Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Performance regression: Preparing IntegrityMetaComponents after BOM processing takes too long #1306

Open
2 tasks done
Tracked by #860
nscuro opened this issue Jun 6, 2024 · 2 comments · May be fixed by DependencyTrack/hyades-apiserver#846
Open
2 tasks done
Tracked by #860
Assignees
Labels
component/api-server defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk performance size/L High effort
Milestone

Comments

@nscuro
Copy link
Member

nscuro commented Jun 6, 2024

Current Behavior

While porting #3357 I noticed that the section that is "preparing" IntegrityMetaComponents is executing a transaction for every single component of the processed BOM:

https://github.com/DependencyTrack/hyades-apiserver/blob/0dbf1d376c9e1a984e7c0bc735db1504c6de5aed/src/main/java/org/dependencytrack/tasks/BomUploadProcessingTask.java#L410-L425

Profiling the informWithBloatedBomTest confirmed my suspicion that this ends up being super expensive:

Untitled

Querying and creating the IntegrityMetaComponents takes more CPU time than the actual BOM processing itself. And this is with API server and database residing on the same machine, it will be even more impactfull when that is not the case.

Steps to Reproduce

  1. Run informWithBloatedBomTest with profiling

Expected Behavior

Preparing IntegrityMetaComponents should be a quick operation. It should not create a transaction for every component in the BOM.

It's likely that the entire operation can be achieved with a single batch insert using JDBI.

Hyades Version

hyades-apiserver 5.5.0-SNAPSHOT

Repository Type

Hyades apiserver

Browser

N/A

Checklist

@nscuro nscuro added defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk size/S Small effort component/api-server performance labels Jun 6, 2024
@nscuro
Copy link
Member Author

nscuro commented Jun 10, 2024

Even more clear with DependencyTrack/hyades-apiserver#705 in place:

image

@nscuro nscuro added this to the 0.6.0 milestone Jul 19, 2024
@nscuro nscuro self-assigned this Aug 2, 2024
@nscuro
Copy link
Member Author

nscuro commented Aug 2, 2024

Batch inserts into INTEGRITY_META_COMPONENT won't work well because potentially many threads will do it in parallel, so lots of contention. Did some testing locally and am running into deadlocks with just a few consecutive BOM uploads.

Potentially need an entirely different approach to populating that table.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
component/api-server defect Something isn't working p2 Non-critical bugs, and features that help organizations to identify and reduce risk performance size/L High effort
Projects
Status: In Progress
Development

Successfully merging a pull request may close this issue.

1 participant