From f512cbef0fa62a7323235d1b4443f7c59cba9088 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 11 Jul 2023 17:28:42 +0100 Subject: [PATCH 01/44] Add `package-benchmark` --- benchmarks/.gitignore | 8 + .../CertificatesBenchmarks.swift | 336 +++++++++++++ .../CertificatesBenchmarks/shared.swift | 446 ++++++++++++++++++ benchmarks/Package.swift | 32 ++ 4 files changed, 822 insertions(+) create mode 100644 benchmarks/.gitignore create mode 100644 benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift create mode 100644 benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift create mode 100644 benchmarks/Package.swift diff --git a/benchmarks/.gitignore b/benchmarks/.gitignore new file mode 100644 index 00000000..0023a534 --- /dev/null +++ b/benchmarks/.gitignore @@ -0,0 +1,8 @@ +.DS_Store +/.build +/Packages +xcuserdata/ +DerivedData/ +.swiftpm/configuration/registries.json +.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata +.netrc diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift new file mode 100644 index 00000000..9a508bb9 --- /dev/null +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift @@ -0,0 +1,336 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import X509 +import Foundation +import Crypto +import SwiftASN1 +import _CertificateInternals + +let benchmarks = { + Benchmark("Verifier", configuration: .init(warmupIterations: 1)) { benchmark in + var counts = 0 + + counts += await testAllSuccessfulValidations() + counts += await testAllUnsuccessfulValidations() + + blackHole(counts) + } + + let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } + Benchmark("Parse WebPKI Roots") { benchmark in + for _ in 0..<1000 { + for derEncodedCA in derEncodedCAs { + blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) + } + } + } + + Benchmark("TinyArray non-allocating functions") { benchmark in + var counts = 0 + for _ in 0..<1000 { + counts += _TinyArray(CollectionOfOne(1)).count + + do { + var array = _TinyArray() + array.append(contentsOf: CollectionOfOne(1)) + counts += array.count + } + } + + blackHole(counts) + } + + Benchmark("TinyArray.append(_:)") { benchmark in + var count = 0 + for _ in 0..<1000 { + var tinyArray = _TinyArray() + for i in 0..<1000 { + tinyArray.append(i) + } + count += tinyArray.count + } + + blackHole(count) + } +} + +// MARK: - successful validation + +func testAllSuccessfulValidations() async -> Int { + var counts = 0 + counts += await testTrivialChainBuilding() + counts += await testExtraRootsAreIgnored() + counts += await testPuttingRootsInTheIntermediariesIsntAProblem() + counts += await testSupportsCrossSignedRootWithoutTrouble() + counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() + counts += await testPrefersToUseIntermediatesWithSKIThatMatches() + counts += await testPrefersNoSKIToNonMatchingSKI() + counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() + counts += await testPolicyFailuresCanFindLongerPaths() + counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() + counts += await testTrustRootsCanBeNonSelfSignedLeaves() + counts += await testTrustRootsCanBeNonSelfSignedIntermediates() + return counts +} + +func testTrivialChainBuilding() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testExtraRootsAreIgnored() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSupportsCrossSignedRootWithoutTrouble() async -> Int { + let roots = CertificateStore([TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersNoSKIToNonMatchingSKI() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + return chain.count +} + +func testPolicyFailuresCanFindLongerPaths() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { + FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { + // we use a custom policy here to ignore the fact that the basic constraints extension is critical. + struct IgnoreBasicConstraintsPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] + +func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + return .meetsPolicy + } + } + + let roots = CertificateStore([TestCertificate.localhostLeaf]) + + var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { + let roots = CertificateStore([TestCertificate.intermediate1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +// MARK: - unsuccessful validation + +func testAllUnsuccessfulValidations() async -> Int { + var counts = 0 + counts += await testWePoliceCriticalExtensionsOnLeafCerts() + counts += await testMissingIntermediateFailsToBuild() + counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() + counts += await testMissingRootFailsToBuild() + return counts +} + +func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + + return policyResults.count +} + +func testMissingIntermediateFailsToBuild() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + return policyResults.count +} + +func testMissingRootFailsToBuild() async -> Int { + let roots = CertificateStore([]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] + + private let forbiddenCert: Certificate + + init(forbiddenCert: Certificate) { + self.forbiddenCert = forbiddenCert + } + + mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + if chain.contains(self.forbiddenCert) { + return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") + } else { + return .meetsPolicy + } + } +} diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift new file mode 100644 index 00000000..2e8bd790 --- /dev/null +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift @@ -0,0 +1,446 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + + +import X509 +import Foundation +import Crypto + +enum WebPKI { + static let all = [br, af, cf, dz, de] + static let br = """ + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx + KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd + BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl + YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 + OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy + aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 + ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN + 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ + RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 + hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 + ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM + EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj + QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 + A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy + WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ + 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 + 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT + 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml + e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p + TpPDpFQUWw== + -----END CERTIFICATE----- + """ + static let af = """ + -----BEGIN CERTIFICATE----- + MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x + GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv + b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV + BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W + YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa + GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg + Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J + WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB + rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp + +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 + ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i + Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz + PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og + /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH + oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI + yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud + EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 + A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL + MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT + ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f + BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn + g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl + fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K + WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha + B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc + hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR + TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD + mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z + ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y + 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza + 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u + -----END CERTIFICATE----- + """ + static let cf = """ + -----BEGIN CERTIFICATE----- + MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw + CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu + ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg + RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV + UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu + Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq + hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf + Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q + RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ + BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD + AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY + JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv + 6pZjamVFkpUBtA== + -----END CERTIFICATE----- + """ + static let dz = """ + -----BEGIN CERTIFICATE----- + MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD + VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf + BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 + YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x + NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G + A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 + d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF + Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG + SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN + FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w + DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw + CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh + DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 + -----END CERTIFICATE----- + """ + static let de = """ + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE + BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ + IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 + MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV + BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w + HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj + Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj + TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u + KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj + qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm + MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 + ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP + zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk + L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC + jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA + HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC + AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB + /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg + p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm + DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 + COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry + L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf + JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg + IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io + 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV + 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ + XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq + T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe + MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== + -----END CERTIFICATE----- + """ +} + + +enum TestCertificate { + static let referenceTime = Date() + + static let all = [ + ca1, + ca1CrossSignedByCA2, + ca1WithAlternativePrivateKey, + ca2, + ca2CrossSignedByCA1, + intermediate1, + intermediate1WithoutSKIAKI, + intermediate1WithIncorrectSKIAKI, + localhostLeaf, + isolatedSelfSignedCert, + isolatedSelfSignedCertWithWeirdCriticalExtension, + ] + + private static let ca1PrivateKey = P384.Signing.PrivateKey() + private static let ca1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 1") + } + static let ca1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let ca1CrossSignedByCA2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca2Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() + static let ca1WithAlternativePrivateKey: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1AlternativePrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let ca2PrivateKey = P384.Signing.PrivateKey() + private static let ca2Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 2") + } + static let ca2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca2Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + static let ca2CrossSignedByCA1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca1Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + static let intermediate1PrivateKey = P256.Signing.PrivateKey() + static let intermediate1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test Intermediate CA 1") + } + static let intermediate1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithoutSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithIncorrectSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() + static let localhostLeaf: Certificate = { + let localhostLeafName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("localhost") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(localhostLeafPrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: intermediate1.subject, + subject: localhostLeafName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.notCertificateAuthority + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) + }, + issuerPrivateKey: .init(intermediate1PrivateKey) + ) + }() + + private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() + static let isolatedSelfSignedCert: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() + + static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + + // An opaque extension that just so happens to be critical + Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() +} + +extension TimeInterval { + private static let oneDay: TimeInterval = 60 * 60 * 24 + + static func days(_ days: Int) -> TimeInterval { + return Double(days) * oneDay + } +} diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift new file mode 100644 index 00000000..c52430b4 --- /dev/null +++ b/benchmarks/Package.swift @@ -0,0 +1,32 @@ +// swift-tools-version: 5.8 +// The swift-tools-version declares the minimum version of Swift required to build this package. + +import PackageDescription + +let package = Package( + name: "benchmarks", + platforms: [ + .macOS(.v13), + ], + dependencies: [ + .package(path: "../"), + .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), + .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), + .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + ], + targets: [ + .executableTarget( + name: "CertificatesBenchmarks", + dependencies: [ + .product(name: "Benchmark", package: "package-benchmark"), + .product(name: "X509", package: "swift-certificates"), + .product(name: "SwiftASN1", package: "swift-asn1"), + .product(name: "Crypto", package: "swift-crypto"), + ], + path: "Benchmarks/CertificatesBenchmarks", + plugins: [ + .plugin(name: "BenchmarkPlugin", package: "package-benchmark") + ] + ), + ] +) From c16c7bf6b4f2a250c93ebce83ae41983d974d08b Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 16 Aug 2023 14:57:32 +0100 Subject: [PATCH 02/44] use local dependencies --- Package.swift | 3 ++- .../CertificatesBenchmarks/CertificatesBenchmarks.swift | 4 ++-- benchmarks/Package.swift | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Package.swift b/Package.swift index 796324a1..6290dfc3 100644 --- a/Package.swift +++ b/Package.swift @@ -75,7 +75,8 @@ let package = Package( if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil { package.dependencies += [ .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + .package(path: "../swift-asn1"), .package(url: "https://github.com/apple/swift-docc-plugin", from: "1.0.0"), ] } else { diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift index 9a508bb9..810460bd 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift @@ -31,11 +31,11 @@ let benchmarks = { let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } Benchmark("Parse WebPKI Roots") { benchmark in - for _ in 0..<1000 { + //for _ in 0..<1000 { for derEncodedCA in derEncodedCAs { blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) } - } + //} } Benchmark("TinyArray non-allocating functions") { benchmark in diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index c52430b4..113c5c37 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -12,7 +12,8 @@ let package = Package( .package(path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + .package(path: "../swift-asn1"), ], targets: [ .executableTarget( From 2e9b1c10d848f7626177dd2f7af9eeef17102bed Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 17 Aug 2023 17:18:10 +0100 Subject: [PATCH 03/44] split into multiple targets --- benchmarks/Benchmarks/Benchmarks.swift | 35 ++ benchmarks/Package.swift | 24 +- .../Sources/CertificatesBenchmarks.swift | 334 +++++++++++++ benchmarks/Sources/blackHole.swift | 31 ++ benchmarks/Sources/shared.swift | 446 ++++++++++++++++++ benchmarks/Tests/Tests.swift | 29 ++ 6 files changed, 894 insertions(+), 5 deletions(-) create mode 100644 benchmarks/Benchmarks/Benchmarks.swift create mode 100644 benchmarks/Sources/CertificatesBenchmarks.swift create mode 100644 benchmarks/Sources/blackHole.swift create mode 100644 benchmarks/Sources/shared.swift create mode 100644 benchmarks/Tests/Tests.swift diff --git a/benchmarks/Benchmarks/Benchmarks.swift b/benchmarks/Benchmarks/Benchmarks.swift new file mode 100644 index 00000000..4ef00e23 --- /dev/null +++ b/benchmarks/Benchmarks/Benchmarks.swift @@ -0,0 +1,35 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import Sources + +let benchmarks = { + Benchmark("Verifier", configuration: .init(warmupIterations: 1)) { benchmark in + await verifier() + } + + let runParseWebPKIRoots = parseWebPKIRoots() + Benchmark("Parse WebPKI Roots") { benchmark in + runParseWebPKIRoots() + } + + Benchmark("TinyArray non-allocating functions") { benchmark in + tinyArrayNonAllocationFunctions() + } + + Benchmark("TinyArray.append(_:)") { benchmark in + tinyArrayAppend() + } +} diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 113c5c37..99d3f726 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -13,21 +13,35 @@ let package = Package( .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), - .package(path: "../swift-asn1"), + .package(path: "../../swift-asn1"), ], targets: [ .executableTarget( name: "CertificatesBenchmarks", dependencies: [ + "Sources", .product(name: "Benchmark", package: "package-benchmark"), - .product(name: "X509", package: "swift-certificates"), - .product(name: "SwiftASN1", package: "swift-asn1"), - .product(name: "Crypto", package: "swift-crypto"), ], - path: "Benchmarks/CertificatesBenchmarks", + path: "Benchmarks", plugins: [ .plugin(name: "BenchmarkPlugin", package: "package-benchmark") ] ), + .target( + name: "Sources", + dependencies: [ + .product(name: "X509", package: "swift-certificates"), + .product(name: "SwiftASN1", package: "swift-asn1"), + .product(name: "Crypto", package: "swift-crypto"), + ], + path: "Sources" + ), + .testTarget( + name: "Tests", + dependencies: [ + "Sources", + ], + path: "Tests" + ) ] ) diff --git a/benchmarks/Sources/CertificatesBenchmarks.swift b/benchmarks/Sources/CertificatesBenchmarks.swift new file mode 100644 index 00000000..fd900220 --- /dev/null +++ b/benchmarks/Sources/CertificatesBenchmarks.swift @@ -0,0 +1,334 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import X509 +import Foundation +import Crypto +import SwiftASN1 +import _CertificateInternals + +public func verifier() async { + var counts = 0 + + counts += await testAllSuccessfulValidations() + counts += await testAllUnsuccessfulValidations() + + blackHole(counts) +} + + +public func parseWebPKIRoots() -> () -> Void { + let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } + return { + for derEncodedCA in derEncodedCAs { + blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) + } + } +} + +public func tinyArrayNonAllocationFunctions() { + var counts = 0 + for _ in 0..<1000 { + counts += _TinyArray(CollectionOfOne(1)).count + + do { + var array = _TinyArray() + array.append(contentsOf: CollectionOfOne(1)) + counts += array.count + } + } + + blackHole(counts) +} + +public func tinyArrayAppend() { + var count = 0 + for _ in 0..