[Bug 66294] New: Util.getContextClassLoader() can be a hotspot

Tue, 04 Oct 2022 03:20:42 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=66294

            Bug ID: 66294
           Summary: Util.getContextClassLoader() can be a hotspot
           Product: Tomcat 9
           Version: 9.0.65
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: regression
          Priority: P2
         Component: EL
          Assignee: dev@tomcat.apache.org
          Reporter: mxhen...@amazon.de
  Target Milestone: -----

Created attachment 38401
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=38401&action=edit
Benchmark which shows performance difference between getting class loader
with/without privileges

In our application Util.getContextClassLoader() is a hotspot with almost all
the cost coming from AccessController.doPrivileged. By adding instrumentation
we've confirmed that the native implementation of AccessController.doPrivileged
itself and not PrivilegedGetTccl.run() is expensive. In an example request to
our application we had 17000 calls to Util.getContextClassLoader() and recorded
this CPU time in the methods:
0.682 ms for javax.el.Util$PrivilegedGetTccl.run()
27.800 ms for javax.el.Util.getContextClassLoader()

This potential hotspot was introduced four years ago when a change was made to
get the context class loader of the Thread with privileges enabled:
https://bz.apache.org/bugzilla/show_bug.cgi?id=62080

We'd like to fix this hotspot by calling
Thread.currentThread().getContextClassLoader() without privileges enabled
again. This would be a revert of the change here:
https://github.com/apache/tomcat/commit/7c359957f0b600b92e964b1a2497374e6cac4bc3#diff-f5b7c13f66b3d070a6b1c1713ad4b60fd70b26f579a746edc8fe9f19109243b2L93
Since this change addressed a rare bug, we probably have to make this change
backwards compatible by adding a configuration switch.

I have also included a basic benchmark which compares the performance of the
two approaches. The benchmark shows a difference by factor 100. I ran the
benchmark with JDK 8 and 11.

Since SecurityManager and related functionality are on track to deprecation,
this change may be mandatory in the future, irrespective of the performance
benefit:
https://openjdk.org/jeps/411

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to