Skip to content

8268427: Improve AlgorithmConstraints:checkAlgorithm performance #193

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
eastig wants to merge 1 commit into from
Closed

8268427: Improve AlgorithmConstraints:checkAlgorithm performance #193

eastig wants to merge 1 commit into from

Conversation

@eastig
Copy link
Member

@eastig eastig commented Aug 4, 2021
edited by openjdk bot
Loading

A backport of JDK-8233228 to 11u increased the list of disabled algorithms. For TLS the size of the list increased from 9 to 56. sun.security.util.AbstractAlgorithmConstraints.checkAlgorithm() uses linear search to check if an algorithm has been disabled. Its execution time significantly increased in the most common case: a checked algorithm is not disabled.

This backport improves AbstractAlgorithmConstraints.checkAlgorithm() performance.
Tier1 and tier2 tests pass with the patch.

The patch contains a microbenchmark.
Baseline results before patch:

Benchmark                            (algorithm)  Mode  Cnt     Score    Error  Units
AlgorithmConstraintsPermits.permits        SSLv3  avgt   25    17.296 ±  0.282  ns/op
AlgorithmConstraintsPermits.permits          DES  avgt   25   288.010 ±  2.502  ns/op
AlgorithmConstraintsPermits.permits         NULL  avgt   25   459.496 ±  6.160  ns/op
AlgorithmConstraintsPermits.permits       TLS1.3  avgt   25  1361.700 ± 12.871  ns/op

Benchmark results after patch:

Benchmark                            (algorithm)  Mode  Cnt     Score    Error  Units
AlgorithmConstraintsPermits.permits        SSLv3  avgt   25  119.320 ± 2.572  ns/op
AlgorithmConstraintsPermits.permits          DES  avgt   25   82.259 ± 0.668  ns/op
AlgorithmConstraintsPermits.permits         NULL  avgt   25   57.302 ± 3.611  ns/op
AlgorithmConstraintsPermits.permits       TLS1.3  avgt   25  465.914 ± 2.553  ns/op

Before the patch the list of the disabled algorithms has SSLv3 first, DES second, NULL 9th and TLS1.3 not on the list. As SSLv3 is the first, accesses to it are the fastest. As we get far from the head, the access time increases. NULL had been the last before JDK-8233228. In a case of TLS1.3 the whole list has to be checked.

The patch replaces the list with an ordered set. Despite the increased time for SSLv3 all other times, especially for permitted algorithms such as TLS1.3, significantly decreased.

Progress

  • Change must not contain extraneous whitespace
  • Commit message must refer to an issue

Issue

  • JDK-8268427: Improve AlgorithmConstraints:checkAlgorithm performance

Reviewing

Using git

Checkout this PR locally:
$ git fetch https://git.openjdk.java.net/jdk11u-dev pull/193/head:pull/193
$ git checkout pull/193

Update a local copy of the PR:
$ git checkout pull/193
$ git pull https://git.openjdk.java.net/jdk11u-dev pull/193/head

Using Skara CLI tools

Checkout this PR locally:
$ git pr checkout 193

View PR using the GUI difftool:
$ git pr show -t 193

Using diff file

Download this PR as a diff file:
https://git.openjdk.java.net/jdk11u-dev/pull/193.diff

@bridgekeeper
Copy link

bridgekeeper bot commented Aug 4, 2021

👋 Welcome back eastig! A progress list of the required criteria for merging this PR into master will be added to the body of your pull request. There are additional pull request commands available for use with this pull request.

@openjdk openjdk bot changed the title Backport 3b83bc1bc331d268987f56ea4f23124a7f6ee38b 8268427: Improve AlgorithmConstraints:checkAlgorithm performance Aug 4, 2021
@openjdk
Copy link

openjdk bot commented Aug 4, 2021

This backport pull request has now been updated with issue from the original commit.

@openjdk openjdk bot added backport Port of a pull request already in a different code base clean Identical backport; no merge resolution required labels Aug 4, 2021
@openjdk
Copy link

openjdk bot commented Aug 4, 2021
edited
Loading

@eastig This change now passes all automated pre-integration checks.