<1000 { + var tinyArray = _TinyArray() + for i in 0..<1000 { + tinyArray.append(i) + } + count += tinyArray.count + } + + blackHole(count) +} + +// MARK: - successful validation + +func testAllSuccessfulValidations() async -> Int { + var counts = 0 + counts += await testTrivialChainBuilding() + counts += await testExtraRootsAreIgnored() + counts += await testPuttingRootsInTheIntermediariesIsntAProblem() + counts += await testSupportsCrossSignedRootWithoutTrouble() + counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() + counts += await testPrefersToUseIntermediatesWithSKIThatMatches() + counts += await testPrefersNoSKIToNonMatchingSKI() + counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() + counts += await testPolicyFailuresCanFindLongerPaths() + counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() + counts += await testTrustRootsCanBeNonSelfSignedLeaves() + counts += await testTrustRootsCanBeNonSelfSignedIntermediates() + return counts +} + +func testTrivialChainBuilding() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testExtraRootsAreIgnored() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSupportsCrossSignedRootWithoutTrouble() async -> Int { + let roots = CertificateStore([TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersNoSKIToNonMatchingSKI() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + return chain.count +} + +func testPolicyFailuresCanFindLongerPaths() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { + FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { + // we use a custom policy here to ignore the fact that the basic constraints extension is critical. + struct IgnoreBasicConstraintsPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] + +func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + return .meetsPolicy + } + } + + let roots = CertificateStore([TestCertificate.localhostLeaf]) + + var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { + let roots = CertificateStore([TestCertificate.intermediate1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +// MARK: - unsuccessful validation + +func testAllUnsuccessfulValidations() async -> Int { + var counts = 0 + counts += await testWePoliceCriticalExtensionsOnLeafCerts() + counts += await testMissingIntermediateFailsToBuild() + counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() + counts += await testMissingRootFailsToBuild() + return counts +} + +func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + + return policyResults.count +} + +func testMissingIntermediateFailsToBuild() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + return policyResults.count +} + +func testMissingRootFailsToBuild() async -> Int { + let roots = CertificateStore([]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] + + private let forbiddenCert: Certificate + + init(forbiddenCert: Certificate) { + self.forbiddenCert = forbiddenCert + } + + mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + if chain.contains(self.forbiddenCert) { + return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") + } else { + return .meetsPolicy + } + } +} diff --git a/benchmarks/Sources/blackHole.swift b/benchmarks/Sources/blackHole.swift new file mode 100644 index 00000000..d461b4e1 --- /dev/null +++ b/benchmarks/Sources/blackHole.swift @@ -0,0 +1,31 @@ +// ===----------------------------------------------------------------------===// +// +// This source file is part of the Swift Collections open source project +// +// Copyright (c) 2021 Apple Inc. and the Swift project authors +// Licensed under Apache License v2.0 with Runtime Library Exception +// +// See https://swift.org/LICENSE.txt for license information +// +// ===----------------------------------------------------------------------===// + +/// A function to foil compiler optimizations that would otherwise optimize out code you want to benchmark. +/// +/// The function wraps another object or function, does nothing, and returns. +/// If you want to benchmark the time is takes to create an instance and you don't maintain a reference to it, the compiler may optimize it out entirely, thinking it is unused. +/// To prevent the compiler from removing the code you want to measure, wrap the creation of the instance with `blackHole`. +/// For example, the following code benchmarks the time it takes to create an instance of `Date`, and wraps the creation of the instance to prevent the compiler from optimizing it away: +/// +/// ```swift +/// Benchmark("Foundation Date()", +/// configuration: .init( +/// metrics: [.throughput, .wallClock], +/// scalingFactor: .mega) +/// ) { benchmark in +/// for _ in benchmark.scaledIterations { +/// blackHole(Date()) +/// } +/// } +/// ``` +@inline(never) +public func blackHole(_: some Any) {} diff --git a/benchmarks/Sources/shared.swift b/benchmarks/Sources/shared.swift new file mode 100644 index 00000000..2e8bd790 --- /dev/null +++ b/benchmarks/Sources/shared.swift @@ -0,0 +1,446 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + + +import X509 +import Foundation +import Crypto + +enum WebPKI { + static let all = [br, af, cf, dz, de] + static let br = """ + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx + KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd + BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl + YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 + OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy + aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 + ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN + 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ + RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 + hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 + ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM + EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj + QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 + A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy + WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ + 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 + 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT + 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml + e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p + TpPDpFQUWw== + -----END CERTIFICATE----- + """ + static let af = """ + -----BEGIN CERTIFICATE----- + MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x + GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv + b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV + BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W + YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa + GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg + Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J + WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB + rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp + +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 + ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i + Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz + PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og + /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH + oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI + yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud + EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 + A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL + MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT + ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f + BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn + g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl + fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K + WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha + B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc + hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR + TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD + mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z + ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y + 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza + 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u + -----END CERTIFICATE----- + """ + static let cf = """ + -----BEGIN CERTIFICATE----- + MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw + CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu + ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg + RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV + UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu + Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq + hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf + Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q + RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ + BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD + AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY + JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv + 6pZjamVFkpUBtA== + -----END CERTIFICATE----- + """ + static let dz = """ + -----BEGIN CERTIFICATE----- + MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD + VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf + BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 + YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x + NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G + A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 + d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF + Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG + SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN + FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w + DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw + CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh + DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 + -----END CERTIFICATE----- + """ + static let de = """ + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE + BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ + IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 + MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV + BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w + HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj + Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj + TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u + KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj + qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm + MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 + ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP + zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk + L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC + jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA + HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC + AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB + /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg + p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm + DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 + COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry + L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf + JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg + IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io + 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV + 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ + XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq + T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe + MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== + -----END CERTIFICATE----- + """ +} + + +enum TestCertificate { + static let referenceTime = Date() + + static let all = [ + ca1, + ca1CrossSignedByCA2, + ca1WithAlternativePrivateKey, + ca2, + ca2CrossSignedByCA1, + intermediate1, + intermediate1WithoutSKIAKI, + intermediate1WithIncorrectSKIAKI, + localhostLeaf, + isolatedSelfSignedCert, + isolatedSelfSignedCertWithWeirdCriticalExtension, + ] + + private static let ca1PrivateKey = P384.Signing.PrivateKey() + private static let ca1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 1") + } + static let ca1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let ca1CrossSignedByCA2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca2Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() + static let ca1WithAlternativePrivateKey: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1AlternativePrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let ca2PrivateKey = P384.Signing.PrivateKey() + private static let ca2Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 2") + } + static let ca2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca2Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + static let ca2CrossSignedByCA1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca1Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + static let intermediate1PrivateKey = P256.Signing.PrivateKey() + static let intermediate1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test Intermediate CA 1") + } + static let intermediate1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithoutSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithIncorrectSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() + static let localhostLeaf: Certificate = { + let localhostLeafName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("localhost") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(localhostLeafPrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: intermediate1.subject, + subject: localhostLeafName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.notCertificateAuthority + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) + }, + issuerPrivateKey: .init(intermediate1PrivateKey) + ) + }() + + private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() + static let isolatedSelfSignedCert: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() + + static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + + // An opaque extension that just so happens to be critical + Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() +} + +extension TimeInterval { + private static let oneDay: TimeInterval = 60 * 60 * 24 + + static func days(_ days: Int) -> TimeInterval { + return Double(days) * oneDay + } +} diff --git a/benchmarks/Tests/Tests.swift b/benchmarks/Tests/Tests.swift new file mode 100644 index 00000000..dcaa1fc9 --- /dev/null +++ b/benchmarks/Tests/Tests.swift @@ -0,0 +1,29 @@ +import Sources +import XCTest + +final class TestRunner: XCTestCase { + func testVerifier() async { + for _ in 0..<100 { + await verifier() + } + } + + func testPraseWebPKIRoots() { + let runParseWebPKIRoots = parseWebPKIRoots() + for _ in 0..<10000 { + runParseWebPKIRoots() + } + } + + func testTinyArrayNonAllocationFunctions() { + + tinyArrayNonAllocationFunctions() + + } + + func testTinyArrayAppend() { + + tinyArrayAppend() + + } +} From 477055672d03f332e55c1520b4d0f8e5c40d1cdf Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Fri, 18 Aug 2023 09:57:43 +0100 Subject: [PATCH 04/44] fix benchmark plugin --- .../Benchmarks.swift | 0 .../CertificatesBenchmarks.swift | 336 ------------- .../CertificatesBenchmarks/shared.swift | 446 ------------------ benchmarks/Package.swift | 5 +- 4 files changed, 3 insertions(+), 784 deletions(-) rename benchmarks/Benchmarks/{ => CertificatesBenchmarks}/Benchmarks.swift (100%) delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift diff --git a/benchmarks/Benchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift similarity index 100% rename from benchmarks/Benchmarks/Benchmarks.swift rename to benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift deleted file mode 100644 index 810460bd..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/CertificatesBenchmarks.swift +++ /dev/null @@ -1,336 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import X509 -import Foundation -import Crypto -import SwiftASN1 -import _CertificateInternals - -let benchmarks = { - Benchmark("Verifier", configuration: .init(warmupIterations: 1)) { benchmark in - var counts = 0 - - counts += await testAllSuccessfulValidations() - counts += await testAllUnsuccessfulValidations() - - blackHole(counts) - } - - let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } - Benchmark("Parse WebPKI Roots") { benchmark in - //for _ in 0..<1000 { - for derEncodedCA in derEncodedCAs { - blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) - } - //} - } - - Benchmark("TinyArray non-allocating functions") { benchmark in - var counts = 0 - for _ in 0..<1000 { - counts += _TinyArray(CollectionOfOne(1)).count - - do { - var array = _TinyArray() - array.append(contentsOf: CollectionOfOne(1)) - counts += array.count - } - } - - blackHole(counts) - } - - Benchmark("TinyArray.append(_:)") { benchmark in - var count = 0 - for _ in 0..<1000 { - var tinyArray = _TinyArray() - for i in 0..<1000 { - tinyArray.append(i) - } - count += tinyArray.count - } - - blackHole(count) - } -} - -// MARK: - successful validation - -func testAllSuccessfulValidations() async -> Int { - var counts = 0 - counts += await testTrivialChainBuilding() - counts += await testExtraRootsAreIgnored() - counts += await testPuttingRootsInTheIntermediariesIsntAProblem() - counts += await testSupportsCrossSignedRootWithoutTrouble() - counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() - counts += await testPrefersToUseIntermediatesWithSKIThatMatches() - counts += await testPrefersNoSKIToNonMatchingSKI() - counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() - counts += await testPolicyFailuresCanFindLongerPaths() - counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() - counts += await testTrustRootsCanBeNonSelfSignedLeaves() - counts += await testTrustRootsCanBeNonSelfSignedIntermediates() - return counts -} - -func testTrivialChainBuilding() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testExtraRootsAreIgnored() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSupportsCrossSignedRootWithoutTrouble() async -> Int { - let roots = CertificateStore([TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersNoSKIToNonMatchingSKI() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - return chain.count -} - -func testPolicyFailuresCanFindLongerPaths() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { - FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { - // we use a custom policy here to ignore the fact that the basic constraints extension is critical. - struct IgnoreBasicConstraintsPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] - -func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - return .meetsPolicy - } - } - - let roots = CertificateStore([TestCertificate.localhostLeaf]) - - var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { - let roots = CertificateStore([TestCertificate.intermediate1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -// MARK: - unsuccessful validation - -func testAllUnsuccessfulValidations() async -> Int { - var counts = 0 - counts += await testWePoliceCriticalExtensionsOnLeafCerts() - counts += await testMissingIntermediateFailsToBuild() - counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() - counts += await testMissingRootFailsToBuild() - return counts -} - -func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - - return policyResults.count -} - -func testMissingIntermediateFailsToBuild() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - return policyResults.count -} - -func testMissingRootFailsToBuild() async -> Int { - let roots = CertificateStore([]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] - - private let forbiddenCert: Certificate - - init(forbiddenCert: Certificate) { - self.forbiddenCert = forbiddenCert - } - - mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - if chain.contains(self.forbiddenCert) { - return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") - } else { - return .meetsPolicy - } - } -} diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift deleted file mode 100644 index 2e8bd790..