New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Regression]: Performance regression for cold restores in .NET 5.0.x #11031
Comments
Hi @marcin-krystianc , may I know if the testing is on Windows platform? |
Yes, my testing was done on Windows. But I don't think that it has anything to do with firewall or access to the Internet in general. I've been able to reproduce in two different machines, both of them have unrestricted (and very fast) Internet access. |
Could you help check if there is any difference of the dependencies when changing the .NET version? Thanks! |
Hi, I've compared the content of global packages folder for
|
As Heng mentioned in an earlier comment, a major difference between the .NET Core 3.1 SDK and the .NET 5 SDK, is that package signature verification was added. This needs to:
A package may or may not have an author signature, and if the package has been uploaded to nuget.org, it will have a repository signature. So commonly there's at least 1, and sometimes 2 certificate chains to check, possibly with timestamp servers, and may involve HTTP requests and there server latency. And the SHA256 hash is going to use a lot of CPU. I'm not saying the perf impact you measured is necessarily acceptable, but this is new work that .NET Core 3.1 SDK was not doing, so no amount of optimization is going to make this get back to earlier performance. Signed packages is one tool to reduce risk of supply chain attacks, which has been in the news a lot in the last 6 months, at least in the USA. Anyway, this issue is assigned to @aortiz-msft, so I'll leave it to him to prioritize. |
I've done some performance testing and my early conclusion is that the signature verification is only a red herring. Removing the code responsible for signature verification doesn't make it much faster. |
@marcin-krystianc thanks, that's fascinating! Since you're on Windows, when you look at Task Manager's Performance tab, or use Resource Manager, where you can see CPU and disk busy % at the same time, do you see significant differences between NuGet with and without mmap? Does it appear to be IO or CPU limited? Or is it not obvious? Can you share a little about the hardware you tested on? Is it a VM or a physical machine? spinning disk or SSD? I admit I didn't validate the perf myself when the PR was created a year ago, but the results shown in the PR indicates that with mmap it was twice as fast on the machine it was tested on. |
@zivkan Hi, I've created a PR with a change to stop using mmap-based I/O for package extraction. I've repeated my testing on Windows and Linux. I was also able to reproduce the problem outside NuGet wit a test application. My conclusion is that the mmap-based I/O is slower when writing small files (up to 1MB) and has the same performance as filestreams for larger files. |
NuGet Product Used
dotnet.exe
Product Version
5.x
Worked before?
3.1.407
Impact
Other
Repro Steps & Context
I've noticed a NuGet performance regression between versions 3.1.x and 5.0.x of .NET SDK.
It only affects cold restores (i.e. when packages need to be downloaded from remote feed). When the restore happens for a warm cache (i.e. global packages folder already contains all necessary packages) then the regression does not occur.
Tested solutions:
Test scripts - https://github.com/NuGet/NuGet.Client/tree/dev/scripts/perftests
Results:
We can see that for the "arctic" scenario (i.e. scenario where NuGet needs to download packages from remote feed) the restore time got much worse with the release of .NET 5.
No such negative effect exists though for the "force" scenario (i.e. scenario where global packages folder already contains all packages so nothing needs to be downloaded).
Raw data:
Verbose Logs
No response
The text was updated successfully, but these errors were encountered: