aws · Dec 12, 2024
diff --git a/‎bindings/rust/bench/Cargo.toml
+3-32 b/‎bindings/rust/bench/Cargo.toml
+3-32
diff --git a/‎bindings/rust/bench/README.md
+1-47 b/‎bindings/rust/bench/README.md
+1-47
diff --git a/‎bindings/rust/bench/benches/handshake.rs
+10-20 b/‎bindings/rust/bench/benches/handshake.rs
+10-20
diff --git a/‎bindings/rust/bench/benches/throughput.rs
+10-19 b/‎bindings/rust/bench/benches/throughput.rs
+10-19
@@ -3,31 +3,14 @@ name = "bench"
 version = "0.1.0"
 edition = "2021"
 
-[features]
-default = ["rustls", "openssl"]
-rustls = ["dep:rustls", "rustls-pemfile"]
-openssl = ["dep:openssl"]
-memory = ["plotters", "crabgrind", "structopt"]
-historical-perf = ["plotters", "serde_json", "semver"]
-
 [dependencies]
 s2n-tls = { path = "../s2n-tls" }
 errno = "0.3"
 libc = "0.2"
 strum = { version = "0.25", features = ["derive"] }
-rustls = { version = "0.23", optional = true }
-rustls-pemfile = { version = "2", optional = true }
-openssl = { version = "0.10", features = ["vendored"], optional = true }
-crabgrind = { version = "0.1", optional = true }
-structopt = { version = "0.3", optional = true }
-serde_json = { version = "1.0", optional = true }
-semver = { version = "1.0", optional = true }
-
-[dependencies.plotters]
-version = "0.3"
-optional = true
-default-features = false
-features = ["all_series", "all_elements", "full_palette", "svg_backend"]
+rustls = { version = "0.23" }
+rustls-pemfile = { version = "2" }
+openssl = { version = "0.10", features = ["vendored"] }
 
 [dev-dependencies]
 criterion = "0.5"
@@ -37,18 +20,6 @@ pprof = { version = "0.12", features = ["criterion", "flamegraph"] }
 env_logger = "0.10"
 log = "0.4"
 
-[[bin]]
-name = "memory"
-required-features = ["memory"]
-
-[[bin]]
-name = "graph_memory"
-required-features = ["memory"]
-
-[[bin]]
-name = "graph_perf"
-required-features = ["historical-perf"]
-
 [[bench]]
 name = "handshake"
 harness = false
 
@@ -8,7 +8,7 @@ All benchmarks are run in an idealized environment, using only a single thread a
 
 ```
 # generate rust bindings
-../generate.sh
+../generate.sh --skip-tests
 
 # run all benchmarks
 cargo bench
@@ -36,37 +36,6 @@ Throughput benchmarks measure round-trip throughput with the client and server c
 
 To generate flamegraphs, run `cargo bench --bench handshake --bench throughput -- --profile-time 5`, which profiles each benchmark for 5 seconds and stores the resulting flamegraph in `target/criterion/[bench-name]/[lib-name]/profile/flamegraph.svg`.
 
-## Memory benchmarks
-
-To run all memory benchmarks, run `scripts/bench-memory.sh`. Graphs of memory usage will be generated in `images/`.
-
-Memory benchmark data is generated using the `memory` binary. Command line arguments can be given to `cargo run` or to the built executable located at `target/release/memory`. The usage is as follows:
-
-```
-memory [(pair|client|server)] [(s2n-tls|rustls|openssl)] [--reuse-config (true|false)] [--shrink-buffers (true|false)]
-```
-
-- `(pair|client|server)`: target to memory bench, defaults to `server`
-- `(s2n-tls|rustls|openssl)`: library to be benched, if unset benches all libraries
-- `--reuse-config`: if `true` (default), reuse configs between connections
-- `--shrink-buffers`: if `true` (default), shrink buffers owned by connections
-
-To view a callgraph of memory usage, use [KCachegrind](https://github.com/KDE/kcachegrind) on `xtree.out` generated from memory benching:
-
-```
-kcachegrind target/memory/<params>/<target>/<library>/xtree.out
-```
-
-To view a flamegraph of memory usage, use [heaptrack](https://github.com/KDE/heaptrack) with `heaptrack_gui` also installed. Run heaptrack with the `memory` executable and target/library options:
-
-```
-heaptrack target/release/memory (pair|client|server) (s2n-tls|rustls|openssl)
-```
-
-## Historical benchmarks
-
-To do historical benchmarks, run `scripts/bench-past.sh`. This will checkout old versions of s2n-tls back to v1.3.16 in `target/` and run benchmarks on those with the `historical-perf` feature, disabling Rustls and OpenSSL benches.
-
 ## PKI Structure
 ```
    ┌────root──────┐
@@ -88,21 +57,6 @@ The last version benched is v1.3.16, since before that, the s2n-tls Rust binding
 
