-
Notifications
You must be signed in to change notification settings - Fork 81
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Lookup.loadCertificateOrCRLFile consumes more memory because of frequent memory allocation at Certificate.matches #86
Comments
believe this is right, added any ideas on reducing |
@kares I was thinking about this. bit hard without caching. as well, just an idea and on a first glance I hope it sound reasonable ;) |
@mkristian good point, although we might need to look into how |
@frsyuki if possible could you guys try a --pre release from https://oss.sonatype.org/content/repositories/snapshots/rubygems/jruby-openssl/0.9.17.dev-SNAPSHOT/ ... did an experiment to only use BC certificate's |
seems like its caused by extensive memory use with BC 1.54 where they need the provider to be registered. |
This is fixed, isn't it? |
@headius yep it should be, thanks |
Overview
x509.getSubjectX500Principal()
method. This method internally encodes aux certificate using Bouncy Castle's ASN1OutputStream.Background
We upgraded JRuby 9.0.0.0 to 9.0.5.0 and found that our application started consuming much more memory. This application uses httpclient.gem to fetch data from HTTPS server. Here is its code:
https://github.com/treasure-data/embulk-input-sfdc/blob/master/lib/embulk/input/sfdc_api/api.rb
Here is a screenshot of memory profiler:
This shows that 9.0.5.0 allocates objects more frequently and triggers GC frequently (2x - 3x more frequent).
Memory profiler shows that under
Lookup.loadCertificateOrCRLFile
method, JRuby 9.0.0.0 doesn't allocate many objects but 9.0.5.0 allocates many objects atStore.addCertificate
in addition to regular allocation atPEMInputOutput.readPEM
:Under
Store.addCertificate
, following stack is allocating majority of objects:I think that Store.matchedObject method is just a lookup method but X509AuxCertificate.getSubjectX500Principal is allocating many objects unexpectedly.
Expected behavior
I think that Store.matchedObject or Certificate.matches can cache the result of
X509AuxCertificate.getSubjectX500Principal()
to reduce object allocation.Workaround
Memory allocation becomes much less frequent if I add
jruby.openssl.x509.lookup.cache=8
system property:But this option is disabled by default now.
The text was updated successfully, but these errors were encountered: