286643 - Eliminate unnecessary memory zeroing for performance

Status: RESOLVED FIXED

(NSS :: Libraries, defect, P1)

Description

[Julien Pierre]

In environments in which performance is all that matters, PORT_ZFree could
dispense with the memset call. Due to the frequency of allocations and
deallocations in NSS and its softoken, this is a performance win in SSL benchmarks.

Comment 1

[Julien Pierre]

Attachment: don't memset in PORT_ZFree

Comment 2

[Julien Pierre]

We should make that runtime-configurable, once util is in a shared library.

Comment 3

[Nelson Bolyard (seldom reads bugmail)]

We cannot check this into NSS 3.11. 
We have it checked in on the Performance hacks branch, and it is one of
the things that needs to be resolved now, as part of migrating the code
from the branch to the trunk.

There are places that really need to zero a buffer and free it.
The right way for them to do that, IMO, is to call PORT_ZFree.
PORT_ZFree should zero the memory and then free it.

Therefore, rather than disabling PORT_ZFree's ability to zero memory,
we should find the places that unnecessarily zero memory, that is,
the places that should call PORT_Free rather than PORT_ZFree, and 
change them to call PORT_Free instead.  

Doing that in Freebl should be a top priority for 3.11 (one of several :)

Comment 4

[Saul Edwards]

Removing the memset from PORT_ZFree altogether currently gives us 3.5% on
specweb.  Therefore, we need to assess which parts of the SSL socket structures
need to be zeroed (because they contain key material or messages in plaintext
form) and which we can skip.  Nelson, please attach your analysis.

Comment 5

[Julien Pierre]

Per our meeting today, this was fixed.