[
https://issues.apache.org/jira/browse/SLING-12616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sagar Miglani updated SLING-12616:
----------------------------------
Description:
We conducted a test which measures the performance of making 100 HTTP GET
requests to a specific page in AEM.
We used 2 AEM instances for this test and only difference in the 2 AEM
instances is the version of sling.xss bundle.
# Instance 1 is using sling.xss bundle version 2.2.16
# Instance 2 is using sling.xss bundle version 2.4.0
The results revealed a 15-25% performance degradation in AEM which is using
2.4.0 version of sling.xss bundle.
The degrade in performace seems to be introduced in v2.3.x of sling.xss.
And root cause seems to be the changes in {{XSSAPI.getValidHref}} API [0]
It seems that in each {{XSSAPI.getValidHref}} calls
{{Attribute.getPatternList}} down in the call stack which is calling
{{Regexp::getPattern}} [1] method and this {{getPattern}} method is compiling
the provided pattern again and again in each isValidHref call.
JRE used for AEM and running the tests:
{code:xml}
java version "17.0.6" 2023-01-17 LTS
Java(TM) SE Runtime Environment (build 17.0.6+9-LTS-190)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode, sharing)
{code}
Following is the profiler screenshot of instance 1:
!AEM_instance_2.2.16.png|height=100,width=250!
Followings are the profiler screenshot of instance 2:
!AEM_instance_2.4.0_ss1.png|height=100,width=250!
!AEM_instance_2.4.0_ss2.png|height=100,width=250!
[0]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L178
[1]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Attribute.java#L98
[2]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Regexp.java#L47
was:
We conducted a test which measures the performance of making 100 HTTP GET
requests to a specific page in AEM.
We used 2 AEM instances for this test and only difference in the 2 AEM
instances is the version of sling.xss bundle.
# Instance 1 is using sling.xss bundle version 2.2.16
# Instance 2 is using sling.xss bundle version 2.4.0
The results revealed a 15-25% performance degradation in AEM which is using
2.4.0 version of sling.xss bundle.
The degrade in performace seems to be introduced in v2.3.x of sling.xss.
And root cause seems to be the changes in {{XSSAPI.getValidHref}} API [0]
It seems that in each {{XSSAPI.getValidHref}} calls
{{Attribute.getPatternList}} down in the call stack which is calling
{{Regexp::getPattern}} [1] method and this {{getPattern}} method is compiling
the provided pattern again and again in each isValidHref call.
JRE used for AEM and running the tests:
{code:xml}
java version "17.0.6" 2023-01-17 LTS
Java(TM) SE Runtime Environment (build 17.0.6+9-LTS-190)
Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode, sharing)
{code}
Following is the profiler screenshot of instance 1:
!AEM_instance_2.2.16.png|thumbnail!
Followings are the profiler screenshot of instance 2:
!AEM_instance_2.4.0_ss1.png|thumbnail!
!AEM_instance_2.4.0_ss2.png|thumbnail!
[0]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L178
[1]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Attribute.java#L98
[2]:
https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Regexp.java#L47
> Performance improvement in Sling XSS bundle
> -------------------------------------------
>
> Key: SLING-12616
> URL: https://issues.apache.org/jira/browse/SLING-12616
> Project: Sling
> Issue Type: Improvement
> Components: XSS Protection API
> Affects Versions: XSS Protection API 2.3.2
> Reporter: Sagar Miglani
> Priority: Major
> Attachments: AEM_instance_2.2.16.png, AEM_instance_2.4.0_ss1.png,
> AEM_instance_2.4.0_ss2.png
>
>
> We conducted a test which measures the performance of making 100 HTTP GET
> requests to a specific page in AEM.
> We used 2 AEM instances for this test and only difference in the 2 AEM
> instances is the version of sling.xss bundle.
> # Instance 1 is using sling.xss bundle version 2.2.16
> # Instance 2 is using sling.xss bundle version 2.4.0
> The results revealed a 15-25% performance degradation in AEM which is using
> 2.4.0 version of sling.xss bundle.
> The degrade in performace seems to be introduced in v2.3.x of sling.xss.
> And root cause seems to be the changes in {{XSSAPI.getValidHref}} API [0]
> It seems that in each {{XSSAPI.getValidHref}} calls
> {{Attribute.getPatternList}} down in the call stack which is calling
> {{Regexp::getPattern}} [1] method and this {{getPattern}} method is compiling
> the provided pattern again and again in each isValidHref call.
> JRE used for AEM and running the tests:
> {code:xml}
> java version "17.0.6" 2023-01-17 LTS
> Java(TM) SE Runtime Environment (build 17.0.6+9-LTS-190)
> Java HotSpot(TM) 64-Bit Server VM (build 17.0.6+9-LTS-190, mixed mode,
> sharing)
> {code}
> Following is the profiler screenshot of instance 1:
> !AEM_instance_2.2.16.png|height=100,width=250!
> Followings are the profiler screenshot of instance 2:
> !AEM_instance_2.4.0_ss1.png|height=100,width=250!
> !AEM_instance_2.4.0_ss2.png|height=100,width=250!
> [0]:
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java#L178
> [1]:
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Attribute.java#L98
> [2]:
> https://github.com/apache/sling-org-apache-sling-xss/blob/563ec6c9b57014a02b0f9cf1f7803d7ce76fad70/src/main/java/org/apache/sling/xss/impl/xml/Regexp.java#L47
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
