Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is an exploratory PR (WIP) and I'm curious to hear what people think about this new feature.
This was a hack week at Twitter and my (very boring) project was to see what we can gain by dropping them finalizers on
SslEgines
. One of the long-standing problems we had with services churning connections is their GC times are suffering from very long finalizer queues. One workaround we applied was to use parallel ref processing. This mitigated the problem but didn't solve the problem entirely.You'd ask why we're not using RefCounted OpenSSL engines - this is exactly what they exist for. Well, we want but we can't due to how we instantiate SSL contexts in Finagle (we can properly release engines but not contexts).
I tried to implement a MIXIED SSL provider that suites our needs - it uses finalizers for contexts but relies on manual release for engines. I vendored a Netty internally and tried the branch against a couple of services.
The results are promising. Here is an example of a "remark" GC phase BEFORE and AFTER (we used to see a lot of slowdown during remark):
BEFORE:
AFTER:
You can see that ProcessFinalRefs now takes 0.5ms as opposed to 25ms before as the number of objects in the finalizer queue is substantially down.
What do people think about having a MIXED SSL provider in Netty? We're obviously going to benefit from it, but I wasn't sure how other adopters find it useful.
UPDATE: Bryce's #9626 would make it possible to hack this on our end, within Finagle by defaulting to the ref-counted SSL provider and manually wrapping SslContext with a class that implements a finalizer.