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/shared.swift +++ /dev/null @@ -1,446 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - - -import X509 -import Foundation -import Crypto - -enum WebPKI { - static let all = [br, af, cf, dz, de] - static let br = """ - -----BEGIN CERTIFICATE----- - MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx - KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd - BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl - YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 - OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy - aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 - ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN - 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ - RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 - hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 - ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM - EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj - QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 - A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy - WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ - 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 - 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT - 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml - e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p - TpPDpFQUWw== - -----END CERTIFICATE----- - """ - static let af = """ - -----BEGIN CERTIFICATE----- - MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x - GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv - b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV - BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W - YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa - GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg - Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J - WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB - rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp - +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 - ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i - Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz - PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og - /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH - oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI - yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud - EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 - A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL - MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT - ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f - BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn - g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl - fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K - WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha - B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc - hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR - TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD - mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z - ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y - 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza - 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u - -----END CERTIFICATE----- - """ - static let cf = """ - -----BEGIN CERTIFICATE----- - MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw - CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu - ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg - RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV - UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu - Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf - Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q - RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ - BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD - AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY - JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv - 6pZjamVFkpUBtA== - -----END CERTIFICATE----- - """ - static let dz = """ - -----BEGIN CERTIFICATE----- - MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD - VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf - BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 - YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x - NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G - A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 - d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF - Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG - SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN - FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w - DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw - CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh - DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 - -----END CERTIFICATE----- - """ - static let de = """ - -----BEGIN CERTIFICATE----- - MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE - BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ - IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 - MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV - BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w - HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF - AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj - Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj - TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u - KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj - qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm - MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 - ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP - zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk - L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC - jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA - HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC - AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB - /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg - p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm - DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 - COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry - L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf - JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg - IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io - 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV - 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ - XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq - T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe - MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== - -----END CERTIFICATE----- - """ -} - - -enum TestCertificate { - static let referenceTime = Date() - - static let all = [ - ca1, - ca1CrossSignedByCA2, - ca1WithAlternativePrivateKey, - ca2, - ca2CrossSignedByCA1, - intermediate1, - intermediate1WithoutSKIAKI, - intermediate1WithIncorrectSKIAKI, - localhostLeaf, - isolatedSelfSignedCert, - isolatedSelfSignedCertWithWeirdCriticalExtension, - ] - - private static let ca1PrivateKey = P384.Signing.PrivateKey() - private static let ca1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 1") - } - static let ca1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let ca1CrossSignedByCA2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca2Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() - static let ca1WithAlternativePrivateKey: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1AlternativePrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let ca2PrivateKey = P384.Signing.PrivateKey() - private static let ca2Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 2") - } - static let ca2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca2Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - static let ca2CrossSignedByCA1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca1Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - static let intermediate1PrivateKey = P256.Signing.PrivateKey() - static let intermediate1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test Intermediate CA 1") - } - static let intermediate1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithoutSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithIncorrectSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() - static let localhostLeaf: Certificate = { - let localhostLeafName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("localhost") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(localhostLeafPrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: intermediate1.subject, - subject: localhostLeafName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.notCertificateAuthority - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) - }, - issuerPrivateKey: .init(intermediate1PrivateKey) - ) - }() - - private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() - static let isolatedSelfSignedCert: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() - - static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - - // An opaque extension that just so happens to be critical - Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() -} - -extension TimeInterval { - private static let oneDay: TimeInterval = 60 * 60 * 24 - - static func days(_ days: Int) -> TimeInterval { - return Double(days) * oneDay - } -} diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 99d3f726..c7dc5466 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -11,7 +11,8 @@ let package = Package( dependencies: [ .package(path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), - .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), + //.package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), + .package(path: "../../swift-crypto"), //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), .package(path: "../../swift-asn1"), ], @@ -22,7 +23,7 @@ let package = Package( "Sources", .product(name: "Benchmark", package: "package-benchmark"), ], - path: "Benchmarks", + path: "Benchmarks/CertificatesBenchmarks", plugins: [ .plugin(name: "BenchmarkPlugin", package: "package-benchmark") ] From 285343fc173bc17a52687f83db7df18099543be5 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Fri, 18 Aug 2023 11:25:55 +0100 Subject: [PATCH 05/44] refactor file structure --- benchmarks/Package.swift | 9 +- .../Sources/CertificatesBenchmarks.swift | 334 -------------- benchmarks/Sources/ParseWebPKI.swift | 158 +++++++ benchmarks/Sources/TinyArrayAppend.swift | 27 ++ .../TinyArrayNonAllocationFunctions.swift | 26 ++ .../{shared.swift => VerifierBenchmark.swift} | 406 ++++++++++++------ benchmarks/Tests/Tests.swift | 19 +- 7 files changed, 501 insertions(+), 478 deletions(-) delete mode 100644 benchmarks/Sources/CertificatesBenchmarks.swift create mode 100644 benchmarks/Sources/ParseWebPKI.swift create mode 100644 benchmarks/Sources/TinyArrayAppend.swift create mode 100644 benchmarks/Sources/TinyArrayNonAllocationFunctions.swift rename benchmarks/Sources/{shared.swift => VerifierBenchmark.swift} (51%) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index c7dc5466..b01a9d8f 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -1,5 +1,4 @@ // swift-tools-version: 5.8 -// The swift-tools-version declares the minimum version of Swift required to build this package. import PackageDescription @@ -9,12 +8,10 @@ let package = Package( .macOS(.v13), ], dependencies: [ - .package(path: "../"), + .package(path: "../"), // `swift-certificates` .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), - //.package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - .package(path: "../../swift-crypto"), - //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), - .package(path: "../../swift-asn1"), + .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), + .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), ], targets: [ .executableTarget( diff --git a/benchmarks/Sources/CertificatesBenchmarks.swift b/benchmarks/Sources/CertificatesBenchmarks.swift deleted file mode 100644 index fd900220..00000000 --- a/benchmarks/Sources/CertificatesBenchmarks.swift +++ /dev/null @@ -1,334 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import X509 -import Foundation -import Crypto -import SwiftASN1 -import _CertificateInternals - -public func verifier() async { - var counts = 0 - - counts += await testAllSuccessfulValidations() - counts += await testAllUnsuccessfulValidations() - - blackHole(counts) -} - - -public func parseWebPKIRoots() -> () -> Void { - let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } - return { - for derEncodedCA in derEncodedCAs { - blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) - } - } -} - -public func tinyArrayNonAllocationFunctions() { - var counts = 0 - for _ in 0..<1000 { - counts += _TinyArray(CollectionOfOne(1)).count - - do { - var array = _TinyArray() - array.append(contentsOf: CollectionOfOne(1)) - counts += array.count - } - } - - blackHole(counts) -} - -public func tinyArrayAppend() { - var count = 0 - for _ in 0..<1000 { - var tinyArray = _TinyArray() - for i in 0..<1000 { - tinyArray.append(i) - } - count += tinyArray.count - } - - blackHole(count) -} - -// MARK: - successful validation - -func testAllSuccessfulValidations() async -> Int { - var counts = 0 - counts += await testTrivialChainBuilding() - counts += await testExtraRootsAreIgnored() - counts += await testPuttingRootsInTheIntermediariesIsntAProblem() - counts += await testSupportsCrossSignedRootWithoutTrouble() - counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() - counts += await testPrefersToUseIntermediatesWithSKIThatMatches() - counts += await testPrefersNoSKIToNonMatchingSKI() - counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() - counts += await testPolicyFailuresCanFindLongerPaths() - counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() - counts += await testTrustRootsCanBeNonSelfSignedLeaves() - counts += await testTrustRootsCanBeNonSelfSignedIntermediates() - return counts -} - -func testTrivialChainBuilding() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testExtraRootsAreIgnored() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSupportsCrossSignedRootWithoutTrouble() async -> Int { - let roots = CertificateStore([TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersNoSKIToNonMatchingSKI() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - return chain.count -} - -func testPolicyFailuresCanFindLongerPaths() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { - FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { - // we use a custom policy here to ignore the fact that the basic constraints extension is critical. - struct IgnoreBasicConstraintsPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] - -func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - return .meetsPolicy - } - } - - let roots = CertificateStore([TestCertificate.localhostLeaf]) - - var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { - let roots = CertificateStore([TestCertificate.intermediate1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -// MARK: - unsuccessful validation - -func testAllUnsuccessfulValidations() async -> Int { - var counts = 0 - counts += await testWePoliceCriticalExtensionsOnLeafCerts() - counts += await testMissingIntermediateFailsToBuild() - counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() - counts += await testMissingRootFailsToBuild() - return counts -} - -func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - - return policyResults.count -} - -func testMissingIntermediateFailsToBuild() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - return policyResults.count -} - -func testMissingRootFailsToBuild() async -> Int { - let roots = CertificateStore([]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] - - private let forbiddenCert: Certificate - - init(forbiddenCert: Certificate) { - self.forbiddenCert = forbiddenCert - } - - mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - if chain.contains(self.forbiddenCert) { - return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") - } else { - return .meetsPolicy - } - } -} diff --git a/benchmarks/Sources/ParseWebPKI.swift b/benchmarks/Sources/ParseWebPKI.swift new file mode 100644 index 00000000..7028b10d --- /dev/null +++ b/benchmarks/Sources/ParseWebPKI.swift @@ -0,0 +1,158 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import X509 +import SwiftASN1 + +import Foundation +public func parseWebPKIRoots() -> () -> Void { + let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } + return { + for derEncodedCA in derEncodedCAs { + blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) + } + } +} + +enum WebPKI { + static let all = [br, af, cf, dz, de] + static let br = """ + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx + KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd + BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl + YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 + OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy + aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 + ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN + 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ + RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 + hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 + ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM + EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj + QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 + A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy + WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ + 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 + 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT + 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml + e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p + TpPDpFQUWw== + -----END CERTIFICATE----- + """ + static let af = """ + -----BEGIN CERTIFICATE----- + MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x + GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv + b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV + BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W + YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa + GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg + Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J + WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB + rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp + +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 + ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i + Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz + PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og + /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH + oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI + yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud + EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 + A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL + MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT + ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f + BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn + g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl + fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K + WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha + B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc + hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR + TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD + mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z + ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y + 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza + 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u + -----END CERTIFICATE----- + """ + static let cf = """ + -----BEGIN CERTIFICATE----- + MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw + CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu + ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg + RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV + UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu + Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq + hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf + Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q + RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ + BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD + AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY + JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv + 6pZjamVFkpUBtA== + -----END CERTIFICATE----- + """ + static let dz = """ + -----BEGIN CERTIFICATE----- + MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD + VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf + BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 + YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x + NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G + A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 + d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF + Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG + SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN + FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w + DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw + CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh + DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 + -----END CERTIFICATE----- + """ + static let de = """ + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE + BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ + IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 + MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV + BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w + HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj + Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj + TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u + KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj + qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm + MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 + ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP + zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk + L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC + jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA + HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC + AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB + /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg + p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm + DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 + COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry + L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf + JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg + IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io + 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV + 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ + XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq + T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe + MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== + -----END CERTIFICATE----- + """ +} diff --git a/benchmarks/Sources/TinyArrayAppend.swift b/benchmarks/Sources/TinyArrayAppend.swift new file mode 100644 index 00000000..29482d9d --- /dev/null +++ b/benchmarks/Sources/TinyArrayAppend.swift @@ -0,0 +1,27 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import _CertificateInternals + +public func tinyArrayAppend() { + var count = 0 + + var tinyArray = _TinyArray() + for i in 0..