After integration, the commit message for the final commit will be:

8268427: Improve AlgorithmConstraints:checkAlgorithm performance

You can use pull request commands such as /summary, /contributor and /issue to adjust it as needed.

At the time when this comment was updated there had been 22 new commits pushed to the master branch:

  • 1538790: 8272078: Wrong Checksums in Temurin BootJDK dependencies
  • 3d12a46: 8234510: Remove file seeking requirement for writing a heap dump
  • 1faefed: 8253424: Add support for running pre-submit testing using GitHub Actions
  • d780f93: 8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
  • 90d30cc: 8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
  • 9d521b1: 8257913: Add more known library locations to simplify Linux cross-compilation
  • 5464d62: 8238930: problem list compiler/c2/Test8004741.java
  • 1c77fa8: 8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
  • 52a32a7: 8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
  • 1223b58: 8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
  • ... and 12 more: https://git.openjdk.java.net/jdk11u-dev/compare/05c76978a6954897500c3dc8ac6aeca0f23e57cd...master

As there are no conflicts, your changes will automatically be rebased on top of these commits when integrating. If you prefer to avoid this automatic rebasing, please check the documentation for the /integrate command for further details.

As you do not have Committer status in this project an existing Committer must agree to sponsor your change.

➡️ To flag this PR as ready for integration with the above commit message, type /integrate in a new comment. (Afterwards, your sponsor types /sponsor in a new comment to perform the integration).

@openjdk openjdk bot added ready Pull request is ready to be integrated rfr Pull request is ready for review labels Aug 4, 2021
@mlbridge
Copy link

mlbridge bot commented Aug 4, 2021

Webrevs

@eastig
Copy link
Member Author

eastig commented Aug 6, 2021

/integrate

@openjdk openjdk bot added the sponsor Pull request is ready to be sponsored label Aug 6, 2021
@openjdk
Copy link

openjdk bot commented Aug 6, 2021

@eastig
Your change (at version 51a8e6a) is now ready to be sponsored by a Committer.

@phohensee
Copy link
Member

phohensee commented Aug 6, 2021

/sponsor

@openjdk
Copy link

openjdk bot commented Aug 6, 2021

Going to push as commit 4e32429.
Since your change was applied there have been 22 commits pushed to the master branch:

  • 1538790: 8272078: Wrong Checksums in Temurin BootJDK dependencies
  • 3d12a46: 8234510: Remove file seeking requirement for writing a heap dump
  • 1faefed: 8253424: Add support for running pre-submit testing using GitHub Actions
  • d780f93: 8249095: tools/javac/launcher/SourceLauncherTest.java fails on Windows
  • 90d30cc: 8209380: ARM: cleanup maybe-uninitialized and reorder compiler warnings
  • 9d521b1: 8257913: Add more known library locations to simplify Linux cross-compilation
  • 5464d62: 8238930: problem list compiler/c2/Test8004741.java
  • 1c77fa8: 8254270: linux 32 bit build doesn't compile libjdwp/log_messages.c
  • 52a32a7: 8269851: OperatingSystemMXBean getProcessCpuLoad reports incorrect process cpu usage in containers
  • 1223b58: 8212040: Compilation error due to wrong usage of NSPrintJobDispositionValue in mac10.12
  • ... and 12 more: https://git.openjdk.java.net/jdk11u-dev/compare/05c76978a6954897500c3dc8ac6aeca0f23e57cd...master

Your commit was automatically rebased without conflicts.

@openjdk openjdk bot closed this Aug 6, 2021
@openjdk openjdk bot added integrated Pull request has been integrated and removed ready Pull request is ready to be integrated rfr Pull request is ready for review sponsor Pull request is ready to be sponsored labels Aug 6, 2021
@openjdk
Copy link

openjdk bot commented Aug 6, 2021

@phohensee @eastig Pushed as commit 4e32429.

💡 You may see a message that your pull request was closed with unmerged commits. This can be safely ignored.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

backport Port of a pull request already in a different code base clean Identical backport; no merge resolution required integrated Pull request has been integrated

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@eastig @phohensee