TOFU performance / DB format

Neal H. Walfield neal at walfield.org
Wed Oct 21 16:27:43 CEST 2015 

At Wed, 21 Oct 2015 15:32:05 +0200,
Andre Heinecke wrote:
> On Wednesday 21 October 2015 14:36:07 Neal H. Walfield wrote:
> > At Tue, 20 Oct 2015 19:46:23 +0200,
> > The flat format uses a single file and is, as you observed on jabber,
> > about 20 times faster.
> 
> That was a misunderstanding then. The 20 times speedup was between the first 
> and the second run of gpg2 -k

Thanks for clearing that up.

> flat / split both were at around 20sec.

Unless I'm interpreting your numbers incorrectly, it looks like flat
is about 20s and split is 45 seconds.

> Here are some more timinings (tofu.d and tofu.db deleted between runs):
> 
> With rev: 9afeb4cc
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  3.52s user 0.91s system 
> 21% cpu 20.695 total
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.10s user 2.43s system 
> 12% cpu 44.597 tota
> 
> With rev: bc9ff6c85
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  1.34s user 0.89s system 
> 13% cpu 16.068 total
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.01s user 2.57s system 
> 12% cpu 45.751 total
> 
> With rev: eb8a0b0
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  1.14s user 0.87s system 
> 13% cpu 14.532 total
> 
> gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.18s user 2.49s system 
> 12% cpu 45.165 total
> 
> I'm a bit confused with the last result as yesterday on that revision it only 
> took 22sec. Maybe a problem with my test setup. ATM I don't have time to look 
> into it more. 

Here's what I see (I'm using wget
'http://keyserver.borgnet.us/dump/sks-dump-0000.pgp.bz2, which
contains just over 500 keys).

Here's the base line (no TOFU): 0.1s

  $ time gpg2 --trust-model=pgp -k >/dev/null
  real	0m0.092s
  user	0m0.072s
  sys	0m0.012s

With the TOFU flat format:

     initial listing: 29s (0.4 seconds CPU time)
  subsequent listing:  1s (0.1 seconds CPU time)

  $ time gpg2 --trust-model=tofu --tofu-db-format=flat -k >/dev/null
  real	0m28.549s
  user	0m0.384s
  sys	0m0.384s
  $ time gpg2 --trust-model=tofu --tofu-db-format=flat -k >/dev/null
  real	0m0.945s
  user	0m0.084s
  sys	0m0.056s

With the TOFU split format:

     initial listing: 96s (1.1 seconds CPU time)
  subsequent listing:  3s (0.2 seconds CPU time)
  
  $ time gpg2 --trust-model=tofu --tofu-db-format=split -k >/dev/null
  real	1m35.562s
  user	0m1.076s
  sys	0m1.276s
  $ time gpg2 --trust-model=tofu --tofu-db-format=split -k >/dev/null
  real	0m3.148s
  user	0m0.232s
  sys	0m0.152s

So at least here, the flat format is about 3 times faster than the
split format.  You're seeing a bit more than a two times difference.
This can be explained by your use of a local SSD and my use of NFS.


Whatever the case, it's worth investing some time into understanding
why the TOFU updates are relatively slow and both updates (the initial
run) and reads (the second gpg2 -k) are so I/O bound.

In terms of updates, I think it is because SQLite is slow with many
individual updates (the SQLite developers recommend batching writes to
amortize the cost).

As for reads, I have no idea.

Thanks for the feedback!

:) Neal

More information about the Gnupg-devel mailing list