<1000 { + tinyArray.append(i) + } + count += tinyArray.count + + blackHole(count) +} diff --git a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift new file mode 100644 index 00000000..7c32e22e --- /dev/null +++ b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift @@ -0,0 +1,26 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import _CertificateInternals + +public func tinyArrayNonAllocationFunctions() { + var counts = 0 + counts += _TinyArray(CollectionOfOne(1)).count + + var array = _TinyArray() + array.append(contentsOf: CollectionOfOne(1)) + counts += array.count + + blackHole(counts) +} diff --git a/benchmarks/Sources/shared.swift b/benchmarks/Sources/VerifierBenchmark.swift similarity index 51% rename from benchmarks/Sources/shared.swift rename to benchmarks/Sources/VerifierBenchmark.swift index 2e8bd790..a738925e 100644 --- a/benchmarks/Sources/shared.swift +++ b/benchmarks/Sources/VerifierBenchmark.swift @@ -12,143 +12,287 @@ // //===----------------------------------------------------------------------===// - import X509 import Foundation import Crypto +import SwiftASN1 + +public func verifier() async { + var counts = 0 + + counts += await testAllSuccessfulValidations() + counts += await testAllUnsuccessfulValidations() + + blackHole(counts) +} + +// MARK: - successful validation + +func testAllSuccessfulValidations() async -> Int { + var counts = 0 + counts += await testTrivialChainBuilding() + counts += await testExtraRootsAreIgnored() + counts += await testPuttingRootsInTheIntermediariesIsntAProblem() + counts += await testSupportsCrossSignedRootWithoutTrouble() + counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() + counts += await testPrefersToUseIntermediatesWithSKIThatMatches() + counts += await testPrefersNoSKIToNonMatchingSKI() + counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() + counts += await testPolicyFailuresCanFindLongerPaths() + counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() + counts += await testTrustRootsCanBeNonSelfSignedLeaves() + counts += await testTrustRootsCanBeNonSelfSignedIntermediates() + return counts +} + +func testTrivialChainBuilding() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testExtraRootsAreIgnored() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSupportsCrossSignedRootWithoutTrouble() async -> Int { + let roots = CertificateStore([TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersNoSKIToNonMatchingSKI() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + return chain.count +} + +func testPolicyFailuresCanFindLongerPaths() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { + FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { + // we use a custom policy here to ignore the fact that the basic constraints extension is critical. + struct IgnoreBasicConstraintsPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] + +func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + return .meetsPolicy + } + } + + let roots = CertificateStore([TestCertificate.localhostLeaf]) + + var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { + let roots = CertificateStore([TestCertificate.intermediate1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +// MARK: - unsuccessful validation + +func testAllUnsuccessfulValidations() async -> Int { + var counts = 0 + counts += await testWePoliceCriticalExtensionsOnLeafCerts() + counts += await testMissingIntermediateFailsToBuild() + counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() + counts += await testMissingRootFailsToBuild() + return counts +} + +func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) -enum WebPKI { - static let all = [br, af, cf, dz, de] - static let br = """ - -----BEGIN CERTIFICATE----- - MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx - KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd - BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl - YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 - OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy - aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 - ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN - 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ - RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 - hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 - ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM - EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj - QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 - A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy - WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ - 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 - 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT - 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml - e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p - TpPDpFQUWw== - -----END CERTIFICATE----- - """ - static let af = """ - -----BEGIN CERTIFICATE----- - MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x - GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv - b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV - BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W - YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa - GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg - Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J - WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB - rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp - +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 - ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i - Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz - PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og - /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH - oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI - yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud - EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 - A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL - MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT - ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f - BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn - g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl - fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K - WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha - B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc - hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR - TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD - mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z - ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y - 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza - 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u - -----END CERTIFICATE----- - """ - static let cf = """ - -----BEGIN CERTIFICATE----- - MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw - CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu - ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg - RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV - UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu - Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf - Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q - RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ - BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD - AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY - JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv - 6pZjamVFkpUBtA== - -----END CERTIFICATE----- - """ - static let dz = """ - -----BEGIN CERTIFICATE----- - MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD - VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf - BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 - YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x - NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G - A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 - d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF - Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG - SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN - FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w - DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw - CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh - DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 - -----END CERTIFICATE----- - """ - static let de = """ - -----BEGIN CERTIFICATE----- - MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE - BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ - IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 - MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV - BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w - HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF - AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj - Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj - TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u - KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj - qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm - MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 - ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP - zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk - L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC - jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA - HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC - AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB - /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg - p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm - DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 - COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry - L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf - JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg - IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io - 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV - 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ - XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq - T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe - MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== - -----END CERTIFICATE----- - """ + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + + return policyResults.count } +func testMissingIntermediateFailsToBuild() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + return policyResults.count +} + +func testMissingRootFailsToBuild() async -> Int { + let roots = CertificateStore([]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] + + private let forbiddenCert: Certificate + + init(forbiddenCert: Certificate) { + self.forbiddenCert = forbiddenCert + } + + mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + if chain.contains(self.forbiddenCert) { + return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") + } else { + return .meetsPolicy + } + } +} enum TestCertificate { static let referenceTime = Date() diff --git a/benchmarks/Tests/Tests.swift b/benchmarks/Tests/Tests.swift index dcaa1fc9..42a01309 100644 --- a/benchmarks/Tests/Tests.swift +++ b/benchmarks/Tests/Tests.swift @@ -2,6 +2,11 @@ import Sources import XCTest final class TestRunner: XCTestCase { + override func setUpWithError() throws { + #if DEBUG + throw XCTSkip("performance tests only run in release mode") + #endif + } func testVerifier() async { for _ in 0..<100 { await verifier() @@ -10,20 +15,20 @@ final class TestRunner: XCTestCase { func testPraseWebPKIRoots() { let runParseWebPKIRoots = parseWebPKIRoots() - for _ in 0..<10000 { + for _ in 0..<1000 { runParseWebPKIRoots() } } func testTinyArrayNonAllocationFunctions() { - - tinyArrayNonAllocationFunctions() - + for _ in 0..<1000 { + tinyArrayNonAllocationFunctions() + } } func testTinyArrayAppend() { - - tinyArrayAppend() - + for _ in 0..<1000 { + tinyArrayAppend() + } } } From 58523351bea7da9f002264f823ef7aa3de29208d Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Fri, 18 Aug 2023 11:27:09 +0100 Subject: [PATCH 06/44] self review --- Package.swift | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Package.swift b/Package.swift index 6290dfc3..796324a1 100644 --- a/Package.swift +++ b/Package.swift @@ -75,8 +75,7 @@ let package = Package( if ProcessInfo.processInfo.environment["SWIFTCI_USE_LOCAL_DEPS"] == nil { package.dependencies += [ .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - //.package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), - .package(path: "../swift-asn1"), + .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), .package(url: "https://github.com/apple/swift-docc-plugin", from: "1.0.0"), ] } else { From 7f4c7b536210be16e56c030b77cefbd80e542697 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Fri, 18 Aug 2023 21:23:43 +0100 Subject: [PATCH 07/44] Fix review comment --- benchmarks/Sources/ParseWebPKI.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/Sources/ParseWebPKI.swift b/benchmarks/Sources/ParseWebPKI.swift index 7028b10d..21e21fb0 100644 --- a/benchmarks/Sources/ParseWebPKI.swift +++ b/benchmarks/Sources/ParseWebPKI.swift @@ -14,8 +14,8 @@ import X509 import SwiftASN1 - import Foundation + public func parseWebPKIRoots() -> () -> Void { let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } return { From e6905bfcef7bf97f653ed91d3e08478eac65d9d8 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 22 Aug 2023 08:55:21 +0100 Subject: [PATCH 08/44] Apply review feedback --- .../CertificatesBenchmarks/Benchmarks.swift | 7 ++++- benchmarks/Package.swift | 1 + benchmarks/Sources/ParseWebPKI.swift | 1 + benchmarks/Sources/TinyArrayAppend.swift | 1 + .../TinyArrayNonAllocationFunctions.swift | 1 + benchmarks/Sources/VerifierBenchmark.swift | 1 + benchmarks/Sources/blackHole.swift | 31 ------------------- 7 files changed, 11 insertions(+), 32 deletions(-) delete mode 100644 benchmarks/Sources/blackHole.swift diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index 4ef00e23..35c70173 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -16,7 +16,12 @@ import Benchmark import Sources let benchmarks = { - Benchmark("Verifier", configuration: .init(warmupIterations: 1)) { benchmark in + Benchmark.defaultConfiguration = .init( + metrics: [.mallocCountTotal], + warmupIterations: 1 + ) + + Benchmark("Verifier") { benchmark in await verifier() } diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index b01a9d8f..5e8449c0 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -28,6 +28,7 @@ let package = Package( .target( name: "Sources", dependencies: [ + .product(name: "Benchmark", package: "package-benchmark"), .product(name: "X509", package: "swift-certificates"), .product(name: "SwiftASN1", package: "swift-asn1"), .product(name: "Crypto", package: "swift-crypto"), diff --git a/benchmarks/Sources/ParseWebPKI.swift b/benchmarks/Sources/ParseWebPKI.swift index 21e21fb0..f6ca0308 100644 --- a/benchmarks/Sources/ParseWebPKI.swift +++ b/benchmarks/Sources/ParseWebPKI.swift @@ -15,6 +15,7 @@ import X509 import SwiftASN1 import Foundation +import Benchmark public func parseWebPKIRoots() -> () -> Void { let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } diff --git a/benchmarks/Sources/TinyArrayAppend.swift b/benchmarks/Sources/TinyArrayAppend.swift index 29482d9d..839bca5d 100644 --- a/benchmarks/Sources/TinyArrayAppend.swift +++ b/benchmarks/Sources/TinyArrayAppend.swift @@ -13,6 +13,7 @@ //===----------------------------------------------------------------------===// import _CertificateInternals +import Benchmark public func tinyArrayAppend() { var count = 0 diff --git a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift index 7c32e22e..a42e1665 100644 --- a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift +++ b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift @@ -13,6 +13,7 @@ //===----------------------------------------------------------------------===// import _CertificateInternals +import Benchmark public func tinyArrayNonAllocationFunctions() { var counts = 0 diff --git a/benchmarks/Sources/VerifierBenchmark.swift b/benchmarks/Sources/VerifierBenchmark.swift index a738925e..7631c46c 100644 --- a/benchmarks/Sources/VerifierBenchmark.swift +++ b/benchmarks/Sources/VerifierBenchmark.swift @@ -16,6 +16,7 @@ import X509 import Foundation import Crypto import SwiftASN1 +import Benchmark public func verifier() async { var counts = 0 diff --git a/benchmarks/Sources/blackHole.swift b/benchmarks/Sources/blackHole.swift deleted file mode 100644 index d461b4e1..00000000 --- a/benchmarks/Sources/blackHole.swift +++ /dev/null @@ -1,31 +0,0 @@ -// ===----------------------------------------------------------------------===// -// -// This source file is part of the Swift Collections open source project -// -// Copyright (c) 2021 Apple Inc. and the Swift project authors -// Licensed under Apache License v2.0 with Runtime Library Exception -// -// See https://swift.org/LICENSE.txt for license information -// -// ===----------------------------------------------------------------------===// - -/// A function to foil compiler optimizations that would otherwise optimize out code you want to benchmark. -/// -/// The function wraps another object or function, does nothing, and returns. -/// If you want to benchmark the time is takes to create an instance and you don't maintain a reference to it, the compiler may optimize it out entirely, thinking it is unused. -/// To prevent the compiler from removing the code you want to measure, wrap the creation of the instance with `blackHole`. -/// For example, the following code benchmarks the time it takes to create an instance of `Date`, and wraps the creation of the instance to prevent the compiler from optimizing it away: -/// -/// ```swift -/// Benchmark("Foundation Date()", -/// configuration: .init( -/// metrics: [.throughput, .wallClock], -/// scalingFactor: .mega) -/// ) { benchmark in -/// for _ in benchmark.scaledIterations { -/// blackHole(Date()) -/// } -/// } -/// ``` -@inline(never) -public func blackHole(_: some Any) {} From 9810290914cd3d3ce51ca501ebe33b14609c847c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 22 Aug 2023 09:37:26 +0100 Subject: [PATCH 09/44] use `scaledIterations` --- .../CertificatesBenchmarks/Benchmarks.swift | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index 35c70173..f67cd65c 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -22,19 +22,27 @@ let benchmarks = { ) Benchmark("Verifier") { benchmark in - await verifier() + for _ in benchmark.scaledIterations { + await verifier() + } } let runParseWebPKIRoots = parseWebPKIRoots() Benchmark("Parse WebPKI Roots") { benchmark in - runParseWebPKIRoots() + for _ in benchmark.scaledIterations { + runParseWebPKIRoots() + } } Benchmark("TinyArray non-allocating functions") { benchmark in - tinyArrayNonAllocationFunctions() + for _ in benchmark.scaledIterations { + tinyArrayNonAllocationFunctions() + } } Benchmark("TinyArray.append(_:)") { benchmark in - tinyArrayAppend() + for _ in benchmark.scaledIterations { + tinyArrayAppend() + } } } From 88c84f920a658b1e820c2d8d0861041f18bbac4c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 22 Aug 2023 11:06:30 +0100 Subject: [PATCH 10/44] =?UTF-8?q?don=E2=80=99t=20require=20the=20parent=20?= =?UTF-8?q?folder=20to=20be=20named=20`swift-certificates`?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- benchmarks/Package.