Websocket handshake perf

[BrennanConroy]

Found a couple spots we could avoid allocating in the websocket handshake.

Would like @blowdart and @Tratcher to take a look to make sure I'm not doing something completely wrong here.

Before:

Method	Mean	Error	StdDev	Op/s	Gen 0	Allocated
CreateResponseKey	1,118.31 ns	20.799 ns	19.455 ns	894,207.5	0.1373	5360 B
IsRequestKeyValid	92.56 ns	1.761 ns	2.163 ns	10,803,358.7	0.0095	400 B

After:

Method	Mean	Error	StdDev	Op/s	Gen 0	Allocated
CreateResponseKey	966.29 ns	18.022 ns	15.976 ns	1,034,883.1	0.0763	3520 B
IsRequestKeyValid	54.61 ns	1.089 ns	1.878 ns	18,311,386.7	-	0 B

With caching SHA1:

Method	Mean	Error	StdDev	Op/s	Gen 0	Allocated
CreateResponseKey	497.52 ns	9.885 ns	10.576 ns	2,009,951.4	0.0153	800 B

[BrennanConroy]

This was odd, nothing in the RFC says this is valid.
Should we check that there is only one value?

[Tratcher]

You're now using the implicit string converter that does the same thing here.

A multi-value header will fail the normal parse if there are multiple values anyways, don't worry about it.

[davidfowl]

Is it allocating right now even for a single value?

[halter73]

Is it allocating right now even for a single value?

No.

[Tratcher]

What's the return value if temp is too small?

[BrennanConroy]

false

[Tratcher]

You're now using the implicit string converter that does the same thing here.

A multi-value header will fail the normal parse if there are multiple values anyways, don't worry about it.

[davidfowl]

Is this the right behavior? a 500?

[Tratcher]

Probably. We don't know why it would fail and would have to debug it when it did.

[davidfowl]

This should be a 400 but we can wait until it happens 😄

[BrennanConroy]

@blowdart Is caching SHA1 ok? I know it's reusable, I'm just wondering if the OS resource usage is ok to keep around.

[Tratcher]

So this ends up allocating one for every threadpool thread and they live for the lifetime of the app? That's not great.

[blowdart]

@bartonjs for his thoughts

[bartonjs]

SHA-1 state is 96 bytes. Even if you assume a couple of layers of indirection and metadata it shouldn't be all that large.

The other main alternative would be a static ConcurrentBag for pooling (or going back to a new one per request).

[davidfowl]

We already pool to ton of stuff like this and the savings seem significant.

[BrennanConroy]

Pooling this gave a 2x gain, so the layers of indirection seem pretty heavy.

[BrennanConroy]

What do we want to do here? Go back to the slow path and create a new SHA1 every request, keep the ThreadStatic, or maintain a small pool using something like ConcurrentBag and creating a temporary new one if the pool is empty?

[BrennanConroy]

New perf numbers in original comment :D

[bartonjs]

At 24 + 36 bytes I don't know if it would be faster to use IncrementalHash with two calls to AppendData or to do the copy (probably doing this copy).

You might see perf improvement from using IncrementalHash anyways, if you happen to be at a level where you can notice a 3us difference.

[BrennanConroy]

I'll check this out

[BrennanConroy]

Tried it out and it looked slower

[gfoidl]

Is there any chance for an exception left in this code-path?

Convert.TryFromBase64String throws if value-argument is null, but this case is already eliminated in L98 here.
So you could remove the try-catch, resulting in smaller code.

Actually I would write this method as

public static bool IsRequestKeyValid(string value)
{
    ReadOnlySpan<char> chars = value.AsSpan();

    if (chars.IsEmpty)
    {
        return false;
    }

    Span<byte> temp = stackalloc byte[16];
    var success = Convert.TryFromBase64Chars(chars, temp, out int written);

    // RyuJIT produces better code than the other way round: success && written == 16
    return written == 16 && success;
}

Maybe: to get even more perf, one could skip the base64-decoding step, and just check if the chars.Length == 16 and if the chars are in the base64-alphabet, so no need to perform the actual decoding. This step could also be vectorized. But maybe that's a bit of over-engineering.

[gfoidl]

If written == 16, so for base64 the input-length must be 24. Hence one could write

ReadOnlySpan<char> chars = value.AsSpan();

if (chars.Length != 24)
{
    return false;
}

So the entire decoding-step is omitted if the result (written) can't be 16.

[BrennanConroy]

Maybe: to get even more perf, one could skip the base64-decoding step, and just check if the chars.Length == 16 and if the chars are in the base64-alphabet, so no need to perform the actual decoding.

I'm assuming you meant chars.Length == 24. Can't do this because a 17 and 18 byte string will also be 24 bytes when encoded. Unless you also want to check for the trailing "==", but I think at this point we're trying too hard.

I'm going to stick with Convert.TryFromBase64Chars for now, but I'll look at the other feedback :)

[gfoidl]

I'm assuming you meant chars.Length == 24

Yep, typed wrong in the first comment.

Can't do this because a 17 and 18 byte string will also be 24 bytes when encoded.

Maybe I missunderstand something now, but the string is encoded and we try to decode it, then check if the decoded data (byte) is of size 16.
So the other way round this means, 16 data bytes -> 24 base64 encoded utf8-bytes.
And for base64 the encoded length is always a multiple of 4.

Thus if chars.Length != 24 we know that the decoded data won't be 16 bytes, so we can short-circuit the method and return false. No need to try to decode the input.

If chars.Length == 24 we can try to decode, then check if written == 16.

Ahhhhh, now I see that in my previous comment it may look like the entire method. It's just a fragment. Sorry.

So I mean:

public static bool IsRequestKeyValid(string value)
{
    ReadOnlySpan<char> chars = value.AsSpan();

    if (chars.Length != 24)
    {
        return false;
    }

    Span<byte> temp = stackalloc byte[16];
    var success = Convert.TryFromBase64Chars(chars, temp, out int written);

    return written == 16 && success;
}

If you want I could submit a PR for the vectorized version (next week).

[gfoidl]

Move these exceptions out of the hot-path into ThrowHelper-methods?

[BrennanConroy]

🆙 📅
Removed SHA1 caching to make the PR more enticing :D

[halter73]

What if this is called with a requestKey that isn't 24 bytes? Should we check the return value of GetBytes?

[BrennanConroy]

"requestKey is already verified to be small (24 bytes) by 'IsRequestKeyValid()' and everything is 1:1 mapping to UTF8 bytes"

[BrennanConroy]

@aspnet-hello triage https://dev.azure.com/dnceng/public/_build/results?buildId=389131&view=logs

[aspnet-hello]

This comment was made automatically. If there is a problem contact [email protected].

I've triaged the above build. I've created/commented on the following issue(s)
https://github.com/aspnet/AspNetCore-Internal/issues/3128
https://github.com/aspnet/AspNetCore-Internal/issues/3168
https://github.com/aspnet/AspNetCore-Internal/issues/2483

[jkotalik]

@BrennanConroy ping