 v1.3.30-1.3.37 are not benched because of dependency issues when generating the Rust bindings. However, versions before and after are benched, so the overall trend in performance can still be seen without the data from these versions.
 
-### Sample output
-
-Because these benches take a longer time to generate (>30 min), we include the results from historical benching (as of v1.3.47) here.
-
-Notes:
-- Two sets of parameters for the handshake couldn't be benched before 1.3.40, since security policies that negotiated those policies as their top choice did not exist before then.
-- There is no data from 1.3.30 to 1.3.37 because those versions have a dependency issue that cause the Rust bindings not to build. However, there is data before and after that period, so the performance for those versions can be inferred via interpolation.
-- The improvement in throughput in 1.3.28 was most likely caused by the addition of LTO to the default Rust bindings build.
-- Since the benches are run over a long time, noise on the machine can cause variability, and background processes can cause spikes.
-- The variability can be seen with throughput especially because it is calculated as the inverse of time taken.
-
-![historical-perf-handshake](images/historical-perf-handshake.svg)
-
-![historical-perf-throughput](images/historical-perf-throughput.svg)
-
 ## Implementation details
 
 We use Rust bindings for s2n-tls and OpenSSL. All of our benchmarks are run in Rust on a single thread for consistency.
 
@@ -1,13 +1,10 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-#[cfg(feature = "openssl")]
-use bench::OpenSslConnection;
-#[cfg(feature = "rustls")]
-use bench::RustlsConnection;
 use bench::{
     harness::TlsBenchConfig, CipherSuite, ConnectedBuffer, CryptoConfig, HandshakeType, KXGroup,
-    Mode, S2NConnection, SigType, TlsConnPair, TlsConnection, PROFILER_FREQUENCY,
+    Mode, OpenSslConnection, RustlsConnection, S2NConnection, SigType, TlsConnPair, TlsConnection,
+    PROFILER_FREQUENCY,
 };
 use criterion::{
     criterion_group, criterion_main, measurement::WallTime, BatchSize, BenchmarkGroup, Criterion,
@@ -27,25 +24,20 @@ fn bench_handshake_for_library<T>(
 {
     // make configs before benching to reuse
     let crypto_config = CryptoConfig::new(CipherSuite::default(), kx_group, sig_type);
-    let client_config = T::Config::make_config(Mode::Client, crypto_config, handshake_type);
-    let server_config = T::Config::make_config(Mode::Server, crypto_config, handshake_type);
+    let client_config =
+        T::Config::make_config(Mode::Client, crypto_config, handshake_type).unwrap();
+    let server_config =
+        T::Config::make_config(Mode::Server, crypto_config, handshake_type).unwrap();
 
