tls: improve TLSSocket & Server performance

[apapirovski]

While working on http2 I spent some time digging around tls and I noticed that there were a whole lot of unnecessary closures and function calls throughout. I decided to go through and try to eliminate as many of them as possible. Turns out some of these didn't even need much changed (such as all the _handle events because the _handle already knows which TLSSocket it belongs to).

I tried to limit the churn as much as possible but there definitely is some of it. I've avoided making unnecessary variable adjustments from var to let, const except where the line in question (or related block) was already changing. I also limited all my changes to performance and kept all the logic the same. While the existing tests cover a very solid amount of this module, I didn't want to potentially introduce bugs in uncovered edge cases.

It's a bit hard to get a good measure of performance for these changes as so much of this performance is being limited elsewhere but I created a basic benchmark for TLSSocket creation which clocked in at (and do note that this is limited by the C++ and other code, there's a note re: JS specific numbers further down)

tls/socket.js n=100000     13.48 %        *** 3.554366e-08

The tls-connect benchmark was not much help because it seemed limited by my system's ability to allocate new sockets rather than the actual performance of the code. I couldn't even run a reliable benchmark comparing master to master itself (with 200 runs, I got results anywhere from -10 to 10% with almost no certainty), let alone my code to master.

I also used vegeta to hit a basic TLS server and ran a benchmark for what the max handled requests per second would be at full saturation. With these changes I got a reliable 4% increase across a total of million requests or so.

Also, running the node profiler on the new code indicates that the JS code throughout TLSSocket takes about 50% less time and the JS code within tlsConnectionListener takes about 35% less time (this is across 40 runs of tls-connect.js and 10m session with vegeta). It's a bit hard to run an actual benchmark on it though because so much of it is tied to other code.

I realize this is quite a lot to review so thanks for any and all feedback! Let me know if there's anything I can do to make this more digestible.

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• commit message follows commit guidelines

Affected core subsystem(s)

tls

[mscdex]

CI: https://ci.nodejs.org/job/node-test-pull-request/10227/

[apapirovski]

No clue what's going on with the linter[1] but the centos5 failures are related to #15505 and Windows seems to be an inspector/test-bindings fail. Everything else is green.

Thanks for running the CI @mscdex!

[1] Does anyone know? Every CI I've seen lately, it fails.

[refack]

Does anyone know? Every CI I've seen lately, it fails.

There's an issue with the error codes in

node/lib/internal/errors.js

Lines 119 to 121 in 150b8f7

	E('ERR_ARG_NOT_ITERABLE', '%s must be iterable');
	E('ERR_ASSERTION', '%s');
	E('ERR_ASYNC_CALLBACK', (name) => `${name} must be a function`);

going out of ASCIIbetical order.
I'll open a PR for that.

[BridgeAR]

Just a few small things and the CI must be happy but otherwise this is LGTM.

[BridgeAR]

All entries of loadSessionDone have a a single line that they would call in the function. This can always be inlined directly. There is no need for calling that function.

[BridgeAR]

There is no need to call the function if you know that self.destroy(err) is going to be called. This can be inlined and the function can be inlined for all error cases and that case can be removed from the function.

[BridgeAR]

The calling functions calls hello info. This is somewhat inconsistent.

I see why you changed owner to self but I am also not very happy about that naming either. Right now I am not certain what would be best.

[BridgeAR]

Same as above again. Inlining would be good.

[BridgeAR]

If I am not mistaken, it is not possible to reach this. self._handle should never be null.

[apapirovski]

Since the user has control over that callback, it could indeed be called after _handle has been nulled. Ignore me, thought this referred to the one above it.

[BridgeAR]

This could be simplified by moving this in the upper if (!ctx) check. This would safe a check in case ctx exists from the beginning on.

[BridgeAR]

Do we know if the error message is static / never changed before? In this case it would be faster to compare the whole message as string.

[apapirovski]

Not sure and we don't have a test that covers this. I don't think we should change in this PR. I tried to avoid anything that could actually break things.

[BridgeAR]

When changing this, you can directly switch to get() { and set(value) {

[apapirovski]

This needs to be an arrow function. (I'm trying to avoid referencing res so the unsetting can happen in a separate function and there's no leak.)

