error handler, but
a domain further up the domains stack has one, the process will not
abort.
Fixes#3607 and #3653.
PR: #3654
PR-URL: https://github.com/nodejs/node/pull/3654
Reviewed-By: Chris Dickinson <chris@neversaw.us>
This change cleans up outstanding comments on #3032. It improves error
handling when no isolate file is provided and adds the --prof-process
flag to the node binary which executes the tick processor on the
provided isolate file.
PR-URL: https://github.com/nodejs/node/pull/4021
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
If JS throws an object whose toString() method throws, then Node
attempts to print an empty message, but actually prints garbage.
This commit checks for this case, and prints a message instead.
Fixes: https://github.com/nodejs/node/issues/4079
PR-URL: https://github.com/nodejs/node/pull/4112
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Commit a9c0c65 ("src: define getpid() based on OS") made src/env.cc
use `GetCurrentProcessId()` on Windows for the PID in log messages.
`GetCurrentProcessId()` is also what is used by libuv, OpenSSL and V8.
This commit makes `process.pid` use `GetCurrentProcessId()` instead of
`_getpid()` for consistency.
PR-URL: https://github.com/nodejs/node/pull/4163
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
This feature supports the Intel Vtune profiling support for JITted
JavaScript on IA32 / X64 / X32 platform. The advantage of this profiling
is that the user / developer of NodeJS application can get the detailed
profiling information for every line of the JavaScript source code.
This information will be very useful for the owner to optimize their
applications.
This feature is a compile-time option. For windows platform, the user
needs to pass the following parameter to vcbuild.bat: "enable-vtune"
For other OS, the user needs to pass the following parameter to
./configure command: "--enable-vtune-profiling"
PR-URL: https://github.com/nodejs/node/pull/3785
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This reverts commit ff877e93e1.
Reverted for breaking `node --debug-brk -e 0`. It should immediately
quit but instead it hangs now.
PR-URL: https://github.com/nodejs/node/pull/3585
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Before this commit, sending a SIGUSR1 at program exit could trigger a
hard to reproduce race condition where `v8::Debug::DebugBreak(isolate)`
got called when the isolate was in the process of being torn down.
A similar race condition is in theory possible when sending signals
to two threads simultaneously but I haven't been able to reproduce
that myself (and I tried, oh how I tried.)
This commit fixes the race condition by turning `node_isolate` into
a `std::atomic` and using it as an ad hoc synchronization primitive
in places where that is necessary.
A bare minimum std::atomic polyfill is added for OS X because Apple
wouldn't be Apple if things just worked out of the box.
PR-URL: https://github.com/nodejs/node/pull/3528
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
ALPN is added to tls according to RFC7301, which supersedes NPN.
When the server receives both NPN and ALPN extensions from the client,
ALPN takes precedence over NPN and the server does not send NPN
extension to the client. alpnProtocol in TLSSocket always returns
false when no selected protocol exists by ALPN.
In https server, http/1.1 token is always set when no
options.ALPNProtocols exists.
PR-URL: https://github.com/nodejs/node/pull/2564
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
v8 is faster at setting object properties in JS than C++. Even when it
requires calling into JS from native code. Make
process._getActiveRequests() faster by doing this when populating the
array containing request objects.
Simple benchmark:
for (let i = 0; i < 22; i++)
fs.open(__filename, 'r', function() { });
let t = process.hrtime();
for (let i = 0; i < 1e6; i++)
process._getActiveRequests();
t = process.hrtime(t);
console.log((t[0] * 1e9 + t[1]) / 1e6);
Results between the two:
Previous: 4406 ns/op
Patched: 690 ns/op 5.4x faster
PR-URL: https://github.com/nodejs/node/pull/3375
Reviewed-By: James Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
The debug process running "node debug a.js" will be stuck when the
script ends. This is because the debug handler has been unrefed.
We shouldn't unref the debug handler to avoid this problem.
PR-URL: https://github.com/nodejs/node/pull/2778
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Previous logic didn't allow parent to propagate to the init callback
properly. The fix now allows the init callback to be called and receive
the parent if:
- async wrap callbacks are enabled and parent exists
- the init callback has been called on the parent and an init callback
exists then it will be called regardless of whether async wrap
callbacks are disabled.
Change the init/pre/post callback checks to see if it has been properly
set. This allows removal of the Environment "using_asyncwrap" variable.
Pass Isolate to a TryCatch instance.
Fixes: https://github.com/nodejs/node/issues/2986
PR-URL: https://github.com/nodejs/node/pull/3216
Reviewed-By: Rod Vagg <rod@vagg.org>
PR-URL: https://github.com/nodejs/node/pull/2411
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
The `src/node.js` file is actually loaded and executed by
`node::LoadEnvironment` function.
The variable which has the contents is, `native_node`.
PR-URL: https://github.com/nodejs/node/pull/3039
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Fix regression introduced in 0af4c9ea74
that ignores the --abort-on-uncaught-exception flag. Prior to that
commit, the flag was passed through to v8. After that commit, the
process just calls exit(1).
PR-URL: https://github.com/nodejs/node/pull/2776
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Windows 8+ compiled in Release mode exits with code 0xC0000409 when
abort() is called. This prevents us from being able to reliably verify
an abort exit code (3) on windows.
PR-URL: https://github.com/nodejs/node/pull/2776
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
As `raw` and `raws` encodings are deprecated for such a long time, and
they both are undocumented, this patch removes the support for those
encodings completely.
Previous discussion: https://github.com/nodejs/node/pull/2829
PR-URL: https://github.com/nodejs/node/pull/2859
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
By default v8 allocates typed arrays <= 64 bytes inside the v8 heap. In
these cases the memory pointer returned by Buffer::Data() can change
while the memory is being operated on. Resolve by passing a flag that
forces all typed arrays outside the v8 heap.
Fixes: 74178a5 "buffer: construct Uint8Array in JS"
PR-URL: https://github.com/nodejs/node/pull/2893
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Overall construction time of Typed Arrays is faster in JS, but the
problem with using it normally is zero-fill of memory. Get around this
by using a flag in the ArrayBuffer::Allocator to trigger when memory
should or shouldn't be zero-filled.
Remove Buffer::Create() as it is no longer called.
The creation of the Uint8Array() was done at each callsite because at
the time of this patch there was a performance penalty for centralizing
the call in a single function.
PR-URL: https://github.com/nodejs/node/pull/2866
Reviewed-By: Fedor Indutny <fedor@indutny.com>
These are the core changes that allow AIX to compile. There
are still some test failures as there are some patches needed for
libuv and npm that we'll need to contribute through those
communities but this set allows node to be built on AIX and
pass most of the core tests
The change in js2c is because AIX does not support $ in
identifier names. See the discussion/agreement in
https://github.com/nodejs/node/issues/2272
PR-URL: https://github.com/nodejs/node/pull/2364
Reviewed-By: Ben Noordhuis <ben@strongloop.com>
Reviewed-By: Rod Vagg <r@va.gg>
Ensure that samples are evenly distributed, which is required for
v8::CpuProfiler users to work correctly (v8-profiler / node-inspector).
PR-URL: https://github.com/nodejs/node/pull/2324
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Do not let the module struct to be deallocated by `uv_dlclose`
before reading data from it.
PR-URL: https://github.com/nodejs/node/pull/2792
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Yosuke Furukawa <yosuke.furukawa@gmail.com>
- Added NODE_REPL_HISTORY to the environment variables in the --help
and made all descriptions start with lower case for consistency.
- Added NODE_REPL_HISTORY and NODE_ICU_DATA to the man page.
PR-URL: https://github.com/nodejs/node/pull/2690
Reviewed-By: fishrock123 - Jeremiah Senkpiel <fishrock123@rocketmail.com>
Reviewed-By: evanlucas - Evan Lucas <evanlucas@me.com>
Long exception lines resulted in a stack buffer overflow or assertion
because it was assumed snprintf not counts discarded chars
or the assertion itself was incorrect: `(off) >= sizeof(arrow)`
PR-URL: https://github.com/nodejs/node/pull/2404
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Turn on V8 API deprecation warnings. Fix up the no-arg Isolate::New()
calls in src/node.cc and src/debug-agent.cc.
PR-URL: https://github.com/nodejs/io.js/pull/2091
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
ParseArgs sets the first element of v8_args to argv[0], so v8_argc will
always be at least 1. This change only calls
V8::SetFlagsFromCommandLine if v8_argc > 1, leading to an additional
startup improvement of ~5%.
PR-URL: https://github.com/nodejs/node/pull/2646
Reviewed-By: trevnorris - Trevor Norris <trev.norris@gmail.com>
There might be a need to "kick off" the next tick queue and execute
events on it. Normally it is done through the `MakeCallback` interface,
but in case when it is not - we need a way to "kick them off" manually.
PR-URL: https://github.com/nodejs/node/pull/2355
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This commit replaces instances of io.js with Node.js, based on the
recent convergence. There are some remaining instances of io.js,
related to build and the installer.
Fixes: https://github.com/nodejs/node/issues/2361
PR-URL: https://github.com/nodejs/node/pull/2367
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: João Reis <reis@janeasystems.com>
This adds a new `--tls-cipher-list` command line switch
that can be used to override the built-in default cipher
list. The intent of this is to make it possible to enforce
an alternative default cipher list at the process level.
Overriding the default cipher list is still permitted at
the application level by changing the value of
`require('tls').DEFAULT_CIPHERS`.
As part of the change, the built in default list is moved
out of tls.js and into node_constants.h and node_constants.cc.
Two new constants are added to require('constants'):
* defaultCipherList (the active default cipher list)
* defaultCoreCipherList (the built-in default cipher list)
A test case and doc changes are included.
A new NODE_DEFINE_STRING_CONSTANT macro is also created in
node_internals.h
When node_constants is initialized, it will pick up either
the passed in command line switch or fallback to the default
built-in suite.
Within joyent/node, this change had originaly been wrapped
up with a number of other related commits involving the
removal of the RC4 cipher. This breaks out this isolated
change.
/cc @mhdawson, @misterdjules, @trevnorris, @indutny, @rvagg
Reviewed By: Ben Noordhuis <ben@strongloop.com>
PR-URL: https://github.com/nodejs/node/pull/2412
Previously, V8:SetFlagsFromCommandLine was being called even if v8_argc
was 0. This change prevents that from being called unless v8 arguments
are actually passed.
Improves startup time by about 5%.
PR-URL: https://github.com/nodejs/node/pull/2483
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>