TOFU performance / DB format

Neal H. Walfield neal at walfield.org
Fri Oct 23 19:09:24 CEST 2015 

At Wed, 21 Oct 2015 16:27:43 +0200,
Neal H. Walfield wrote:
> 
> At Wed, 21 Oct 2015 15:32:05 +0200,
> Andre Heinecke wrote:
> > On Wednesday 21 October 2015 14:36:07 Neal H. Walfield wrote:
> > > At Tue, 20 Oct 2015 19:46:23 +0200,
> > > The flat format uses a single file and is, as you observed on jabber,
> > > about 20 times faster.
> > 
> > That was a misunderstanding then. The 20 times speedup was between the first 
> > and the second run of gpg2 -k
> 
> Thanks for clearing that up.
> 
> > flat / split both were at around 20sec.
> 
> Unless I'm interpreting your numbers incorrectly, it looks like flat
> is about 20s and split is 45 seconds.
> 
> > Here are some more timinings (tofu.d and tofu.db deleted between runs):
> > 
> > With rev: 9afeb4cc
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  3.52s user 0.91s system 
> > 21% cpu 20.695 total
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.10s user 2.43s system 
> > 12% cpu 44.597 tota
> > 
> > With rev: bc9ff6c85
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  1.34s user 0.89s system 
> > 13% cpu 16.068 total
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.01s user 2.57s system 
> > 12% cpu 45.751 total
> > 
> > With rev: eb8a0b0
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format flat -k  1.14s user 0.87s system 
> > 13% cpu 14.532 total
> > 
> > gpg2 --trust-model=tofu+pgp --tofu-db-format split -k  3.18s user 2.49s system 
> > 12% cpu 45.165 total
> > 
> > I'm a bit confused with the last result as yesterday on that revision it only 
> > took 22sec. Maybe a problem with my test setup. ATM I don't have time to look 
> > into it more. 
> 
> Here's what I see (I'm using wget
> 'http://keyserver.borgnet.us/dump/sks-dump-0000.pgp.bz2, which
> contains just over 500 keys).
> 
> Here's the base line (no TOFU): 0.1s
> 
>   $ time gpg2 --trust-model=pgp -k >/dev/null
>   real	0m0.092s
>   user	0m0.072s
>   sys	0m0.012s
> 
> With the TOFU flat format:
> 
>      initial listing: 29s (0.4 seconds CPU time)
>   subsequent listing:  1s (0.1 seconds CPU time)
> 
>   $ time gpg2 --trust-model=tofu --tofu-db-format=flat -k >/dev/null
>   real	0m28.549s
>   user	0m0.384s
>   sys	0m0.384s
>   $ time gpg2 --trust-model=tofu --tofu-db-format=flat -k >/dev/null
>   real	0m0.945s
>   user	0m0.084s
>   sys	0m0.056s

In 7f65e84, I added an interface to enable batch updates.  This was
based on the observation that SQLite performs better when there is a
single big transaction instead of many small transactions [1].  This
proved correct.  With this patch, the time for an initial listing
decreases from 29 seconds to 0.16 seconds.  This means that using the
TOFU trust model with the flat DB format performs almost the same as
the pgp trust model.  For a subsequent listing, the time increased
slightly from 1 second to 1.2 seconds.  However, this may just be
noise.

  [1] https://www.sqlite.org/faq.html#q19

  $ rm -rf tofu.d*; time  gpg2 --trust-mode=tofu --tofu-db-format=flat -k >/dev/null
  real	0m0.161s
  user	0m0.052s
  sys	0m0.004s

  $ time  gpg2 --trust-mode=tofu --tofu-db-format=flat -k >/dev/null
  real	0m1.197s
  user	0m0.088s
  sys	0m0.044s

Unfortunately, this change only helps with the flat database format.
For the split forat, we're still looking at over 90 seconds for the
initial listing and 3 seconds for subsequent listings.

I'd be interested to hear people's opinions about whether the split
format (with its ability to be more easily synced) is still
interesting despite the slow performance.

Thanks!

:) Neal

More information about the Gnupg-devel mailing list