Use std::shared_ptr for variable resolution

AnchoredSetVariable::resolve is called for every rule (see RuleWithOperator::evaluate). The previous implementation allocated a new copy of every variable, which quickly added up. In my tests, AnchoredSetVariable::resolve function consumed 7.8% of run time. AnchoredSetVariable (which is a multimap) values are never changed, only added. This means it's safe to store them in std::shared_ptr, and make resolve return shared_ptr pointing to the same object. Other resolve implementation could also use this optimization by not allocating new objects, however, they are not hot spots, so this optimization was not implemented there. In my benchmark, this raises performance from 117 requests per second to 131 RPS, and overhead is lowered from 7.8% to 2.4%. As a bonus, replacing plain pointer with smart pointers make code cleaner, since using smart pointers makes manual deletes no longer necessary. Additionally, VariableOrigin is now stored in plain std::vector, since it's wasteful to store structure containing just two integer values using std::list<std::unique_ptr<T>>.
2025-11-16 01:22:18 +03:00 · 2020-07-28 18:46:03 +03:00
parent bff82cd80d
commit 6528c95765
56 changed files with 265 additions and 377 deletions
--- a/test/test-cases/data/big-file.conf
+++ b/test/test-cases/data/big-file.conf
@@ -192,7 +192,7 @@ SecRule REQUEST_FILENAME|ARGS "@pm test5" \
 	tag:'PCI/6.5.4',\
 	logdata:'Matched Data: %{TX.0} found within %{MATCHED_VAR_NAME}: %{MATCHED_VAR}',\
 	severity:'CRITICAL',\
-	setvar:'tx.msg=%{rule.msg}',\
+	setvar:'tx.msg=%{rule.id}',\
 	setvar:tx.lfi_score=+%{tx.critical_anomaly_score},\
 	setvar:tx.anomaly_score=+%{tx.critical_anomaly_score},\
 	setvar:tx.%{rule.id}-OWASP_CRS/WEB_ATTACK/FILE_INJECTION-%{matched_var_name}=%{tx.0}"