Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork32.2k
Description
Bug report
Bug description:
Event loops like uvloop, asyncio use nonblocking ssl. They typically
- read data from the socket when epoll returns that it is ready
- push data to the incoming MemoryBIO
- read from SSLObject until SSLWantReadError is thrown
- pass read data to the application protocol
when peers are exchanging relatively small messages, SSLObject.read is typically called 2 times . First call returns data, second - throws SSLWantReadError
perf shows that the second call is almost as expensive as the first call because of time spent on constructing new exception object.
Is it possible to optimize exception object creation for the second call?
I tried to avoid the second call by analyzing MemoryBIO.pending and SSLObject.pending values but they can't always reliably tell that we have to wait for more data.
For example, it is possible that incoming MemoryBIO.pending > 0, SSLObject.pending == 0. We call SSLObject.read and it throws because incoming MemoryBIO doesn't have the full ssl frame yet.
Example echo client that replicates internal logic in asyncio/uvloop:
importsocketimportsslimportselectfromtypingimportOptionalssl_context=ssl.create_default_context()ssl_context.check_hostname=Falsessl_context.verify_mode=ssl.CERT_NONEep=select.epoll(2)incoming=ssl.MemoryBIO()outgoing=ssl.MemoryBIO()sock:Optional[socket.socket]=Nonessl_sock:Optional[ssl.SSLObject]=Nonedefwait_data():ep.poll()try:whileTrue:chunk=sock.recv(1024)incoming.write(chunk)exceptBlockingIOError:passdefwait_data_until_ssl_read_succeed():data=bytearray()try:wait_data()# while ssl_sock.pending() > 0 or incoming.pending > 0:whileTrue:data+=ssl_sock.read()exceptssl.SSLWantReadError:passreturndatawithsocket.socket(socket.AF_INET,socket.SOCK_STREAM)assock:ep.register(sock.fileno(),select.EPOLLIN)ssl_sock=ssl_context.wrap_bio(incoming,outgoing,server_hostname='localhost')sock.connect(('127.0.0.1',25000))sock.setblocking(False)handshake_complete=Falsemessage_sent=Falsemsg=b"a"*256# do handshakewhileTrue:try:ssl_sock.do_handshake()breakexceptssl.SSLWantReadErrorasex:ifoutgoing.pending>0:chunk=outgoing.read(outgoing.pending)sock.send(chunk)wait_data()# send message and wait for replywhileTrue:ssl_sock.write(msg)chunk=outgoing.read(outgoing.pending)sock.send(chunk)data=wait_data_until_ssl_read_succeed()# print(data)
Perf output:
17.41% 0.25% 43 python _ssl.cpython-314-x86_64-linux-gnu.so [.] _ssl__SSLSocket_read | --17.16%--_ssl__SSLSocket_read | |--8.09%--SSL_read_ex | | | --7.74%--0x7b1fbef883f9 | | | |--4.83%--0x7b1fbefadc22 | | | | | |--0.93%--0x7b1fbefa6919 | | | | | | | --0.90%--EVP_DecryptUpdate | | | | | | | --0.90%--0x7b1fbec90c8b | | | | | | | --0.87%--0x7b1fbec90b45 | | | | | |--0.79%--0x7b1fbefa64a5 | | | | | | | --0.61%--EVP_CIPHER_CTX_get_iv_length | | | | | |--0.72%--0x7b1fbefa6721 | | | | | | | --0.60%--EVP_CipherInit_ex | | | | | |--0.57%--0x7b1fbefa6750 | | | | | --0.52%--0x7b1fbefa68f0 | | | |--1.13%--0x7b1fbefadf94 | | | | | --0.52%--0x7b1fbefac3c7 | | | --0.68%--0x7b1fbefad750 | |--6.21%--PySSL_SetError.constprop.0 | | | --5.17%--fill_and_set_sslerror | | | |--2.83%--PyUnicode_FromFormat | | | | | --2.54%--unicode_from_format | | | | | --1.23%--__sprintf_chk | | __vsprintf_internal | | | | | --0.99%--__vfprintf_internal | | | --1.01%--PyObject_SetAttr | | | --0.98%--PyObject_GenericSetAttr | | | --0.52%--_PyObjectDict_SetItem | --0.60%--SSL_get_errorTo reproduce you would need some ssl echo server running on localhost 25000 port. After you have started it, run echo client code under perf.
$ perf record -F 999 -g --call-graph lbr --user-callchains -- python echo_client.py$ perf report -G -n --stdioLet it work for 15 seconds and then press Ctrl-C
CPython versions tested on:
CPython main branch
Operating systems tested on:
Linux