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 5e8449c0..a51e92a5 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -8,7 +8,7 @@ let package = Package( .macOS(.v13), ], dependencies: [ - .package(path: "../"), // `swift-certificates` + .package(name: "swift-certificates", path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), From 8005d751f14822afabb9fb63e2432224b6e10e74 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 22 Aug 2023 15:29:13 +0100 Subject: [PATCH 11/44] install jemalloc --- benchmarks/Package.swift | 2 +- docker/Dockerfile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index a51e92a5..64034429 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -8,7 +8,7 @@ let package = Package( .macOS(.v13), ], dependencies: [ - .package(name: "swift-certificates", path: "../"), + .package(path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), diff --git a/docker/Dockerfile b/docker/Dockerfile index e4828b44..e5d34f80 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -21,3 +21,7 @@ ARG swiftformat_version=508.0.1 RUN git clone --branch $swiftformat_version --depth 1 https://github.com/apple/swift-format $HOME/.tools/swift-format-source RUN cd $HOME/.tools/swift-format-source && swift build -c release RUN ln -s $HOME/.tools/swift-format-source/.build/release/swift-format $HOME/.tools/swift-format + +# install jemalloc for running allocation benchmarks +RUN apt-get update +RUN apt-get install -y libjemalloc-dev From 311dcaa45b5e1d5d93c4ab51dec51f5aef660713 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 13:16:43 +0100 Subject: [PATCH 12/44] use new `metricP90AbsoluteThresholds` export format --- .../CertificatesBenchmarks/Benchmarks.swift | 64 ++++++++++++++----- benchmarks/Package.swift | 4 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 58 +++++++++++++++++ ...esBenchmarks.TinyArray.append(_:).p90.json | 58 +++++++++++++++++ ...inyArray_non-allocating_functions.p90.json | 58 +++++++++++++++++ .../CertificatesBenchmarks.Verifier.p90.json | 58 +++++++++++++++++ ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 58 +++++++++++++++++ ...esBenchmarks.TinyArray.append(_:).p90.json | 58 +++++++++++++++++ ...inyArray_non-allocating_functions.p90.json | 58 +++++++++++++++++ .../CertificatesBenchmarks.Verifier.p90.json | 58 +++++++++++++++++ ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 58 +++++++++++++++++ ...esBenchmarks.TinyArray.append(_:).p90.json | 58 +++++++++++++++++ ...inyArray_non-allocating_functions.p90.json | 58 +++++++++++++++++ .../CertificatesBenchmarks.Verifier.p90.json | 58 +++++++++++++++++ ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 58 +++++++++++++++++ ...esBenchmarks.TinyArray.append(_:).p90.json | 58 +++++++++++++++++ ...inyArray_non-allocating_functions.p90.json | 58 +++++++++++++++++ .../CertificatesBenchmarks.Verifier.p90.json | 58 +++++++++++++++++ docker/docker-compose.2204.57.yaml | 8 +++ docker/docker-compose.2204.58.yaml | 8 +++ docker/docker-compose.2204.59.yaml | 10 +-- docker/docker-compose.2204.main.yaml | 6 ++ docker/docker-compose.yaml | 9 ++- 23 files changed, 1012 insertions(+), 25 deletions(-) create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index f67cd65c..104a59c3 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -14,35 +14,67 @@ import Benchmark import Sources +import Foundation + +func makeConfigurationFor(_ name: String) -> Benchmark.Configuration { + // https://forums.swift.org/t/pitch-introduce-module-to-get-the-current-module-name/45806/8 + let moduleName = String("\(#fileID)".prefix(while: { $0 != "/" })) + + var configuration: Benchmark.Configuration = .init(metrics: [.mallocCountTotal, .syscalls] + .arc, + warmupIterations: 1, + scalingFactor: .kilo, + maxDuration: .seconds(2), + maxIterations: .kilo(100)) + + configuration.thresholds = BenchmarkThresholds.makeBenchmarkThresholds(path: FileManager.default.currentDirectoryPath, + moduleName: moduleName, + benchmarkName: name) + // if thresholds are nil here, we failed to read anything from the file and might want to warn or set up + // other thresholds + return configuration +} + + let benchmarks = { Benchmark.defaultConfiguration = .init( - metrics: [.mallocCountTotal], + metrics: .all, warmupIterations: 1 ) - Benchmark("Verifier") { benchmark in - for _ in benchmark.scaledIterations { - await verifier() + do { + let testName = "Verifier" + Benchmark("Verifier", configuration: makeConfigurationFor(testName)) { benchmark in + for _ in benchmark.scaledIterations { + await verifier() + } } } - - let runParseWebPKIRoots = parseWebPKIRoots() - Benchmark("Parse WebPKI Roots") { benchmark in - for _ in benchmark.scaledIterations { - runParseWebPKIRoots() + + do { + let runParseWebPKIRoots = parseWebPKIRoots() + let testName = "Parse WebPKI Roots" + Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + for _ in benchmark.scaledIterations { + runParseWebPKIRoots() + } } } - - Benchmark("TinyArray non-allocating functions") { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayNonAllocationFunctions() + do { + let testName = "TinyArray non-allocating functions" + Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayNonAllocationFunctions() + } } } - Benchmark("TinyArray.append(_:)") { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayAppend() + do { + let testName = "TinyArray.append(_:)" + Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayAppend() + } } } } diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 64034429..862bb08b 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -1,4 +1,4 @@ -// swift-tools-version: 5.8 +// swift-tools-version: 5.7 import PackageDescription @@ -9,7 +9,7 @@ let package = Package( ], dependencies: [ .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", .upToNextMajor(from: "1.0.0")), + .package(url: "https://github.com/ordo-one/package-benchmark", branch: "threshold-export"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), ], diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..10cfba41 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,58 @@ +[ + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 419017 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 834000 + ], + "relative" : [ + + ] + }, + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 6842001 + ], + "relative" : [ + + ] + }, + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 7676001 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..7eda57c8 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -0,0 +1,58 @@ +[ + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 10017 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 12000 + ], + "relative" : [ + + ] + }, + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 1 + ], + "relative" : [ + + ] + }, + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 12001 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..02fab3e6 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,58 @@ +[ + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 16 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1000 + ] + }, + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1001 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json new file mode 100644 index 00000000..10e6e92f --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json @@ -0,0 +1,58 @@ +[ + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 2085026 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1758000 + ] + }, + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 25671322 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 27429322 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..1e85f867 --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 6421001 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 784000 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 7205001 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 419017 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..559b3a9c --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12000 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12001 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 10017 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..6401a6b9 --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1000 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1001 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 16 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json new file mode 100644 index 00000000..c46b454a --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 20144643 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1702000 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 21846643 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 2082026 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..8d2c4f2d --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 6259001 + ], + "relative" : [ + + ] + }, + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 7043001 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 784000 + ], + "relative" : [ + + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 419026 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..701a9436 --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12001 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12000 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 10017 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..cc88e279 --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 1 + ], + "relative" : [ + + ] + }, + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 1001 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 1000 + ], + "relative" : [ + + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 24 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json new file mode 100644 index 00000000..2be1b633 --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 17435359 + ] + }, + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 19243359 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1808000 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 2084026 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..cd59ba7a --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,58 @@ +[ + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 4558001 + ], + "relative" : [ + + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 419026 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 784000 + ], + "relative" : [ + + ] + }, + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 3774001 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..fc7d45af --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -0,0 +1,58 @@ +[ + { + "releaseCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12001 + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 10017 + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 12000 + ] + }, + { + "retainCount" : { + + } + }, + { + "relative" : [ + + ], + "absolute" : [ + 4, + 1 + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..cf7b8c02 --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,58 @@ +[ + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 1 + ], + "relative" : [ + + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 24 + ], + "relative" : [ + + ] + }, + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 1 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 0 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json new file mode 100644 index 00000000..bcf4300e --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json @@ -0,0 +1,58 @@ +[ + { + "releaseCount" : { + + } + }, + { + "absolute" : [ + 4, + 18376001 + ], + "relative" : [ + + ] + }, + { + "mallocCountTotal" : { + + } + }, + { + "absolute" : [ + 4, + 2084029 + ], + "relative" : [ + + ] + }, + { + "retainReleaseDelta" : { + + } + }, + { + "absolute" : [ + 4, + 1810000 + ], + "relative" : [ + + ] + }, + { + "retainCount" : { + + } + }, + { + "absolute" : [ + 4, + 16566001 + ], + "relative" : [ + + ] + } +] \ No newline at end of file diff --git a/docker/docker-compose.2204.57.yaml b/docker/docker-compose.2204.57.yaml index 3795af70..64659a8c 100644 --- a/docker/docker-compose.2204.57.yaml +++ b/docker/docker-compose.2204.57.yaml @@ -12,6 +12,7 @@ services: test: image: swift-certificates:22.04-5.7 environment: + - SWIFT_VERSION=5.7 - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 @@ -21,3 +22,10 @@ services: shell: image: swift-certificates:22.04-5.7 + environment: + - SWIFT_VERSION=5.7 + + update-benchmark-baseline: + image: swift-certificates:22.04-5.7 + environment: + - SWIFT_VERSION=5.7 diff --git a/docker/docker-compose.2204.58.yaml b/docker/docker-compose.2204.58.yaml index 1296de10..7c173ec2 100644 --- a/docker/docker-compose.2204.58.yaml +++ b/docker/docker-compose.2204.58.yaml @@ -12,6 +12,7 @@ services: test: image: swift-certificates:22.04-5.8 environment: + - SWIFT_VERSION=5.8 - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 @@ -22,3 +23,10 @@ services: shell: image: swift-certificates:22.04-5.8 + environment: + - SWIFT_VERSION=5.8 + + update-benchmark-baseline: + image: swift-certificates:22.04-5.8 + environment: + - SWIFT_VERSION=5.8 diff --git a/docker/docker-compose.2204.59.yaml b/docker/docker-compose.2204.59.yaml index 6443eeda..a5c9c179 100644 --- a/docker/docker-compose.2204.59.yaml +++ b/docker/docker-compose.2204.59.yaml @@ -11,13 +11,15 @@ services: test: image: swift-certificates:22.04-5.9 environment: - - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 - - MAX_ALLOCS_ALLOWED_validation=205950 + - SWIFT_VERSION=5.9 - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error # - SANITIZER_ARG=--sanitize=thread # TSan broken still shell: image: swift-certificates:22.04-5.9 + + update-benchmark-baseline: + image: swift-certificates:22.04-5.9 + environment: + - SWIFT_VERSION=5.9 diff --git a/docker/docker-compose.2204.main.yaml b/docker/docker-compose.2204.main.yaml index 2691d74c..b0512cd2 100644 --- a/docker/docker-compose.2204.main.yaml +++ b/docker/docker-compose.2204.main.yaml @@ -11,6 +11,7 @@ services: test: image: swift-certificates:22.04-main environment: + - SWIFT_VERSION=main - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 @@ -21,3 +22,8 @@ services: shell: image: swift-certificates:22.04-main + + update-benchmark-baseline: + image: swift-certificates:22.04-main + environment: + - SWIFT_VERSION=main diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 3193926a..58105af4 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -16,8 +16,8 @@ services: depends_on: [runtime-setup] volumes: - ~/.ssh:/root/.ssh - - ..:/code:z - working_dir: /code + - ..:/swift-certificates:z + working_dir: /swift-certificates soundness: <<: *common @@ -25,8 +25,11 @@ services: test: <<: *common - command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && ./scripts/integration_tests.sh $${INTEGRATION_TESTS_ARG-}" + command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd benchmarks && cp -f ./Thresholds/$${SWIFT_VERSION-}/* ./Thresholds && swift package benchmark baseline check --check-absolute" + update-benchmark-baseline: + <<: *common + command: /bin/bash -xcl "cd benchmarks && swift package --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" # util shell: From 9d029e018c9515a884f952f1ada14d0ae1993f50 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 14:28:56 +0100 Subject: [PATCH 13/44] update metrics --- .gitignore | 1 + .../CertificatesBenchmarks/Benchmarks.swift | 34 ++++--- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 40 ++------- ...esBenchmarks.TinyArray.append(_:).p90.json | 40 ++------- ...inyArray_non-allocating_functions.p90.json | 40 ++------- .../CertificatesBenchmarks.Verifier.p90.json | 44 +--------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 32 +------ ...esBenchmarks.TinyArray.append(_:).p90.json | 40 ++------- ...inyArray_non-allocating_functions.p90.json | 40 ++------- .../CertificatesBenchmarks.Verifier.p90.json | 44 +--------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 40 ++------- ...esBenchmarks.TinyArray.append(_:).p90.json | 40 ++------- ...inyArray_non-allocating_functions.p90.json | 40 ++------- .../CertificatesBenchmarks.Verifier.p90.json | 44 +--------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 34 +------ ...esBenchmarks.TinyArray.append(_:).p90.json | 34 +------ ...inyArray_non-allocating_functions.p90.json | 40 ++------- .../CertificatesBenchmarks.Verifier.p90.json | 44 +--------- dev/alloc-limits-from-test-output | 88 ------------------- dev/update-alloc-limits | 28 ++++++ ...te-alloc-limits-to-last-completed-ci-build | 49 ----------- 21 files changed, 110 insertions(+), 726 deletions(-) delete mode 100755 dev/alloc-limits-from-test-output create mode 100755 dev/update-alloc-limits delete mode 100755 dev/update-alloc-limits-to-last-completed-ci-build diff --git a/.gitignore b/.gitignore index 34de0fcf..125b6f6c 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ Package.resolved .swiftpm /out +/benchmarks/.benchmarkBaselines diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index 104a59c3..e26ee646 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -16,35 +16,31 @@ import Benchmark import Sources import Foundation -func makeConfigurationFor(_ name: String) -> Benchmark.Configuration { +func thresholds(for benchmarkName: String) -> [BenchmarkMetric : BenchmarkThresholds]? { // https://forums.swift.org/t/pitch-introduce-module-to-get-the-current-module-name/45806/8 let moduleName = String("\(#fileID)".prefix(while: { $0 != "/" })) - - var configuration: Benchmark.Configuration = .init(metrics: [.mallocCountTotal, .syscalls] + .arc, - warmupIterations: 1, - scalingFactor: .kilo, - maxDuration: .seconds(2), - maxIterations: .kilo(100)) - - configuration.thresholds = BenchmarkThresholds.makeBenchmarkThresholds(path: FileManager.default.currentDirectoryPath, - moduleName: moduleName, - benchmarkName: name) - // if thresholds are nil here, we failed to read anything from the file and might want to warn or set up - // other thresholds - return configuration + + return BenchmarkThresholds.makeBenchmarkThresholds( + path: FileManager.default.currentDirectoryPath, + moduleName: moduleName, + benchmarkName: benchmarkName + ) } let benchmarks = { Benchmark.defaultConfiguration = .init( - metrics: .all, + metrics: [.mallocCountTotal, .syscalls, .retainCount], warmupIterations: 1 ) do { let testName = "Verifier" - Benchmark("Verifier", configuration: makeConfigurationFor(testName)) { benchmark in + Benchmark(testName, configuration: .init( + metrics: [.mallocCountTotal, .syscalls], + thresholds: thresholds(for: testName)) + ) { benchmark in for _ in benchmark.scaledIterations { await verifier() } @@ -54,7 +50,7 @@ let benchmarks = { do { let runParseWebPKIRoots = parseWebPKIRoots() let testName = "Parse WebPKI Roots" - Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in for _ in benchmark.scaledIterations { runParseWebPKIRoots() } @@ -62,7 +58,7 @@ let benchmarks = { } do { let testName = "TinyArray non-allocating functions" - Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in for _ in benchmark.scaledIterations { tinyArrayNonAllocationFunctions() } @@ -71,7 +67,7 @@ let benchmarks = { do { let testName = "TinyArray.append(_:)" - Benchmark(testName, configuration: makeConfigurationFor(testName)) { benchmark in + Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in for _ in benchmark.scaledIterations { tinyArrayAppend() } diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 10cfba41..0a96cc84 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,58 +1,30 @@ [ { - "mallocCountTotal" : { + "retainCount" : { } }, { - "absolute" : [ - 4, - 419017 - ], "relative" : [ - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { + ], "absolute" : [ 4, - 834000 - ], - "relative" : [ - + 6843 ] }, { - "retainCount" : { + "mallocCountTotal" : { } }, { - "absolute" : [ - 4, - 6842001 - ], "relative" : [ - ] - }, - { - "releaseCount" : { - - } - }, - { + ], "absolute" : [ 4, - 7676001 - ], - "relative" : [ - + 435 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 7eda57c8..da5c39ef 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,58 +1,30 @@ [ { - "mallocCountTotal" : { + "retainCount" : { } }, { - "absolute" : [ - 4, - 10017 - ], "relative" : [ - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "absolute" : [ - 4, - 12000 ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { "absolute" : [ 4, 1 - ], - "relative" : [ - ] }, { - "releaseCount" : { + "mallocCountTotal" : { } }, { - "absolute" : [ - 4, - 12001 - ], "relative" : [ + ], + "absolute" : [ + 4, + 26 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 02fab3e6..b05c1c99 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,58 +1,30 @@ [ { - "mallocCountTotal" : { + "retainCount" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 16 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { + 1 + ], "relative" : [ - ], - "absolute" : [ - 4, - 1000 ] }, { - "retainCount" : { + "mallocCountTotal" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 1 - ] - }, - { - "releaseCount" : { - - } - }, - { + 16 + ], "relative" : [ - ], - "absolute" : [ - 4, - 1001 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json index 10e6e92f..629ec439 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json @@ -10,49 +10,7 @@ ], "absolute" : [ 4, - 2085026 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1758000 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 25671322 - ] - }, - { - "releaseCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 27429322 + 2107 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 1e85f867..5d7e2c8d 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -10,35 +10,7 @@ ], "absolute" : [ 4, - 6421001 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 784000 - ] - }, - { - "releaseCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 7205001 + 6422 ] }, { @@ -52,7 +24,7 @@ ], "absolute" : [ 4, - 419017 + 435 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 559b3a9c..326938ad 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 1 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { + 26 + ], "relative" : [ - ], - "absolute" : [ - 4, - 12000 ] }, { - "releaseCount" : { + "retainCount" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 12001 - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + 1 + ], "relative" : [ - ], - "absolute" : [ - 4, - 10017 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 6401a6b9..aac00c83 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 1 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { + 16 + ], "relative" : [ - ], - "absolute" : [ - 4, - 1000 ] }, { - "releaseCount" : { + "retainCount" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 1001 - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + 1 + ], "relative" : [ - ], - "absolute" : [ - 4, - 16 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json index c46b454a..e8fb71ae 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json @@ -1,46 +1,4 @@ [ - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 20144643 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1702000 - ] - }, - { - "releaseCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 21846643 - ] - }, { "mallocCountTotal" : { @@ -52,7 +10,7 @@ ], "absolute" : [ 4, - 2082026 + 2104 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 8d2c4f2d..55c5246c 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "absolute" : [ - 4, - 6259001 - ], "relative" : [ - ] - }, - { - "releaseCount" : { - - } - }, - { + ], "absolute" : [ 4, - 7043001 - ], - "relative" : [ - + 435 ] }, { - "retainReleaseDelta" : { + "retainCount" : { } }, { - "absolute" : [ - 4, - 784000 - ], "relative" : [ - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + ], "absolute" : [ 4, - 419026 - ], - "relative" : [ - + 6260 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 701a9436..326938ad 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 1 - ] - }, - { - "releaseCount" : { - - } - }, - { + 26 + ], "relative" : [ - ], - "absolute" : [ - 4, - 12001 ] }, { - "retainReleaseDelta" : { + "retainCount" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 12000 - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + 1 + ], "relative" : [ - ], - "absolute" : [ - 4, - 10017 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index cc88e279..5227daba 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "absolute" : [ - 4, - 1 - ], "relative" : [ - ] - }, - { - "releaseCount" : { - - } - }, - { + ], "absolute" : [ 4, - 1001 - ], - "relative" : [ - + 16 ] }, { - "retainReleaseDelta" : { + "retainCount" : { } }, { - "absolute" : [ - 4, - 1000 - ], "relative" : [ - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + ], "absolute" : [ 4, - 24 - ], - "relative" : [ - + 1 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json index 2be1b633..821a45a4 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json @@ -1,46 +1,4 @@ [ - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 17435359 - ] - }, - { - "releaseCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 19243359 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1808000 - ] - }, { "mallocCountTotal" : { @@ -52,7 +10,7 @@ ], "absolute" : [ 4, - 2084026 + 2109 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index cd59ba7a..e7f1414d 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,13 +1,13 @@ [ { - "releaseCount" : { + "retainCount" : { } }, { "absolute" : [ 4, - 4558001 + 3775 ], "relative" : [ @@ -21,35 +21,7 @@ { "absolute" : [ 4, - 419026 - ], - "relative" : [ - - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "absolute" : [ - 4, - 784000 - ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 3774001 + 435 ], "relative" : [ diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json index fc7d45af..da5c39ef 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,6 +1,6 @@ [ { - "releaseCount" : { + "retainCount" : { } }, @@ -10,7 +10,7 @@ ], "absolute" : [ 4, - 12001 + 1 ] }, { @@ -24,35 +24,7 @@ ], "absolute" : [ 4, - 10017 - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 12000 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 + 26 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index cf7b8c02..5227daba 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,58 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "absolute" : [ - 4, - 1 - ], "relative" : [ - ] - }, - { - "mallocCountTotal" : { - - } - }, - { + ], "absolute" : [ 4, - 24 - ], - "relative" : [ - + 16 ] }, { - "releaseCount" : { + "retainCount" : { } }, { - "absolute" : [ - 4, - 1 - ], "relative" : [ - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { + ], "absolute" : [ 4, - 0 - ], - "relative" : [ - + 1 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json index bcf4300e..78497c66 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json @@ -1,18 +1,4 @@ [ - { - "releaseCount" : { - - } - }, - { - "absolute" : [ - 4, - 18376001 - ], - "relative" : [ - - ] - }, { "mallocCountTotal" : { @@ -21,35 +7,7 @@ { "absolute" : [ 4, - 2084029 - ], - "relative" : [ - - ] - }, - { - "retainReleaseDelta" : { - - } - }, - { - "absolute" : [ - 4, - 1810000 - ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 16566001 + 2109 ], "relative" : [ diff --git a/dev/alloc-limits-from-test-output b/dev/alloc-limits-from-test-output deleted file mode 100755 index 8708b9ec..00000000 --- a/dev/alloc-limits-from-test-output +++ /dev/null @@ -1,88 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -# This script allows you to consume any Jenkins/alloc counter run output and -# convert it into the right for for the docker-compose script. - -set -eu - -mode_flag=${1---docker-compose} - -function usage() { - echo >&1 "Usage: $0 [--docker-compose|--export]" - echo >&1 - echo >&1 "Example:" - echo >&1 " # copy the output from the Jenkins CI into your clipboard, then" - echo >&1 " pbpaste | $0 --docker-compose" -} - -function die() { - echo >&2 "ERROR: $*" - exit 1 -} - -case "$mode_flag" in - --docker-compose) - mode=docker - ;; - --export) - mode=export - ;; - *) - usage - exit 1 - ;; -esac - -function allow_slack() { - raw="$1" - if [[ ! "$raw" =~ ^[0-9]+$ ]]; then - die "not a malloc count: '$raw'" - fi - if [[ "$raw" -lt 1000 ]]; then - echo "$raw" - return - fi - - allocs=$raw - while true; do - allocs=$(( allocs + 1 )) - if [[ "$allocs" =~ [0-9]+00$ || "$allocs" =~ [0-9]+50$ ]]; then - echo "$allocs" - return - fi - done -} - -grep -e "total number of mallocs" -e ".total_allocations" -e "export MAX_ALLOCS_ALLOWED_" | \ - sed -e "s/: total number of mallocs: /=/g" \ - -e "s/.total_allocations: /=/g" \ - -e "s/info: /test_/g" \ - -e "s/export MAX_ALLOCS_ALLOWED_/test_/g" | \ - grep -Eo 'test_[a-zA-Z0-9_-]+=[0-9]+' | sort | uniq | while read info; do - test_name=$(echo "$info" | sed "s/test_//g" | cut -d= -f1 ) - allocs=$(allow_slack "$(echo "$info" | cut -d= -f2 | sed "s/ //g")") - case "$mode" in - docker) - echo " - MAX_ALLOCS_ALLOWED_$test_name=$allocs" - ;; - export) - echo "export MAX_ALLOCS_ALLOWED_$test_name=$allocs" - ;; - *) - die "Unexpected mode: $mode" - ;; - esac -done diff --git a/dev/update-alloc-limits b/dev/update-alloc-limits new file mode 100755 index 00000000..37439e21 --- /dev/null +++ b/dev/update-alloc-limits @@ -0,0 +1,28 @@ +#!/bin/bash +##===----------------------------------------------------------------------===## +## +## This source file is part of the SwiftCertificates open source project +## +## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +## Licensed under Apache License v2.0 +## +## See LICENSE.txt for license information +## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +## +## SPDX-License-Identifier: Apache-2.0 +## +##===----------------------------------------------------------------------===## + +set -eu +set -o pipefail + +here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" +target_repo=${2-"$here/.."} + +for f in 57 58 59 -nightly; do + echo "swift$f" + + docker_file=$(if [[ "$f" == "-nightly" ]]; then f=main; fi && ls "$target_repo/docker/docker-compose."*"$f"*".yaml") + + docker-compose -f docker/docker-compose.yaml -f $docker_file run update-benchmark-baseline +done diff --git a/dev/update-alloc-limits-to-last-completed-ci-build b/dev/update-alloc-limits-to-last-completed-ci-build deleted file mode 100755 index 6e381e1e..00000000 --- a/dev/update-alloc-limits-to-last-completed-ci-build +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu -set -o pipefail - -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -url_prefix=${1-"https://ci.swiftserver.group/job/swift-certificates-"} -target_repo=${2-"$here/.."} -tmpdir=$(mktemp -d /tmp/.last-build_XXXXXX) - -for f in 57 58 59 -nightly; do - echo "swift$f" - if [[ "$f" == "nightly" ]]; then - url="$url_prefix$f-prb/lastCompletedBuild/consoleFull" - else - url="${url_prefix}swift${f}-prb/lastCompletedBuild/consoleFull" - fi - echo "$url" - curl -s "$url" | "$here/alloc-limits-from-test-output" > "$tmpdir/limits$f" - - if [[ "$(wc -l < "$tmpdir/limits$f")" -lt 3 ]]; then - echo >&2 "ERROR: fewer than 3 limits found, something's not right" - exit 1 - fi - - docker_file=$(if [[ "$f" == "-nightly" ]]; then f=main; fi && ls "$target_repo/docker/docker-compose."*"$f"*".yaml") - - echo "$docker_file" - cat "$tmpdir/limits$f" - cat "$docker_file" | grep -v MAX_ALLOCS_ALLOWED | grep -B10000 "^ environment:" > "$tmpdir/pre$f" - cat "$docker_file" | grep -v MAX_ALLOCS_ALLOWED | grep -A10000 "^ environment:" | sed 1d > "$tmpdir/post$f" - cat "$tmpdir/pre$f" "$tmpdir/limits$f" "$tmpdir/post$f" > "$docker_file" -done - -rm -rf "$tmpdir" From 5a038c7a4aa2a8565e27ca968c8df3443e5a7a7d Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 15:23:27 +0100 Subject: [PATCH 14/44] use automated threshold import --- .../CertificatesBenchmarks/Benchmarks.swift | 58 +++++-------------- docker/docker-compose.yaml | 2 +- 2 files changed, 17 insertions(+), 43 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index e26ee646..0cecc4d7 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -16,61 +16,35 @@ import Benchmark import Sources import Foundation -func thresholds(for benchmarkName: String) -> [BenchmarkMetric : BenchmarkThresholds]? { - // https://forums.swift.org/t/pitch-introduce-module-to-get-the-current-module-name/45806/8 - let moduleName = String("\(#fileID)".prefix(while: { $0 != "/" })) - - return BenchmarkThresholds.makeBenchmarkThresholds( - path: FileManager.default.currentDirectoryPath, - moduleName: moduleName, - benchmarkName: benchmarkName - ) -} - - let benchmarks = { Benchmark.defaultConfiguration = .init( metrics: [.mallocCountTotal, .syscalls, .retainCount], warmupIterations: 1 ) - - do { - let testName = "Verifier" - Benchmark(testName, configuration: .init( - metrics: [.mallocCountTotal, .syscalls], - thresholds: thresholds(for: testName)) - ) { benchmark in - for _ in benchmark.scaledIterations { - await verifier() - } + + Benchmark("Verifier", configuration: .init(metrics: [.mallocCountTotal, .syscalls])) { benchmark in + for _ in benchmark.scaledIterations { + await verifier() } } - - do { - let runParseWebPKIRoots = parseWebPKIRoots() - let testName = "Parse WebPKI Roots" - Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in - for _ in benchmark.scaledIterations { - runParseWebPKIRoots() - } + + let runParseWebPKIRoots = parseWebPKIRoots() + Benchmark("Parse WebPKI Roots") { benchmark in + for _ in benchmark.scaledIterations { + runParseWebPKIRoots() } } - do { - let testName = "TinyArray non-allocating functions" - Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayNonAllocationFunctions() - } + + Benchmark("TinyArray non-allocating functions") { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayNonAllocationFunctions() } } - do { - let testName = "TinyArray.append(_:)" - Benchmark(testName, configuration: .init(thresholds: thresholds(for: testName))) { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayAppend() - } + Benchmark("TinyArray.append(_:)") { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayAppend() } } } diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 58105af4..95c312c7 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -25,7 +25,7 @@ services: test: <<: *common - command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd benchmarks && cp -f ./Thresholds/$${SWIFT_VERSION-}/* ./Thresholds && swift package benchmark baseline check --check-absolute" + command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd benchmarks && swift package benchmark baseline check --check-absolute-path Thresholds/$${SWIFT_VERSION-}/" update-benchmark-baseline: <<: *common From bd3926313c06ae867ebb0499d5004807298a5377 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 15:44:46 +0100 Subject: [PATCH 15/44] merge main and update allocation counters --- benchmarks/Sources/VerifierBenchmark.swift | 2 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 8 ++++---- ...esBenchmarks.TinyArray.append(_:).p90.json | 8 ++++---- ...inyArray_non-allocating_functions.p90.json | 8 ++++---- .../CertificatesBenchmarks.Verifier.p90.json | 2 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 20 +++++++++---------- ...esBenchmarks.TinyArray.append(_:).p90.json | 12 +++++------ ...inyArray_non-allocating_functions.p90.json | 12 +++++------ .../CertificatesBenchmarks.Verifier.p90.json | 2 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 14 ++++++------- ...esBenchmarks.TinyArray.append(_:).p90.json | 12 +++++------ .../CertificatesBenchmarks.Verifier.p90.json | 2 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 2 +- ...esBenchmarks.TinyArray.append(_:).p90.json | 12 +++++------ ...inyArray_non-allocating_functions.p90.json | 8 ++++---- .../CertificatesBenchmarks.Verifier.p90.json | 8 ++++---- 16 files changed, 66 insertions(+), 66 deletions(-) diff --git a/benchmarks/Sources/VerifierBenchmark.swift b/benchmarks/Sources/VerifierBenchmark.swift index 7631c46c..b4686cc6 100644 --- a/benchmarks/Sources/VerifierBenchmark.swift +++ b/benchmarks/Sources/VerifierBenchmark.swift @@ -286,7 +286,7 @@ fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { self.forbiddenCert = forbiddenCert } - mutating func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { if chain.contains(self.forbiddenCert) { return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") } else { diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 0a96cc84..3b7a2309 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,6 +1,6 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, @@ -10,11 +10,11 @@ ], "absolute" : [ 4, - 6843 + 435 ] }, { - "mallocCountTotal" : { + "retainCount" : { } }, @@ -24,7 +24,7 @@ ], "absolute" : [ 4, - 435 + 6843 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json index da5c39ef..889672f4 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,6 +1,6 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, @@ -10,11 +10,11 @@ ], "absolute" : [ 4, - 1 + 26 ] }, { - "mallocCountTotal" : { + "retainCount" : { } }, @@ -24,7 +24,7 @@ ], "absolute" : [ 4, - 26 + 1 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index b05c1c99..aac00c83 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,27 +1,27 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { "absolute" : [ 4, - 1 + 16 ], "relative" : [ ] }, { - "mallocCountTotal" : { + "retainCount" : { } }, { "absolute" : [ 4, - 16 + 1 ], "relative" : [ diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json index 629ec439..eb1b580b 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json @@ -10,7 +10,7 @@ ], "absolute" : [ 4, - 2107 + 1249 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 5d7e2c8d..33a333ab 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,30 +1,30 @@ [ { - "retainCount" : { + "mallocCountTotal" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 6422 + 435 + ], + "relative" : [ + ] }, { - "mallocCountTotal" : { + "retainCount" : { } }, { - "relative" : [ - - ], "absolute" : [ 4, - 435 + 6422 + ], + "relative" : [ + ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 326938ad..889672f4 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -5,12 +5,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 26 - ], - "relative" : [ - ] }, { @@ -19,12 +19,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 1 - ], - "relative" : [ - ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index aac00c83..5227daba 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -5,12 +5,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 16 - ], - "relative" : [ - ] }, { @@ -19,12 +19,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 1 - ], - "relative" : [ - ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json index e8fb71ae..eb1b580b 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json @@ -10,7 +10,7 @@ ], "absolute" : [ 4, - 2104 + 1249 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 55c5246c..a9ac8c54 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -5,12 +5,12 @@ } }, { - "relative" : [ - - ], "absolute" : [ 4, - 435 + 439 + ], + "relative" : [ + ] }, { @@ -19,12 +19,12 @@ } }, { - "relative" : [ - - ], "absolute" : [ 4, 6260 + ], + "relative" : [ + ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 326938ad..889672f4 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -5,12 +5,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 26 - ], - "relative" : [ - ] }, { @@ -19,12 +19,12 @@ } }, { + "relative" : [ + + ], "absolute" : [ 4, 1 - ], - "relative" : [ - ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json index 821a45a4..6b9d6c60 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json @@ -10,7 +10,7 @@ ], "absolute" : [ 4, - 2109 + 1252 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index e7f1414d..6cb81af9 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -21,7 +21,7 @@ { "absolute" : [ 4, - 435 + 439 ], "relative" : [ diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json index da5c39ef..28538ddd 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -5,12 +5,12 @@ } }, { - "relative" : [ - - ], "absolute" : [ 4, 1 + ], + "relative" : [ + ] }, { @@ -19,12 +19,12 @@ } }, { - "relative" : [ - - ], "absolute" : [ 4, 26 + ], + "relative" : [ + ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 5227daba..7faa6e31 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,6 @@ [ { - "mallocCountTotal" : { + "retainCount" : { } }, @@ -10,11 +10,11 @@ ], "absolute" : [ 4, - 16 + 1 ] }, { - "retainCount" : { + "mallocCountTotal" : { } }, @@ -24,7 +24,7 @@ ], "absolute" : [ 4, - 1 + 24 ] } ] \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json index 78497c66..6b9d6c60 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json @@ -5,12 +5,12 @@ } }, { - "absolute" : [ - 4, - 2109 - ], "relative" : [ + ], + "absolute" : [ + 4, + 1252 ] } ] \ No newline at end of file From d432a4fd2ded716dd60d2e6b334e16dc9d0917a8 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 15:48:18 +0100 Subject: [PATCH 16/44] adopt `swift-format` for benchmarks --- .../CertificatesBenchmarks/Benchmarks.swift | 7 +- benchmarks/Sources/ParseWebPKI.swift | 246 +++++++++--------- benchmarks/Sources/TinyArrayAppend.swift | 4 +- .../TinyArrayNonAllocationFunctions.swift | 4 +- benchmarks/Sources/VerifierBenchmark.swift | 161 +++++++++--- benchmarks/Tests/Tests.swift | 6 +- scripts/run-swift-format.sh | 3 +- 7 files changed, 253 insertions(+), 178 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index 0cecc4d7..7a876183 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -16,7 +16,6 @@ import Benchmark import Sources import Foundation - let benchmarks = { Benchmark.defaultConfiguration = .init( metrics: [.mallocCountTotal, .syscalls, .retainCount], @@ -28,20 +27,20 @@ let benchmarks = { await verifier() } } - + let runParseWebPKIRoots = parseWebPKIRoots() Benchmark("Parse WebPKI Roots") { benchmark in for _ in benchmark.scaledIterations { runParseWebPKIRoots() } } - + Benchmark("TinyArray non-allocating functions") { benchmark in for _ in benchmark.scaledIterations { tinyArrayNonAllocationFunctions() } } - + Benchmark("TinyArray.append(_:)") { benchmark in for _ in benchmark.scaledIterations { tinyArrayAppend() diff --git a/benchmarks/Sources/ParseWebPKI.swift b/benchmarks/Sources/ParseWebPKI.swift index f6ca0308..cf4c8636 100644 --- a/benchmarks/Sources/ParseWebPKI.swift +++ b/benchmarks/Sources/ParseWebPKI.swift @@ -29,131 +29,131 @@ public func parseWebPKIRoots() -> () -> Void { enum WebPKI { static let all = [br, af, cf, dz, de] static let br = """ - -----BEGIN CERTIFICATE----- - MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx - KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd - BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl - YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 - OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy - aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 - ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN - 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ - RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 - hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 - ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM - EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj - QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 - A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy - WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ - 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 - 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT - 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml - e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p - TpPDpFQUWw== - -----END CERTIFICATE----- - """ + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx + KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd + BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl + YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 + OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy + aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 + ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN + 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ + RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 + hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 + ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM + EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj + QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 + A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy + WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ + 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 + 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT + 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml + e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p + TpPDpFQUWw== + -----END CERTIFICATE----- + """ static let af = """ - -----BEGIN CERTIFICATE----- - MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x - GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv - b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV - BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W - YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa - GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg - Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J - WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB - rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp - +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 - ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i - Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz - PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og - /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH - oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI - yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud - EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 - A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL - MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT - ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f - BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn - g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl - fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K - WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha - B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc - hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR - TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD - mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z - ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y - 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza - 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u - -----END CERTIFICATE----- - """ + -----BEGIN CERTIFICATE----- + MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x + GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv + b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV + BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W + YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa + GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg + Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J + WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB + rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp + +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 + ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i + Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz + PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og + /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH + oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI + yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud + EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 + A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL + MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT + ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f + BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn + g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl + fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K + WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha + B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc + hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR + TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD + mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z + ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y + 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza + 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u + -----END CERTIFICATE----- + """ static let cf = """ - -----BEGIN CERTIFICATE----- - MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw - CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu - ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg - RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV - UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu - Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf - Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q - RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ - BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD - AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY - JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv - 6pZjamVFkpUBtA== - -----END CERTIFICATE----- - """ + -----BEGIN CERTIFICATE----- + MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw + CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu + ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg + RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV + UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu + Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq + hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf + Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q + RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ + BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD + AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY + JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv + 6pZjamVFkpUBtA== + -----END CERTIFICATE----- + """ static let dz = """ - -----BEGIN CERTIFICATE----- - MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD - VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf - BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 - YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x - NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G - A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 - d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF - Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG - SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN - FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w - DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw - CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh - DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 - -----END CERTIFICATE----- - """ + -----BEGIN CERTIFICATE----- + MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD + VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf + BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 + YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x + NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G + A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 + d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF + Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG + SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN + FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w + DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw + CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh + DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 + -----END CERTIFICATE----- + """ static let de = """ - -----BEGIN CERTIFICATE----- - MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE - BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ - IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 - MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV - BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w - HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF - AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj - Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj - TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u - KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj - qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm - MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 - ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP - zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk - L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC - jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA - HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC - AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB - /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg - p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm - DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 - COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry - L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf - JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg - IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io - 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV - 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ - XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq - T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe - MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== - -----END CERTIFICATE----- - """ + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE + BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ + IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 + MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV + BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w + HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj + Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj + TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u + KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj + qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm + MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 + ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP + zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk + L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC + jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA + HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC + AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB + /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg + p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm + DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 + COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry + L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf + JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg + IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io + 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV + 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ + XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq + T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe + MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== + -----END CERTIFICATE----- + """ } diff --git a/benchmarks/Sources/TinyArrayAppend.swift b/benchmarks/Sources/TinyArrayAppend.swift index 839bca5d..0272b8f1 100644 --- a/benchmarks/Sources/TinyArrayAppend.swift +++ b/benchmarks/Sources/TinyArrayAppend.swift @@ -17,12 +17,12 @@ import Benchmark public func tinyArrayAppend() { var count = 0 - + var tinyArray = _TinyArray() for i in 0..<1000 { tinyArray.append(i) } count += tinyArray.count - + blackHole(count) } diff --git a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift index a42e1665..58da5222 100644 --- a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift +++ b/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift @@ -18,10 +18,10 @@ import Benchmark public func tinyArrayNonAllocationFunctions() { var counts = 0 counts += _TinyArray(CollectionOfOne(1)).count - + var array = _TinyArray() array.append(contentsOf: CollectionOfOne(1)) counts += array.count - + blackHole(counts) } diff --git a/benchmarks/Sources/VerifierBenchmark.swift b/benchmarks/Sources/VerifierBenchmark.swift index b4686cc6..74a5e375 100644 --- a/benchmarks/Sources/VerifierBenchmark.swift +++ b/benchmarks/Sources/VerifierBenchmark.swift @@ -20,10 +20,10 @@ import Benchmark public func verifier() async { var counts = 0 - + counts += await testAllSuccessfulValidations() counts += await testAllUnsuccessfulValidations() - + blackHole(counts) } @@ -52,7 +52,10 @@ func testTrivialChainBuilding() async -> Int { var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -65,7 +68,10 @@ func testExtraRootsAreIgnored() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -78,7 +84,10 @@ func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -91,7 +100,10 @@ func testSupportsCrossSignedRootWithoutTrouble() async -> Int { let roots = CertificateStore([TestCertificate.ca2]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -104,7 +116,12 @@ func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, + ]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -117,7 +134,10 @@ func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -130,7 +150,12 @@ func testPrefersNoSKIToNonMatchingSKI() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI, + ]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -143,7 +168,12 @@ func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1, + ]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -158,7 +188,12 @@ func testPolicyFailuresCanFindLongerPaths() async -> Int { FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, + ]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -171,7 +206,10 @@ func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCert, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -185,7 +223,7 @@ func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { struct IgnoreBasicConstraintsPolicy: VerifierPolicy { let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] -func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { return .meetsPolicy } } @@ -193,7 +231,10 @@ func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> Po let roots = CertificateStore([TestCertificate.localhostLeaf]) var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -206,7 +247,10 @@ func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { let roots = CertificateStore([TestCertificate.intermediate1]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .validCertificate(let chain) = result else { fatalError("Failed to validate: \(result)") @@ -227,15 +271,20 @@ func testAllUnsuccessfulValidations() async -> Int { } func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) + let roots = CertificateStore([ + TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, + ]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .couldNotValidate(let policyResults) = result else { fatalError("Incorrectly validated: \(result)") } - + return policyResults.count } @@ -243,7 +292,10 @@ func testMissingIntermediateFailsToBuild() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([]) + ) guard case .couldNotValidate(let policyResults) = result else { fatalError("Accidentally validated: \(result)") @@ -256,7 +308,10 @@ func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { let roots = CertificateStore([TestCertificate.ca1]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCert, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .couldNotValidate(let policyResults) = result else { fatalError("Incorrectly validated: \(result)") @@ -268,7 +323,10 @@ func testMissingRootFailsToBuild() async -> Int { let roots = CertificateStore([]) var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) guard case .couldNotValidate(let policyResults) = result else { fatalError("Accidentally validated: \(result)") @@ -277,7 +335,7 @@ func testMissingRootFailsToBuild() async -> Int { return policyResults.count } -fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { +private struct FailIfCertInChainPolicy: VerifierPolicy { let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] private let forbiddenCert: Certificate @@ -287,17 +345,16 @@ fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { } func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - if chain.contains(self.forbiddenCert) { - return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") - } else { + guard chain.contains(self.forbiddenCert) else { return .meetsPolicy } + return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") } } enum TestCertificate { static let referenceTime = Date() - + static let all = [ ca1, ca1CrossSignedByCA2, @@ -311,7 +368,7 @@ enum TestCertificate { isolatedSelfSignedCert, isolatedSelfSignedCertWithWeirdCriticalExtension, ] - + private static let ca1PrivateKey = P384.Signing.PrivateKey() private static let ca1Name = try! DistinguishedName { CountryName("US") @@ -333,7 +390,9 @@ enum TestCertificate { BasicConstraints.isCertificateAuthority(maxPathLength: nil) ) KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) }, issuerPrivateKey: .init(ca1PrivateKey) ) @@ -354,7 +413,9 @@ enum TestCertificate { ) KeyUsage(keyCertSign: true) AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) }, issuerPrivateKey: .init(ca2PrivateKey) ) @@ -375,12 +436,16 @@ enum TestCertificate { BasicConstraints.isCertificateAuthority(maxPathLength: nil) ) KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice( + Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation) + ) + ) }, issuerPrivateKey: .init(ca1PrivateKey) ) }() - + private static let ca2PrivateKey = P384.Signing.PrivateKey() private static let ca2Name = try! DistinguishedName { CountryName("US") @@ -402,7 +467,9 @@ enum TestCertificate { BasicConstraints.isCertificateAuthority(maxPathLength: nil) ) KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) + ) }, issuerPrivateKey: .init(ca2PrivateKey) ) @@ -423,12 +490,14 @@ enum TestCertificate { ) KeyUsage(keyCertSign: true) AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) + ) }, issuerPrivateKey: .init(ca1PrivateKey) ) }() - + static let intermediate1PrivateKey = P256.Signing.PrivateKey() static let intermediate1Name = try! DistinguishedName { CountryName("US") @@ -451,7 +520,11 @@ enum TestCertificate { ) KeyUsage(keyCertSign: true) AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice( + Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation) + ) + ) }, issuerPrivateKey: .init(ca1PrivateKey) ) @@ -491,12 +564,14 @@ enum TestCertificate { ) KeyUsage(keyCertSign: true) AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) }, issuerPrivateKey: .init(ca1PrivateKey) ) }() - + private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() static let localhostLeaf: Certificate = { let localhostLeafName = try! DistinguishedName { @@ -504,7 +579,7 @@ enum TestCertificate { OrganizationName("Apple") CommonName("localhost") } - + return try! Certificate( version: .v3, serialNumber: .init(), @@ -524,7 +599,7 @@ enum TestCertificate { issuerPrivateKey: .init(intermediate1PrivateKey) ) }() - + private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() static let isolatedSelfSignedCert: Certificate = { let isolatedSelfSignedCertName = try! DistinguishedName { @@ -532,7 +607,7 @@ enum TestCertificate { OrganizationName("Apple") CommonName("Isolated Self-Signed Cert") } - + return try! Certificate( version: .v3, serialNumber: .init(), @@ -551,14 +626,14 @@ enum TestCertificate { issuerPrivateKey: .init(isolatedSelfSignedCertKey) ) }() - + static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { let isolatedSelfSignedCertName = try! DistinguishedName { CountryName("US") OrganizationName("Apple") CommonName("Isolated Self-Signed Cert") } - + return try! Certificate( version: .v3, serialNumber: .init(), @@ -573,7 +648,7 @@ enum TestCertificate { BasicConstraints.isCertificateAuthority(maxPathLength: nil) ) KeyUsage(keyCertSign: true) - + // An opaque extension that just so happens to be critical Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) }, diff --git a/benchmarks/Tests/Tests.swift b/benchmarks/Tests/Tests.swift index 42a01309..dc4c25b7 100644 --- a/benchmarks/Tests/Tests.swift +++ b/benchmarks/Tests/Tests.swift @@ -12,20 +12,20 @@ final class TestRunner: XCTestCase { await verifier() } } - + func testPraseWebPKIRoots() { let runParseWebPKIRoots = parseWebPKIRoots() for _ in 0..