Last Comment Bug 441355 - Avoid NSS initialization on startup
: Avoid NSS initialization on startup
Status: NEW
[ts]
: mobile, perf
Product: Core
Classification: Components
Component: General (show other bugs)
: Trunk
: All All
P1 normal with 11 votes (vote)
: ---
Assigned To: Ryan Flint [:rflint] (ping via IRC for reviews)
:
:
Mentors:
Depends on: 462807
Blocks: 447581
  Show dependency treegraph
 
Reported: 2008-06-23 11:21 PDT by Robert Sayre
Modified: 2014-06-29 18:34 PDT (History)
29 users (show)
vladimir: wanted1.9.2+
vladimir: wanted1.9.1-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
wanted


Attachments

Description User image Robert Sayre 2008-06-23 11:21:35 PDT
Initializing NSS on startup is i/o heavy and results in tons of syscalls to initialize the various PRNGs etc. My understanding is that the reason we're doing this is for the update service and antiphishing. We should be able to avoid these two cases until after the homepage is up.
Comment 1 User image Damon Sicore (:damons) 2008-06-23 13:18:32 PDT
Sayre, is this something we can get in 1.9.1?
Comment 2 User image Robert Sayre 2008-06-23 13:23:33 PDT
I don't know.
Comment 3 User image Dave Camp (:dcamp) 2008-06-23 13:32:05 PDT
Safebrowsing uses NSS to hash urls during the lookup process.  I don't see any reason why this should require initializing all of NSS, so maybe that initialization could be split out somehow.

Otherwise we'd have to avoid malware checks at startup, which seems like a bad idea.
Comment 4 User image Stuart Parmenter 2009-02-05 15:15:59 PST
taras, did you look at this at all?
Comment 5 User image (dormant account) 2009-02-05 15:41:26 PST
(In reply to comment #4)
> taras, did you look at this at all?

Briefly, I know it shows up in the fstat log, but I haven't investigated why and what can be done about it in detail. The code did not seem easy to modify I ran for the hills towards easier optimizations.
Comment 6 User image Robert Sayre 2009-02-05 15:59:58 PST
It's because it rummages around /tmp looking for "entropy". Graydon would be happy to tell you all about it.
Comment 7 User image Graydon Hoare :graydon 2009-02-05 16:49:23 PST
See bug 96058 and bug 338601, and the associated trail of sorrow in bug 322529 ... there are others.
Comment 8 User image Vladimir Vukicevic [:vlad] [:vladv] 2009-06-03 15:21:31 PDT
The core issue is NSS rummaging around temp files; I don't think we need to avoid initializing NSS at all, but we should use OS-provided randomness for init if it exists, especially on win32.  Doing the temp file trawling is taking > 500ms for me on a cold startup of firefox under win7.
Comment 9 User image Brendan Eich [:brendan] 2009-06-03 21:45:12 PDT
(In reply to comment #8)
> The core issue is NSS rummaging around temp files; I don't think we need to
> avoid initializing NSS at all, but we should use OS-provided randomness for
> init if it exists, especially on win32.  Doing the temp file trawling is taking
> > 500ms for me on a cold startup of firefox under win7.

Is this not bug 338601 ? It's still open and the last comment's questions (from me) haven't been answered. Please rattle cages there if it's the right bug.

/be
Comment 10 User image Brendan Eich [:brendan] 2009-07-10 09:34:19 PDT
(In reply to comment #8)
> The core issue is NSS rummaging around temp files; I don't think we need to
> avoid initializing NSS at all,

Some replies to this part of Vlad's comment showed up in bug 501605.

/be
Comment 11 User image Nelson Bolyard (seldom reads bugmail) 2009-07-10 09:43:55 PDT
When Firefox is launched, one process starts (which, IINM, does profile 
selection).  It then starts a second process which ultimately acts as the 
browser.  In FF 3.5, BOTH processes fully initialize NSS, which means NSS 
gets initialized TWICE before the user's window appears.

It's unclear why NSS needs to be initialized in that first process.  
I suspect that NSS is not actually needed in that first process, and if not
then avoiding the initialization in the process completely will result in 
significant time savings.
Comment 12 User image :Gavin Sharp [email: gavin@gavinsharp.com] 2009-07-10 09:58:50 PDT
(In reply to comment #11)
> When Firefox is launched, one process starts (which, IINM, does profile 
> selection).  It then starts a second process which ultimately acts as the 
> browser.

That's not quite accurate. We will occasionally restart during startup, but only when new components need registering (e.g. after you've installed/updated an extension, first startup of Firefox, etc.). If you're seeing that behavior frequently, that's a bug.
Comment 13 User image Nelson Bolyard (seldom reads bugmail) 2009-07-10 14:30:32 PDT
If the user has enabled the profile selection dialog at startup (as I do), 
he ALWAYS gets that restart behavior.  

But my observation in comment 11 is based on the procmon logs attached to 
bug 501605.  Maybe its a bug, but users are experiencing it, as shown in 
those logs.
Comment 14 User image Dietrich Ayala (:dietrich) 2009-08-26 09:03:22 PDT
The software update ping and safebrowsing (per dcamp's earlier comment) both init NSS. Basically, anyone making https connections before first page load should be delayed if at all possible.
Comment 15 User image Dietrich Ayala (:dietrich) 2009-08-26 09:06:56 PDT
Ryan, can you figure out exactly where NSS is being initialized before BrowserStartup() returns? Once we know that, we can evaluate the actual cost of moving NSS init out of the startup path.
Comment 16 User image Ryan Flint [:rflint] (ping via IRC for reviews) 2009-08-27 15:35:53 PDT
From what I've seen, we're not initializing NSS until after BrowserStartup() and it's safebrowsing that's doing it (in nsUrlClassifierDBService::Init()). However, we don't fully initialize that until 2s after startup (http://mxr.mozilla.org/mozilla-central/source/browser/components/safebrowsing/content/sb-loader.js#40) - which could impact us if we're still loading content. Ideally we'd do something like comment 3 and split out the hashing algorithms we need.
Comment 17 User image Dietrich Ayala (:dietrich) 2009-10-14 14:37:03 PDT
When does the first software update ping occur? Maybe that's what the reporter and Nelson were seeing? How about if a user is restoring a session with an https page?

Note You need to log in before you can comment on or make changes to this bug.