     // generate all harnesses (TlsConnPair structs) beforehand so that benchmarks
     // only include negotiation and not config/connection initialization
     bench_group.bench_function(T::name(), |b| {
         b.iter_batched_ref(
             || -> Result<TlsConnPair<T, T>, Box<dyn Error>> {
-                if let (Ok(client_config), Ok(server_config)) =
-                    (client_config.as_ref(), server_config.as_ref())
-                {
-                    let connected_buffer = ConnectedBuffer::default();
-                    let client =
-                        T::new_from_config(client_config, connected_buffer.clone_inverse())?;
-                    let server = T::new_from_config(server_config, connected_buffer)?;
-                    Ok(TlsConnPair::wrap(client, server))
-                } else {
-                    Err("invalid configs".into())
-                }
+                let connected_buffer = ConnectedBuffer::default();
+                let client = T::new_from_config(&client_config, connected_buffer.clone_inverse())?;
+                let server = T::new_from_config(&server_config, connected_buffer)?;
+                Ok(TlsConnPair::wrap(client, server))
             },
             |conn_pair| {
                 // harnesses with certain parameters fail to initialize for
@@ -67,14 +59,12 @@ fn bench_handshake_with_params(
     sig_type: SigType,
 ) {
     bench_handshake_for_library::<S2NConnection>(bench_group, handshake_type, kx_group, sig_type);
-    #[cfg(feature = "rustls")]
     bench_handshake_for_library::<RustlsConnection>(
         bench_group,
         handshake_type,
         kx_group,
         sig_type,
     );
-    #[cfg(feature = "openssl")]
     bench_handshake_for_library::<OpenSslConnection>(
         bench_group,
         handshake_type,
 
@@ -1,9 +1,7 @@
 // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 // SPDX-License-Identifier: Apache-2.0
 
-#[cfg(feature = "openssl")]
 use bench::OpenSslConnection;
-#[cfg(feature = "rustls")]
 use bench::RustlsConnection;
 use bench::{
     harness::TlsBenchConfig, CipherSuite, ConnectedBuffer, CryptoConfig, HandshakeType, KXGroup,
@@ -26,25 +24,20 @@ fn bench_throughput_for_library<T>(
     T::Config: TlsBenchConfig,
 {
     let crypto_config = CryptoConfig::new(cipher_suite, KXGroup::default(), SigType::default());
-    let client_config = T::Config::make_config(Mode::Client, crypto_config, HandshakeType::default());
-    let server_config = T::Config::make_config(Mode::Server, crypto_config, HandshakeType::default());
+    let client_config =
+        T::Config::make_config(Mode::Client, crypto_config, HandshakeType::default()).unwrap();
+    let server_config =
+        T::Config::make_config(Mode::Server, crypto_config, HandshakeType::default()).unwrap();
 
     bench_group.bench_function(T::name(), |b| {
         b.iter_batched_ref(
             || -> Result<TlsConnPair<T, T>, Box<dyn Error>> {
-                if let (Ok(client_config), Ok(server_config)) =
-                    (client_config.as_ref(), server_config.as_ref())
-                {
-                    let connected_buffer = ConnectedBuffer::default();
-                    let client =
-                        T::new_from_config(client_config, connected_buffer.clone_inverse())?;
-                    let server = T::new_from_config(server_config, connected_buffer)?;
-                    let mut conn_pair = TlsConnPair::wrap(client, server);
-                    conn_pair.handshake()?;
-                    Ok(conn_pair)
-                } else {
-                    Err("invalid configs".into())
-                }
+                let connected_buffer = ConnectedBuffer::default();
+                let client = T::new_from_config(&client_config, connected_buffer.clone_inverse())?;
+                let server = T::new_from_config(&server_config, connected_buffer)?;
+                let mut conn_pair = TlsConnPair::wrap(client, server);
+                conn_pair.handshake()?;
+                Ok(conn_pair)
             },
             |conn_pair| {
                 if let Ok(conn_pair) = conn_pair {
@@ -68,13 +61,11 @@ pub fn bench_throughput_cipher_suites(c: &mut Criterion) {
             &mut shared_buf,
             cipher_suite,
         );
-        #[cfg(feature = "rustls")]
         bench_throughput_for_library::<RustlsConnection>(
             &mut bench_group,
             &mut shared_buf,
             cipher_suite,
         );
-        #[cfg(feature = "openssl")]
         bench_throughput_for_library::<OpenSslConnection>(
             &mut bench_group,
             &mut shared_buf,