RFR: 8270317: Large Allocation in CipherSuite
Clive Verghese
cverghese at openjdk.java.net
Wed Jul 21 23:58:15 UTC 2021
On Wed, 14 Jul 2021 17:06:02 GMT, Clive Verghese <cverghese at openjdk.org> wrote:
> ### Benchmark results
>
> I have benchmarked 3 cases.
>
> 1. The current situation.
>
> Benchmark (cipherSuite) Mode Cnt Score Error Units
> CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 avgt 25 124.783 ? 2.050 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 avgt 25 125.403 ? 0.554 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 avgt 25 127.117 ? 0.789 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA avgt 25 127.869 ? 1.112 ns/op
>
>
> 2. Use `static final array` instead of calling `CipherSuite.values` each time.
>
> Benchmark (cipherSuite) Mode Cnt Score Error Units
> CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 avgt 25 10.146 ? 0.252 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 avgt 25 30.501 ? 0.207 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 avgt 25 47.375 ? 0.150 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA avgt 25 55.887 ? 3.786 ns/op
>
>
> 3. Using Hashmap for lookup instead of iterating through the array each time. (Method in this PR)
>
> Benchmark (cipherSuite) Mode Cnt Score Error Units
> CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 avgt 25 13.533 ? 0.148 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 avgt 25 11.269 ? 0.147 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 avgt 25 11.507 ? 0.107 ns/op
> CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA avgt 25 10.932 ? 0.146 ns/op
>
>
> I have picked 4 cipher suite from the start of the list and are roughly 10 positions apart. I have opted to go with HashMap for name and id lookup as they provide a more consistent times and benchmarks are similar for the first few cipher suits in the enum as well.
Updated Benchmarks in Throughput mode
### Current
Benchmark (cipherSuite) Mode Cnt Score Error Units
CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 thrpt 25 8050.787 ? 232.335 ops/ms
CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 thrpt 25 8165.124 ? 283.718 ops/ms
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 thrpt 25 7827.758 ? 293.311 ops/ms
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA thrpt 25 7768.286 ? 181.399 ops/ms
### ArrayList
Benchmark (cipherSuite) Mode Cnt Score Error Units
CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 thrpt 25 100.626 ? 0.294 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 thrpt 25 32.793 ? 0.804 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 thrpt 25 21.162 ? 0.217 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA thrpt 25 18.220 ? 0.903 ops/us
### Hashmap
Benchmark (cipherSuite) Mode Cnt Score Error Units
CipherSuiteBench.benchmarkCipherSuite TLS_AES_256_GCM_SHA384 thrpt 25 63.836 ? 4.517 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 thrpt 25 69.983 ? 8.965 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 thrpt 25 68.091 ? 7.404 ops/us
CipherSuiteBench.benchmarkCipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA thrpt 25 52.831 ? 4.317 ops/us
I am currently looking into the JFR profiles to identify why there is a difference in benchmarks with regards the different cipher suits in the current version vs the arraylist.
-------------
PR: https://git.openjdk.java.net/jdk/pull/4783
More information about the security-dev
mailing list