[BridgeAR]

No need for the ctx variable at all. You could call the callback here and return and call the callback below with undefined (if that is possible - otherwise that is obsolete).

[BridgeAR]

Nice work!

[apapirovski]

Thanks for the detailed feedback! Made all the requested changes.

(Sorry for the commit spam, went back and forth on the error message thing above but decided to leave because we don't have a test.)

[BridgeAR]

LGTM. Please check the coverage once again though to be sure there is no uncovered code.

[BridgeAR]

This could still be combined with the upper if (!ctx) statement. It might also be interesting to see what socket._handle.sni_context and socket.server._sharedCreds returns. If we know it is either a object or null / undefined, we could make the check explicit (e.g. if (ctx === null)).

if (!ctx) {
  ctx = socket.server._sharedCreds;
  if (!ctx)
    return requestOCSPDone(socket);
}

Writing more explicit JS does make a nice difference with Turbofan.

[apapirovski]

Yeah, I don't think we're guaranteed them to be anything in particular because user modules do have access and TLS has previously been broken by making these assumptions elsewhere. (Can't find the PR & issue in question right now but can link later.)

I will update to make it a nested if statement though. Thanks!

[jasnell]

Nothing stands out as being problematic. Would like @mcollina to take a look

[jasnell]

CI: https://ci.nodejs.org/job/node-test-pull-request/10259/

[jasnell]

Ping @mcollina

[mcollina]

I am not very comfortable with this change landing in 8 right now as we are getting closer to LTS. It might be fine, but I would prefer it to get some proper testing under the 9 line before we backport.

This would need some CITGM runs to check if there are any known regressions.

I have added some questions and feedbacks, once those are satisfied you can dismiss this review (I am traveling until the 10th of October).

[mcollina]

was this added here? Or was it moved from somewhere else?

[apapirovski]

It's moved from elsewhere. _finalInit has two paths: onhandshakedone (server) or being called directly (client). But _newSessionPending can only happen on the server because it's called from onnewsession which only runs on the server.

https://github.com/apapirovski/node/blob/47923ca39cc4bd3f841de2152e393ff7ffade63c/lib/_tls_wrap.js#L224-L230

[mcollina]

A callback here is removed. It's very hard to track these changes, so I might be losing something, but it seems that the callback called self._handle.setOCSPResponse(response) which lost doing the refactoring.

[apapirovski]

The cb for loadSession is self._handle.endParser(), which has instead been inlined.

[mcollina]

I don't think there is a need to use this[kRes] here, as we are closing upon res anyway.

[apapirovski]

This was added because I think otherwise it's a cyclic reference, no? Also see this commit apapirovski@f7620fb

[mcollina]

I do not think this is a good idea, is it possible to remove it without allocating any more closures?

[apapirovski]

Not that I can tell. Doing it this way is more performant based on my testing but can revert.

[mcollina]

Can you please benchmark with and without? it does not seem to be needed, but I would be happy to be wrong.

[apapirovski]

Sorry, what I mean is: I can't remove the closure without using this[kRes]. If we're ok with having a closure then this is fine. The performance difference is minor.

[mcollina]

Which closure?

[mcollina]

The cyclic reference still exists, as the closures below are closing over res. The actual solution is to move the whole Object.defineProperty to an outside function that is not passed resto. Then this[kRes] is correct.

[apapirovski]

I might be going crazy here, sorry for dragging this on but...

  this[kRes] = res;
  Object.defineProperty(handle, 'reading', {
    get: () => {
      return this[kRes].reading;
    },
    set: (value) => {
      this[kRes].reading = value;
    }
  });


  this.on('close', onSocketCloseDestroySSL);

Then we unset this[kRes] and res is no longer referenced by anything. I could be completely nuts though, been a long day. That said, what you're saying makes sense so it could be:

  const res = tls_wrap.wrap(handle._externalStream,
                            context.context,
                            !!options.isServer);
  res._parent = handle;
  res._parentWrap = wrap;
  res._secureContext = context;
  res.reading = handle.reading;
  this[kRes] = res;
  defineHandleReading(this, handle);

  this.on('close', onSocketCloseDestroySSL);

  return res;
};

function defineHandleReading(socket, handle) {
  Object.defineProperty(handle, 'reading', {
    get: () => {
      return socket[kRes].reading;
    },
    set: (value) => {
      socket[kRes].reading = value;
    }
  });
}

function onSocketCloseDestroySSL() {
  // Make sure we are not doing it on OpenSSL's stack
  setImmediate(destroySSL, this);
  this[kRes] = null;
}

Not sure how much that actually improves things though since extra function call and all.

