RFR: 8285398: Cache the results of constraint checks

Xue-Lei Andrew Fan xuelei at openjdk.java.net
Sat Apr 23 15:00:15 UTC 2022


On Thu, 21 Apr 2022 19:58:39 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:

> Profiling the TLS handshakes using SSLHandshake benchmark shows that a large portion of time is spent in HandshakeContext initialization, specifically in DisabledAlgorithmConstraints class.
> 
> There are only a few instances of that class, and they are immutable. Caching the results should be a low-risk operation.
> 
> The cache is implemented as a softly reachable ConcurrentHashMap; this way it can be removed from memory after a period of inactivity. Under normal circumstances the cache holds no more than 100 algorithms.

src/java.base/share/classes/sun/security/util/DisabledAlgorithmConstraints.java line 105:

> 103:     private final Set<String> disabledAlgorithms;
> 104:     private final Constraints algorithmConstraints;
> 105:     private volatile SoftReference<Map<String, Boolean>> cacheRef =

It looks like a one-clear-for-all mechanism.  Once the clearing happens, the full map will be collected.  For SoftReferences, it clears them fairly eagerly.  Maybe, the performance could be further improved in practice by using soft reference for each map entry (See sun.security.util.Cache code for an example). 

I will have another look next week.

-------------

PR: https://git.openjdk.java.net/jdk/pull/8349



More information about the security-dev mailing list