RFR 8072394: Performance improvement for X.509 certificate parsing

Sean Mullan sean.mullan at oracle.com
Fri Feb 13 19:43:37 UTC 2015


This fix looks fine, but I am trying to remember why a Set/LinkedHashSet 
was used in the first place, it seem like an List/ArrayList would have 
been more suitable. Even though PolicyInformation is an internal class, 
it's probably better to not change that detail at this point unless we 
have a better reason.

Can you add a noreg-perf label to the bug?

--Sean

On 02/03/2015 05:42 AM, Florian Weimer wrote:
> The sun.security.x509.PolicyInformation constructor creates
> java.security.cert.PolicyQualifierInfo instances and adds them to a
> LinkedHashSet. PolicyQualifierInfo does not override hashCode(), so the
> default implementation based on System.identityHashCode() is used, which
> is rather slow.
>
> I addressed this by implementing an explicit, identity-based hashCode()
> using an atomic counter.  Another approach would be to replace the
> LinkedHashSet with a Set backed by an ArrayList.
>
>    <http://cr.openjdk.java.net/~fweimer/8072394/webrev.00/>
>
> Before the change, this particular call to Object#hashCode() accounted
> for 25% of all hits in hprof.
>
> My benchmark involved parsing 1,000,000 certificates from the Google
> certificate transparency log.  The benchmark times includes loading the
> DER-encoded certificates from an SQLite database.  They are quite noisy
> because the X.509 parsing code allocates heavily.
>
> R says this about this change (run time is measured in seconds):
>
>> old <- c(50.246, 51.237, 50.057, 49.611, 49.895, 49.268, 50.161,
> 49.992, 49.972, 50.380)
>> new <- c(50.386, 50.628, 49.496, 49.196, 49.581, 49.845, 50.009,
> 49.229, 48.138, 48.762)
>> t.test(old, new)
>
> 	Welch Two Sample t-test
>
> data:  old and new
> t = 1.9356, df = 16.015, p-value = 0.07077
> alternative hypothesis: true difference in means is not equal to 0
> 95 percent confidence interval:
>   -0.05278151  1.16258151
> sample estimates:
> mean of x mean of y
>    50.0819   49.5270
>
>
>


More information about the security-dev mailing list