[mcollina]

You would have to wait for the handle to be collected to be able to free res, while in this way it could be freed earlier. It was the spirit of https://github.com/apapirovski/node/blame/7a953929fef5a7892d4697ed73e6fd314055beee/lib/_tls_wrap.js#L404-L408, which makes the getter and setter refer to nothing, and it clear res from those closures as well.

The function call can likely be inlined by V8, so there should not be drop in performance but verify.

[BridgeAR]

I think this is the most controversial part here. As the diff is definitely not easy to read here I would suggest to remove this optimization for now and you could open another PR for that or at least have a individual commit for it. Both would make the review a lot easier.

[apapirovski]

I've updated it based on @mcollina's feedback. I think it should be good now?

[mcollina]

are we sure about removing this check? This function might be called outside of this module context.

[apapirovski]

See one of the comments above regarding this.

[mcollina]

This does not answer my question. This function might be called from outside this module.

[apapirovski]

Well, I mean, I suppose someone could reimplement the whole logic around _newSessionPending in user-land. But right now that _newSessionPending is set within onnewsession which only runs on the server and so it was moved into that branch instead. The reason this was added was to support async sessions, as far as I can tell and this is the code in question:

function onnewsession(key, session) {
   [removed]

    owner._newSessionPending = false;
    if (owner._securePending)
      owner._finishInit();
    owner._securePending = false;
  };


  owner._newSessionPending = true;
  if (!owner.server.emit('newSession', key, session, done))
    done();
}

Here's the commit in question: apapirovski@75ea11f

[mcollina]

You might want to define the new symbols in the constructor, assigning them to null is ok, so you would not alter the shape of the object for every request.

[mcollina]

As a side note, these types of refactoring are very hard to review. It would have been better if it was split in different commits to track down from where stuff was moved.

[apapirovski]

@mcollina If you would prefer me to open a separate PR for different parts of this, I can probably do that. It's a bit tricky because not all of it is an identifiable unit but can figure something out.

[mcollina]

I might be overcautious, but it would be better if other @nodejs/tsc members review this.

[mcollina]

Would you mind adding a comment that links to f7620fb, explaining why it is being done in this way?

[apapirovski]

Updated, I think the commit explains it well (and it shows all the relevant parts) but let me know if you prefer a full outline of it within the code.

[mcollina]

LGTM

[apapirovski]

Thanks for the review @mcollina — sorry about the size of change. 😓

[indutny]

LGTM, if it works

[apapirovski]

CI run seemed clean twice, maybe we could kick off a CITGM?

[BridgeAR]

CI https://ci.nodejs.org/job/node-test-pull-request/10365/
CITGM https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1005/

[BridgeAR]

Landed in 5723b5d

[MylesBorins]

This is not landing cleanly on 8.x. Could you please backport

[apapirovski]

I think @mcollina had objections to landing this on 8.x. Still the case?

[MylesBorins]

ping @mcollina

[mcollina]

@MylesBorins @apapirovski I would prefer this to land on 9, brew there for a bit, and then be backported. There is a non-null chance that this introduces regressions, and I am concerned on landing this right before 8 goes LTS.

[MylesBorins]

@mcollina I've thrown the baking label on here :D

[BethGriggs]

@mcollina @MylesBorins - is this still something that should be backported to v8.x now it has had time to bake?

[MylesBorins]

I defer to @mcollina and @mhdawson on this. Generally we should not be prioritizing performance changes imho.

[mcollina]

I'm +1 for backporting this if it lands cleanish.