Improve performance for attribute access error on large records #754
Labels
backlog
We hope to work on this in the future
internal-improvement
Refactoring, performance improvement, or other non-breaking change
Describe the improvement you'd like to request
Attempting to access an non-existing attribute on a large record causes unexpectedly high latency for authorization requests.
In the following benchmarks, I construct a context record containing 100,000 attributes and then evaluate two policies, one that accesses an existing attribute, and another that access an attribute that does not exist, resulting in an evaluation error. The error case has much worse performance, taking over a millisecond while the non-error case is measured in nanoseconds.
This behavior is due to error case rebuilding the context record as a
Vec
of its keys on this line:cedar/cedar-policy-core/src/evaluator.rs
Line 774 in 57d3463
Replacing this line with
vec![]
and re-running the benchmarks shows much better times, but we would like to keep the nicer error message if possible.Benchmark used:
Describe alternatives you've considered
No response
Additional context
No response
Is this something that you'd be interested in working on?
The text was updated successfully, but these errors were encountered: