New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve IAST metric unwrapping logic #6831
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
manuel-alvarez-alvarez
added
tag: performance
Performance related changes
comp: asm iast
Application Security Management (IAST)
labels
Mar 21, 2024
BenchmarksStartupParameters
See matching parameters
SummaryFound 1 performance improvements and 0 performance regressions! Performance is the same for 48 metrics, 14 unstable metrics.
Startup time reports for petclinicgantt
title petclinic - global startup overhead: candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.075 s) : 0, 1075087
Total [baseline] (10.411 s) : 0, 10411114
Agent [candidate] (1.083 s) : 0, 1083123
Total [candidate] (10.41 s) : 0, 10409598
section appsec
Agent [baseline] (1.199 s) : 0, 1198923
Total [baseline] (10.5 s) : 0, 10500096
Agent [candidate] (1.201 s) : 0, 1200594
Total [candidate] (10.51 s) : 0, 10510025
section iast
Agent [baseline] (1.206 s) : 0, 1205764
Total [baseline] (10.896 s) : 0, 10896065
Agent [candidate] (1.2 s) : 0, 1199994
Total [candidate] (10.959 s) : 0, 10958972
section profiling
Agent [baseline] (1.264 s) : 0, 1263875
Total [baseline] (10.554 s) : 0, 10553740
Agent [candidate] (1.269 s) : 0, 1268658
Total [candidate] (10.598 s) : 0, 10597672
gantt
title petclinic - break down per module: candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.665 ms) : 0, 685665
BytebuddyAgent [candidate] (690.363 ms) : 0, 690363
GlobalTracer [baseline] (297.076 ms) : 0, 297076
GlobalTracer [candidate] (300.049 ms) : 0, 300049
AppSec [baseline] (49.416 ms) : 0, 49416
AppSec [candidate] (49.605 ms) : 0, 49605
Remote Config [baseline] (1.073 ms) : 0, 1073
Remote Config [candidate] (1.075 ms) : 0, 1075
Telemetry [baseline] (7.504 ms) : 0, 7504
Telemetry [candidate] (7.417 ms) : 0, 7417
section appsec
BytebuddyAgent [baseline] (693.437 ms) : 0, 693437
BytebuddyAgent [candidate] (694.403 ms) : 0, 694403
GlobalTracer [baseline] (291.063 ms) : 0, 291063
GlobalTracer [candidate] (291.963 ms) : 0, 291963
AppSec [baseline] (153.401 ms) : 0, 153401
AppSec [candidate] (153.863 ms) : 0, 153863
IAST [baseline] (19.288 ms) : 0, 19288
IAST [candidate] (18.598 ms) : 0, 18598
Remote Config [baseline] (609.5 µs) : 0, 610
Remote Config [candidate] (600.545 µs) : 0, 601
Telemetry [baseline] (6.769 ms) : 0, 6769
Telemetry [candidate] (6.769 ms) : 0, 6769
section iast
BytebuddyAgent [baseline] (799.174 ms) : 0, 799174
BytebuddyAgent [candidate] (794.341 ms) : 0, 794341
GlobalTracer [baseline] (290.395 ms) : 0, 290395
GlobalTracer [candidate] (289.303 ms) : 0, 289303
AppSec [baseline] (49.509 ms) : 0, 49509
AppSec [candidate] (48.821 ms) : 0, 48821
IAST [baseline] (25.069 ms) : 0, 25069
IAST [candidate] (25.981 ms) : 0, 25981
Remote Config [baseline] (588.94 µs) : 0, 589
Remote Config [candidate] (577.801 µs) : 0, 578
Telemetry [baseline] (6.512 ms) : 0, 6512
Telemetry [candidate] (6.609 ms) : 0, 6609
section profiling
BytebuddyAgent [baseline] (675.172 ms) : 0, 675172
BytebuddyAgent [candidate] (676.855 ms) : 0, 676855
GlobalTracer [baseline] (379.089 ms) : 0, 379089
GlobalTracer [candidate] (382.344 ms) : 0, 382344
AppSec [baseline] (49.438 ms) : 0, 49438
AppSec [candidate] (49.622 ms) : 0, 49622
Remote Config [baseline] (869.681 µs) : 0, 870
Remote Config [candidate] (897.706 µs) : 0, 898
Telemetry [baseline] (7.406 ms) : 0, 7406
Telemetry [candidate] (7.456 ms) : 0, 7456
ProfilingAgent [baseline] (95.745 ms) : 0, 95745
ProfilingAgent [candidate] (95.222 ms) : 0, 95222
Profiling [baseline] (95.769 ms) : 0, 95769
Profiling [candidate] (95.246 ms) : 0, 95246
Startup time reports for insecure-bankgantt
title insecure-bank - global startup overhead: candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section tracing
Agent [baseline] (1.076 s) : 0, 1076463
Total [baseline] (8.608 s) : 0, 8608291
Agent [candidate] (1.082 s) : 0, 1082355
Total [candidate] (8.569 s) : 0, 8569274
section iast
Agent [baseline] (1.201 s) : 0, 1201143
Total [baseline] (9.065 s) : 0, 9065066
Agent [candidate] (1.201 s) : 0, 1200564
Total [candidate] (9.124 s) : 0, 9124007
section iast_HARDCODED_SECRET_DISABLED
Agent [baseline] (1.196 s) : 0, 1195894
Total [baseline] (9.06 s) : 0, 9059960
Agent [candidate] (1.201 s) : 0, 1200734
Total [candidate] (9.073 s) : 0, 9073178
section iast_TELEMETRY_OFF
Agent [baseline] (1.197 s) : 0, 1196544
Total [baseline] (9.05 s) : 0, 9050092
Agent [candidate] (1.206 s) : 0, 1205888
Total [candidate] (9.12 s) : 0, 9119541
gantt
title insecure-bank - break down per module: candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section tracing
BytebuddyAgent [baseline] (685.22 ms) : 0, 685220
BytebuddyAgent [candidate] (689.603 ms) : 0, 689603
GlobalTracer [baseline] (298.651 ms) : 0, 298651
GlobalTracer [candidate] (299.914 ms) : 0, 299914
AppSec [baseline] (49.621 ms) : 0, 49621
AppSec [candidate] (49.518 ms) : 0, 49518
Remote Config [baseline] (1.082 ms) : 0, 1082
Remote Config [candidate] (1.056 ms) : 0, 1056
Telemetry [baseline] (7.544 ms) : 0, 7544
Telemetry [candidate] (7.482 ms) : 0, 7482
section iast
BytebuddyAgent [baseline] (797.215 ms) : 0, 797215
BytebuddyAgent [candidate] (794.264 ms) : 0, 794264
GlobalTracer [baseline] (287.84 ms) : 0, 287840
GlobalTracer [candidate] (289.693 ms) : 0, 289693
AppSec [baseline] (49.014 ms) : 0, 49014
AppSec [candidate] (51.235 ms) : 0, 51235
IAST [baseline] (24.602 ms) : 0, 24602
IAST [candidate] (23.764 ms) : 0, 23764
Remote Config [baseline] (568.571 µs) : 0, 569
Remote Config [candidate] (576.054 µs) : 0, 576
Telemetry [baseline] (7.288 ms) : 0, 7288
Telemetry [candidate] (6.623 ms) : 0, 6623
section iast_HARDCODED_SECRET_DISABLED
BytebuddyAgent [baseline] (792.215 ms) : 0, 792215
BytebuddyAgent [candidate] (794.566 ms) : 0, 794566
GlobalTracer [baseline] (287.265 ms) : 0, 287265
GlobalTracer [candidate] (290.046 ms) : 0, 290046
AppSec [baseline] (48.758 ms) : 0, 48758
AppSec [candidate] (49.755 ms) : 0, 49755
IAST [baseline] (24.566 ms) : 0, 24566
IAST [candidate] (24.775 ms) : 0, 24775
Remote Config [baseline] (582.304 µs) : 0, 582
Remote Config [candidate] (576.513 µs) : 0, 577
Telemetry [baseline] (8.208 ms) : 0, 8208
Telemetry [candidate] (6.635 ms) : 0, 6635
section iast_TELEMETRY_OFF
BytebuddyAgent [baseline] (791.19 ms) : 0, 791190
BytebuddyAgent [candidate] (797.346 ms) : 0, 797346
GlobalTracer [baseline] (288.826 ms) : 0, 288826
GlobalTracer [candidate] (292.021 ms) : 0, 292021
AppSec [baseline] (49.095 ms) : 0, 49095
AppSec [candidate] (49.965 ms) : 0, 49965
IAST [baseline] (25.867 ms) : 0, 25867
IAST [candidate] (24.738 ms) : 0, 24738
Remote Config [baseline] (576.498 µs) : 0, 576
Remote Config [candidate] (582.843 µs) : 0, 583
Telemetry [baseline] (6.578 ms) : 0, 6578
Telemetry [candidate] (6.602 ms) : 0, 6602
LoadParameters
See matching parameters
SummaryFound 0 performance improvements and 1 performance regressions! Performance is the same for 10 metrics, 17 unstable metrics.
Request duration reports for petclinicgantt
title petclinic - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section baseline
no_agent (1.328 ms) : 1309, 1348
. : milestone, 1328,
appsec (1.724 ms) : 1700, 1749
. : milestone, 1724,
appsec_no_iast (1.73 ms) : 1705, 1754
. : milestone, 1730,
iast (1.482 ms) : 1459, 1505
. : milestone, 1482,
profiling (1.51 ms) : 1483, 1536
. : milestone, 1510,
tracing (1.476 ms) : 1452, 1499
. : milestone, 1476,
section candidate
no_agent (1.324 ms) : 1305, 1343
. : milestone, 1324,
appsec (1.724 ms) : 1699, 1749
. : milestone, 1724,
appsec_no_iast (1.723 ms) : 1698, 1748
. : milestone, 1723,
iast (1.479 ms) : 1457, 1502
. : milestone, 1479,
profiling (1.574 ms) : 1549, 1599
. : milestone, 1574,
tracing (1.476 ms) : 1452, 1500
. : milestone, 1476,
Request duration reports for insecure-bankgantt
title insecure-bank - request duration [CI 0.99] : candidate=1.32.0-SNAPSHOT~005d600627, baseline=1.32.0-SNAPSHOT~b85644360c
dateFormat X
axisFormat %s
section baseline
no_agent (367.159 µs) : 345, 389
. : milestone, 367,
iast (470.482 µs) : 450, 491
. : milestone, 470,
iast_FULL (533.753 µs) : 513, 555
. : milestone, 534,
iast_GLOBAL (488.567 µs) : 468, 509
. : milestone, 489,
iast_HARDCODED_SECRET_DISABLED (477.114 µs) : 456, 498
. : milestone, 477,
iast_INACTIVE (447.567 µs) : 427, 469
. : milestone, 448,
iast_TELEMETRY_OFF (474.407 µs) : 453, 496
. : milestone, 474,
tracing (433.724 µs) : 414, 454
. : milestone, 434,
section candidate
no_agent (365.453 µs) : 346, 385
. : milestone, 365,
iast (470.068 µs) : 450, 491
. : milestone, 470,
iast_FULL (537.094 µs) : 517, 558
. : milestone, 537,
iast_GLOBAL (487.249 µs) : 467, 508
. : milestone, 487,
iast_HARDCODED_SECRET_DISABLED (475.686 µs) : 455, 497
. : milestone, 476,
iast_INACTIVE (448.664 µs) : 427, 470
. : milestone, 449,
iast_TELEMETRY_OFF (469.567 µs) : 448, 491
. : milestone, 470,
tracing (442.938 µs) : 422, 464
. : milestone, 443,
|
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-metric-perf
branch
from
March 22, 2024 10:49
3c47a15
to
9bd5ede
Compare
manuel-alvarez-alvarez
changed the title
Delay IAST metric unwrapping to improve perf
Improve IAST metric unwrapping logic
Mar 22, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-metric-perf
branch
from
March 22, 2024 10:54
9bd5ede
to
f27e538
Compare
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-metric-perf
branch
from
March 22, 2024 10:56
f27e538
to
f3b71b7
Compare
jandro996
approved these changes
Mar 22, 2024
manuel-alvarez-alvarez
force-pushed
the
malvarez/iast-metric-perf
branch
from
March 25, 2024 09:00
f3b71b7
to
005d600
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
comp: asm iast
Application Security Management (IAST)
run-tests: all
Run all tests
tag: performance
Performance related changes
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What Does This Do
Improves the handling of wrapped metrics from two fronts: