-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Improve HTTP validation for inlining and specialized types #5392
base: 4.x
Are you sure you want to change the base?
Conversation
e9327f2
to
9101b8f
Compare
I've had some fun with assembly and reading the RFC and I'm going to push a major improvement on this, turning this in draft first |
TLDR
I think that I could have further exploded the original state machine and let the hotspot JVM to do it right (if able!), but sadly native image isn't that smart and I prefer to keep it like this as it looks more like what Netty do, but with a less strict fallback. Performance on Hotspot look great, compare to what it was (I will post something home back to my desk), while I can wait @galderz to valide this (I have added a benchmark on purpose, which could be reused) on native image - 🤞 |
f898476
to
818cee8
Compare
I have pushed e4f4342 and verified it holds from jdk 17 to main. It solves a problem of "untrusted" types like AsciiString: since the JVM cannot trust offset and end vs arrays boundaries, it would perform additional computations to perform bound checks. This explain both why Strings are better performers and why Netty value validation was faster: due to a bug of the Netty version (I will send a pr to fix it, since it looks like a potential security issue) the loop variables trigger a better JVM optimization. |
95a8246
to
12dbc57
Compare
Any chance you looked into the code @vietj ? |
early next week @franz1981 |
scheduled for 4.5.12 @franz1981 |
These changes have a positive impact on native. Before PR:
After PR:
The big winner is |
This change is mostly to improve native-image performance on validation due to closed-world assumption which lead to virtual calls while reading the chars to validate and no loop unrolling during validation.
Additionally, it takes care of moving out of the hot path unlikely validation scenarios for http header values e.g. presence of CRLF or non-printable control chars: this should help JVM mode as well.
Another thing which can help, despite the duplicated code, is the specialized latin head name validation because doesn't require to turn
byte
intochar
s forAsciiString
.Without this change the validation of ASCII heard names was slower than normal strings!
FYI @galderz