Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re^14: Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?

by dave_the_m (Prior)
on Dec 22, 2016 at 22:14 UTC ( #1178396=note: print w/replies, xml ) Need Help??


in reply to Re^13: Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?
in thread Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?

You might just as well send a request that contains a 100 billion headers
Ok, I give up.

The whole point of a complexity attack is that you can produce the same bad effects of sending a 100 billion headers to a server by just sending a couple of Kbyte's worth instead.

Dave.

  • Comment on Re^14: Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?

Replies are listed 'Best First'.
Re^15: Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?
by grantm (Parson) on Dec 23, 2016 at 00:10 UTC

    Dave

    Thank you for trying so hard and so patiently to inject facts into this thread. The irony of you being accused of making inflammatory statements is rich. Thanks for all your great work on Perl, some of us really appreciate it.

    Grant

      Thanks for all your great work on Perl, some of us really appreciate it.

      And so do I. Which is why he has always commanded my utmost respect for his willingness to interact with us mere mortals in this forum.

      Even when he has not responded in kind. Even in this thread, I congratulated him for his continued, valued, expert contributions.

      But he didn't create the code in question. I'm not questioning him or his frankly amazing, ongoing contributions to Perl; but rather the code produced by a third party, that for some reason he feels the need to defend.

      ... inject facts into this thread. The irony ...

      Irony indeed. From the pop-up expert who has an overall posting rate of 0.12 posts per day; but who's contribution rate for the last 3 years has been 0.00737 posts/day.

      "Facts" require evidence; none of which has been provided. Look up the word "hearsay". Dave_the_M has my utmost respect; but not hero worship.

      If he treated me with the same respect I've afforded him; this subthread would not exist.


      With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      "Science is about questioning the status quo. Questioning authority". The enemy of (IT) success is complexity.
      In the absence of evidence, opinion is indistinguishable from prejudice.
Re^15: Our perl/xs/c app is 30% slower with 64bit 5.24.0, than with 32bit 5.8.9. Why?
by BrowserUk (Pope) on Dec 22, 2016 at 22:53 UTC
    Ok, I give up.

    Good. Until someone demonstrates an exploit, end-to-end, with realistic data and scenario, I'll value my own analysis over suspect theoretical speculation and retain and express my opinion based upon that analysis.


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority". The enemy of (IT) success is complexity.
    In the absence of evidence, opinion is indistinguishable from prejudice.
      Good. Until someone demonstrates an exploit, end-to-end, with realistic data and scenario, I'll value my own analysis over suspect theoretical speculation and retain and express my opinion based upon that analysis.
      I have on my laptop a text file called 'keys', which I am *not* going to make publicly available, but which was generated by someone 3 years ago. It contains 350 short words, one per line, each matching /^[a-z]{2,7}$/. The whole file is under 2Kbytes.

      Here is a small CGI script I have installed on a local apache web server. It uses bog-standard CGI.pm to process any received parameters.

      #!/var/www/cgi-bin/d/perl-5.16.0.out/bin/perl5.16.0 use CGI; my $q = CGI->new; print $q->header(); print $q->start_html('hello world'); my @keys = $q->param; printf "[[received %3d params; used %4dMbyte of RSZ]]<br>\n", scalar @keys, rsz(); print $q->end_html; # use PS to get the resident memory size of the current process sub rsz { return int($1 * 4096 / 1024 / 1024) if `ps -p $$ -o rsz` =~ /(\d+) +/; return 0; }
      and here is a small HTTP client script. It reads that list of keys, then sends a series of simple HTTP requests including longer and longer subsets of those keys as parameters. The reply from the CGI script shows how much memory it used.
      #!/usr/bin/perl use strict; use warnings; use LWP::UserAgent; use HTTP::Request::Common qw{ POST }; my @keys = <>; chomp for @keys; my $start = time; for (my $i = 10; $i <= 350; $i += 10) { my @params = map { $_ => 1 } @keys[0..$i-1]; my $url = 'http://localhost/cgi-bin/index.cgi'; my $ua = LWP::UserAgent->new(); my $request = POST( $url, [ @params ] ); my $content = $ua->request($request)->as_string(); $content =~/\[\[(.*)\]\]/ or die "unexpected response"; print $1, "\n"; } printf "TOTAL time %ds\n", time - $start;
      And here is the result of running that client script:
      $ ./client keys received 10 params; used 24Mbyte of RSZ received 20 params; used 24Mbyte of RSZ received 30 params; used 24Mbyte of RSZ received 40 params; used 24Mbyte of RSZ received 50 params; used 24Mbyte of RSZ received 60 params; used 24Mbyte of RSZ received 70 params; used 24Mbyte of RSZ received 80 params; used 24Mbyte of RSZ received 90 params; used 23Mbyte of RSZ received 100 params; used 24Mbyte of RSZ received 110 params; used 24Mbyte of RSZ received 120 params; used 24Mbyte of RSZ received 130 params; used 24Mbyte of RSZ received 140 params; used 24Mbyte of RSZ received 150 params; used 24Mbyte of RSZ received 160 params; used 24Mbyte of RSZ received 170 params; used 25Mbyte of RSZ received 180 params; used 25Mbyte of RSZ received 190 params; used 25Mbyte of RSZ received 200 params; used 28Mbyte of RSZ received 210 params; used 28Mbyte of RSZ received 220 params; used 32Mbyte of RSZ received 230 params; used 32Mbyte of RSZ received 240 params; used 39Mbyte of RSZ received 250 params; used 56Mbyte of RSZ received 260 params; used 56Mbyte of RSZ received 270 params; used 87Mbyte of RSZ received 280 params; used 152Mbyte of RSZ received 290 params; used 152Mbyte of RSZ received 300 params; used 279Mbyte of RSZ received 310 params; used 280Mbyte of RSZ received 320 params; used 536Mbyte of RSZ received 330 params; used 1047Mbyte of RSZ received 340 params; used 1047Mbyte of RSZ received 350 params; used 2071Mbyte of RSZ TOTAL time 2s
      Note that I can trivially force the CGI script to allocate as much memory as I desire.

      Dave.

        So what you're saying is that you have a file of 350 magic keys that when used to build a hash on any version of Perl from 5.8.1 through 5.16 will cause this constant doubling of the hash size, regardless of what hash seed was chosen at startup?


        With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority". The enemy of (IT) success is complexity.
        In the absence of evidence, opinion is indistinguishable from prejudice.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1178396]
help
Chatterbox?
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others lurking in the Monastery: (7)
As of 2017-12-11 15:52 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    What programming language do you hate the most?




















    Results (306 votes). Check out past polls.

    Notices?