<1000 { runParseWebPKIRoots() } } - + func testTinyArrayNonAllocationFunctions() { for _ in 0..<1000 { tinyArrayNonAllocationFunctions() } } - + func testTinyArrayAppend() { for _ in 0..<1000 { tinyArrayAppend() diff --git a/scripts/run-swift-format.sh b/scripts/run-swift-format.sh index 13d766b5..0311d152 100644 --- a/scripts/run-swift-format.sh +++ b/scripts/run-swift-format.sh @@ -39,6 +39,7 @@ swiftformat_bin=${swiftformat_bin:-$(command -v swift-format)} || fatal "❌ swi "${swiftformat_bin}" lint \ --parallel --recursive --strict \ "${repo_root}/Sources" "${repo_root}/Tests" \ + "${repo_root}/benchmarks/Benchmarks" "${repo_root}/benchmarks/Sources" "${repo_root}/benchmarks/Tests" \ && swift_format_rc=$? || swift_format_rc=$? if [[ "${swift_format_rc}" -ne 0 ]]; then @@ -46,7 +47,7 @@ if [[ "${swift_format_rc}" -ne 0 ]]; then To fix, run the following command: - % swift-format format --parallel --recursive --in-place Sources Tests + % swift-format format --parallel --recursive --in-place Sources Tests benchmarks/Benchmarks benchmarks/Sources benchmarks/Tests " exit "${swift_format_rc}" fi From 7b97179f3fa687e38dea74d0592207769df50d56 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 15:55:13 +0100 Subject: [PATCH 17/44] add license headers --- benchmarks/Package.swift | 13 +++++++++++++ benchmarks/Tests/Tests.swift | 14 ++++++++++++++ 2 files changed, 27 insertions(+) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 862bb08b..727388d7 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -1,4 +1,17 @@ // swift-tools-version: 5.7 +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// import PackageDescription diff --git a/benchmarks/Tests/Tests.swift b/benchmarks/Tests/Tests.swift index dc4c25b7..013a7292 100644 --- a/benchmarks/Tests/Tests.swift +++ b/benchmarks/Tests/Tests.swift @@ -1,3 +1,17 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + import Sources import XCTest From fda5b548fd9178f7a0b8eff8084a1fcee7433200 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 23 Aug 2023 17:21:09 +0100 Subject: [PATCH 18/44] use latest threshold file format --- .../CertificatesBenchmarks/Benchmarks.swift | 2 +- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 36 ++++--------------- ...esBenchmarks.TinyArray.append(_:).p90.json | 36 ++++--------------- ...inyArray_non-allocating_functions.p90.json | 36 ++++--------------- .../CertificatesBenchmarks.Verifier.p90.json | 19 ++-------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 36 ++++--------------- ...esBenchmarks.TinyArray.append(_:).p90.json | 36 ++++--------------- ...inyArray_non-allocating_functions.p90.json | 36 ++++--------------- .../CertificatesBenchmarks.Verifier.p90.json | 19 ++-------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 36 ++++--------------- ...esBenchmarks.TinyArray.append(_:).p90.json | 36 ++++--------------- ...inyArray_non-allocating_functions.p90.json | 36 ++++--------------- .../CertificatesBenchmarks.Verifier.p90.json | 19 ++-------- ...atesBenchmarks.Parse_WebPKI_Roots.p90.json | 36 ++++--------------- ...esBenchmarks.TinyArray.append(_:).p90.json | 36 ++++--------------- ...inyArray_non-allocating_functions.p90.json | 36 ++++--------------- .../CertificatesBenchmarks.Verifier.p90.json | 19 ++-------- ...loc-limits => update-benchmark-thresholds} | 0 docker/docker-compose.yaml | 2 +- 19 files changed, 86 insertions(+), 426 deletions(-) rename dev/{update-alloc-limits => update-benchmark-thresholds} (100%) diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift index 7a876183..f654f5c6 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift @@ -18,7 +18,7 @@ import Foundation let benchmarks = { Benchmark.defaultConfiguration = .init( - metrics: [.mallocCountTotal, .syscalls, .retainCount], + metrics: [.mallocCountTotal, .syscalls] + .arc, warmupIterations: 1 ) diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 3b7a2309..f2daa7e4 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 435 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 6843 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 435, + "releaseCount" : 7677, + "retainCount" : 6843, + "retainReleaseDelta" : 834 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 889672f4..efa04ea5 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 26 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 26, + "releaseCount" : 13, + "retainCount" : 1, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index aac00c83..b015ade2 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "absolute" : [ - 4, - 16 - ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 1 - ], - "relative" : [ - - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 16, + "releaseCount" : 2, + "retainCount" : 1, + "retainReleaseDelta" : 1 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json index eb1b580b..78abae6a 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json @@ -1,16 +1,3 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1249 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 1249 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 33a333ab..1dc1762f 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "absolute" : [ - 4, - 435 - ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 6422 - ], - "relative" : [ - - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 435, + "releaseCount" : 7206, + "retainCount" : 6422, + "retainReleaseDelta" : 784 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 889672f4..efa04ea5 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 26 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 26, + "releaseCount" : 13, + "retainCount" : 1, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 5227daba..b015ade2 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 16 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 16, + "releaseCount" : 2, + "retainCount" : 1, + "retainReleaseDelta" : 1 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json index eb1b580b..78abae6a 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json @@ -1,16 +1,3 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1249 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 1249 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index a9ac8c54..917888d0 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "absolute" : [ - 4, - 439 - ], - "relative" : [ - - ] - }, - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 6260 - ], - "relative" : [ - - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 435, + "releaseCount" : 7044, + "retainCount" : 6260, + "retainReleaseDelta" : 784 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 889672f4..efa04ea5 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 26 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 26, + "releaseCount" : 13, + "retainCount" : 1, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 5227daba..9d6c15b3 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,30 +1,6 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 16 - ] - }, - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 32, + "releaseCount" : 2, + "retainCount" : 1, + "retainReleaseDelta" : 1 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json index 6b9d6c60..20af10dc 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json @@ -1,16 +1,3 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1252 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 1258 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json index 6cb81af9..3667f48f 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json @@ -1,30 +1,6 @@ -[ - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 3775 - ], - "relative" : [ - - ] - }, - { - "mallocCountTotal" : { - - } - }, - { - "absolute" : [ - 4, - 439 - ], - "relative" : [ - - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 439, + "releaseCount" : 4559, + "retainCount" : 3775, + "retainReleaseDelta" : 784 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json index 28538ddd..efa04ea5 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json @@ -1,30 +1,6 @@ -[ - { - "retainCount" : { - - } - }, - { - "absolute" : [ - 4, - 1 - ], - "relative" : [ - - ] - }, - { - "mallocCountTotal" : { - - } - }, - { - "absolute" : [ - 4, - 26 - ], - "relative" : [ - - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 26, + "releaseCount" : 13, + "retainCount" : 1, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json index 7faa6e31..50e00ff1 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json @@ -1,30 +1,6 @@ -[ - { - "retainCount" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1 - ] - }, - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 24 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 24, + "releaseCount" : 1, + "retainCount" : 1, + "retainReleaseDelta" : 0 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json index 6b9d6c60..20af10dc 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json @@ -1,16 +1,3 @@ -[ - { - "mallocCountTotal" : { - - } - }, - { - "relative" : [ - - ], - "absolute" : [ - 4, - 1252 - ] - } -] \ No newline at end of file +{ + "mallocCountTotal" : 1258 +} \ No newline at end of file diff --git a/dev/update-alloc-limits b/dev/update-benchmark-thresholds similarity index 100% rename from dev/update-alloc-limits rename to dev/update-benchmark-thresholds diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 95c312c7..700f62ef 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -29,7 +29,7 @@ services: update-benchmark-baseline: <<: *common - command: /bin/bash -xcl "cd benchmarks && swift package --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" + command: /bin/bash -xcl "cd benchmarks && swift package --scratch-path .build/$${SWIFT_VERSION-}/ --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" # util shell: From b4e5ab60a5cd04d6029088ece0730ee0570e25d5 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 24 Aug 2023 11:05:13 +0100 Subject: [PATCH 19/44] delete old integration tests --- IntegrationTests/plugin_echo.sh | 58 --- IntegrationTests/plugin_junit_xml.sh | 119 ----- IntegrationTests/run-single-test.sh | 33 -- IntegrationTests/run-tests.sh | 159 ------- IntegrationTests/test_functions.sh | 78 --- .../tests_01_allocation_counters/defines.sh | 14 - .../test_01_allocation_counts.sh | 57 --- ...-swift-certificates-alloc-counter-tests.sh | 54 --- .../test_01_resources/shared.swift | 447 ------------------ .../test_parse_webpki_roots.swift | 30 -- ...st_tiny_array_cow_append_contents_of.swift | 30 -- ...tiny_array_non_allocating_operations.swift | 32 -- .../test_01_resources/test_validation.swift | 321 ------------- scripts/integration_tests.sh | 19 - 14 files changed, 1451 deletions(-) delete mode 100644 IntegrationTests/plugin_echo.sh delete mode 100644 IntegrationTests/plugin_junit_xml.sh delete mode 100755 IntegrationTests/run-single-test.sh delete mode 100755 IntegrationTests/run-tests.sh delete mode 100644 IntegrationTests/test_functions.sh delete mode 100644 IntegrationTests/tests_01_allocation_counters/defines.sh delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_allocation_counts.sh delete mode 100755 IntegrationTests/tests_01_allocation_counters/test_01_resources/run-swift-certificates-alloc-counter-tests.sh delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_resources/shared.swift delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_resources/test_parse_webpki_roots.swift delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_cow_append_contents_of.swift delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_non_allocating_operations.swift delete mode 100644 IntegrationTests/tests_01_allocation_counters/test_01_resources/test_validation.swift delete mode 100755 scripts/integration_tests.sh diff --git a/IntegrationTests/plugin_echo.sh b/IntegrationTests/plugin_echo.sh deleted file mode 100644 index 77fdbb7b..00000000 --- a/IntegrationTests/plugin_echo.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -function plugin_echo_test_suite_begin() { - echo "Running test suite '$1'" -} - -function plugin_echo_test_suite_end() { - true -} - -# test_name -function plugin_echo_test_begin() { - echo -n "Running test '$1'... " -} - -function plugin_echo_test_skip() { - echo "Skipping test '$1'" -} - -function plugin_echo_test_ok() { - echo "OK (${1}s)" -} - -function plugin_echo_test_fail() { - echo "FAILURE ($1)" - echo "--- OUTPUT BEGIN ---" - cat "$2" - echo "--- OUTPUT END ---" -} - -function plugin_echo_test_end() { - true -} - -function plugin_echo_summary_ok() { - echo "OK (ran $1 tests successfully)" -} - -function plugin_echo_summary_fail() { - echo "FAILURE (oks: $1, failures: $2)" -} - -function plugin_echo_init() { - true -} diff --git a/IntegrationTests/plugin_junit_xml.sh b/IntegrationTests/plugin_junit_xml.sh deleted file mode 100644 index 7c9070d0..00000000 --- a/IntegrationTests/plugin_junit_xml.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -junit_testsuite_time=0 - -function junit_output_write() { - extra_flags="" - if [[ "$1" == "-n" ]]; then - extra_flags="-n" - shift - fi - test -n "$junit_xml_output" - echo $extra_flags "$*" >> "$junit_xml_output" -} - -function junit_output_cat() { - cat "$@" >> "$junit_xml_output" -} - -# search, replace -function junit_output_replace() { - test -n "$junit_xml_output" - case "$(uname -s)" in - Linux) - sed -i "s/$1/$2/g" "$junit_xml_output" - ;; - *) - sed -i "" "s/$1/$2/g" "$junit_xml_output" - ;; - esac -} - -function plugin_junit_xml_test_suite_begin() { - junit_testsuite_time=0 - junit_output_write "" -} - -function plugin_junit_xml_test_suite_end() { - junit_repl_success_and_fail "$1" "$2" - junit_output_write "" -} - -# test_name -function plugin_junit_xml_test_begin() { - junit_output_write -n " " - junit_testsuite_time=$((junit_testsuite_time + time_ms)) -} - -function plugin_junit_xml_test_fail() { - time_ms=$1 - junit_output_write " time='$time_ms'>" - junit_output_write " " - junit_output_write " " - junit_output_write ' ' - junit_output_write " " - junit_output_write " " -} - -function plugin_junit_xml_test_end() { - junit_output_write " " -} - -function junit_repl_success_and_fail() { - junit_output_replace XXX-TESTS-XXX "$(($1 + $2))" - junit_output_replace XXX-FAILURES-XXX "$2" - junit_output_replace XXX-TIME-XXX "$junit_testsuite_time" -} - -function plugin_junit_xml_summary_ok() { - junit_output_write "" -} - -function plugin_junit_xml_summary_fail() { - junit_output_write "" -} - -function plugin_junit_xml_init() { - junit_xml_output="" - for f in "$@"; do - if [[ "$junit_xml_output" = "PLACEHOLDER" ]]; then - junit_xml_output="$f" - fi - if [[ "$f" == "--junit-xml" && -z "$junit_xml_output" ]]; then - junit_xml_output="PLACEHOLDER" - fi - done - - if [[ -z "$junit_xml_output" || "$junit_xml_output" = "PLACEHOLDER" ]]; then - echo >&2 "ERROR: you need to specify the output after the --junit-xml argument" - false - fi - echo "" > "$junit_xml_output" -} diff --git a/IntegrationTests/run-single-test.sh b/IntegrationTests/run-single-test.sh deleted file mode 100755 index 42f0e0fa..00000000 --- a/IntegrationTests/run-single-test.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -( -# this sub-shell is where the actual test is run -set -eu -set -x -set -o pipefail - -test="$1" -tmp="$2" -root="$3" -g_show_info="$4" -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -source "$here/test_functions.sh" -source "$test" -wait -) -exit_code=$? -exit $exit_code diff --git a/IntegrationTests/run-tests.sh b/IntegrationTests/run-tests.sh deleted file mode 100755 index a3decafe..00000000 --- a/IntegrationTests/run-tests.sh +++ /dev/null @@ -1,159 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu - -shopt -s nullglob - -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -tmp=$(mktemp -d /tmp/.swift-certificates-sh-tests_XXXXXX) - -# start_time -function time_diff_to_now() { - echo "$(( $(date +%s) - $1 ))" -} - -function plugins_do() { - local method - method="$1" - shift - for plugin in $plugins; do - cd "$orig_cwd" - "plugin_${plugin}_${method}" "$@" - cd - > /dev/null - done -} - -source "$here/plugin_echo.sh" -source "$here/plugin_junit_xml.sh" - -plugins="echo" -plugin_opts_ind=0 -if [[ "${1-default}" == "--junit-xml" ]]; then - plugins="echo junit_xml" - plugin_opts_ind=2 -fi - -function usage() { - echo >&2 "Usage: $0 [OPTIONS]" - echo >&2 - echo >&2 "OPTIONS:" - echo >&2 " -f FILTER: Only run tests matching FILTER (regex)" -} - -orig_cwd=$(pwd) -cd "$here" - -plugins_do init "$@" -shift $plugin_opts_ind - -filter="." -verbose=false -show_info=false -debug=false -while getopts "f:vid" opt; do - case $opt in - f) - filter="$OPTARG" - ;; - v) - verbose=true - ;; - i) - show_info=true - ;; - d) - debug=true - ;; - \?) - usage - exit 1 - ;; - esac -done - -function run_test() { - if $verbose; then - "$@" 2>&1 | tee -a "$out" - # we need to return the return value of the first command - return ${PIPESTATUS[0]} - else - "$@" >> "$out" 2>&1 - fi -} - -exec 3>&1 4>&2 # copy stdout/err to fd 3/4 to we can output control messages -cnt_ok=0 -cnt_fail=0 -for f in tests_*; do - suite_ok=0 - suite_fail=0 - plugins_do test_suite_begin "$f" - start_suite=$(date +%s) - cd "$f" - for t in test_*.sh; do - if [[ ! "$f/$t" =~ $filter ]]; then - plugins_do test_skip "$t" - continue - fi - out=$(mktemp "$tmp/test.out_XXXXXX") - test_tmp=$(mktemp -d "$tmp/test.tmp_XXXXXX") - plugins_do test_begin "$t" "$f" - start=$(date +%s) - if run_test "$here/run-single-test.sh" "$here/$f/$t" "$test_tmp" "$here/.." "$show_info"; then - plugins_do test_ok "$(time_diff_to_now $start)" - suite_ok=$((suite_ok+1)) - if $verbose; then - cat "$out" - fi - else - plugins_do test_fail "$(time_diff_to_now $start)" "$out" - suite_fail=$((suite_fail+1)) - fi - if ! $debug; then - rm "$out" - rm -rf "$test_tmp" - fi - plugins_do test_end - done - cnt_ok=$((cnt_ok + suite_ok)) - cnt_fail=$((cnt_fail + suite_fail)) - cd .. - plugins_do test_suite_end "$(time_diff_to_now $start_suite)" "$suite_ok" "$suite_fail" -done - -if ! $debug; then - rm -rf "$tmp" -else - echo >&2 "debug mode, not deleting '$tmp'" -fi - - -# report -if [[ $cnt_fail > 0 ]]; then - # kill leftovers (the whole process group) - trap '' TERM - kill 0 - - plugins_do summary_fail "$cnt_ok" "$cnt_fail" -else - plugins_do summary_ok "$cnt_ok" "$cnt_fail" -fi - -if [[ $cnt_fail > 0 ]]; then - exit 1 -else - exit 0 -fi diff --git a/IntegrationTests/test_functions.sh b/IntegrationTests/test_functions.sh deleted file mode 100644 index 6fb05282..00000000 --- a/IntegrationTests/test_functions.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## -function fail() { - echo >&2 "FAILURE: $*" - false -} - -function assert_equal() { - if [[ "$1" != "$2" ]]; then - fail "expected '$1', got '$2' ${3-}" - fi -} - -function assert_equal_files() { - if ! cmp -s "$1" "$2"; then - diff -u "$1" "$2" || true - echo - echo "--- SNIP ($1, size=$(wc "$1"), SHA=$(shasum "$1")) ---" - cat "$1" - echo "--- SNAP ($1)---" - echo "--- SNIP ($2, size=$(wc "$2"), SHA=$(shasum "$2")) ---" - cat "$2" - echo "--- SNAP ($2) ---" - fail "file '$1' not equal to '$2'" - fi -} - -function assert_less_than() { - if [[ ! "$1" -lt "$2" ]]; then - fail "assertion '$1' < '$2' failed" - fi -} - -function assert_less_than_or_equal() { - if [[ ! "$1" -le "$2" ]]; then - fail "assertion '$1' <= '$2' failed" - fi -} - -function assert_greater_than() { - if [[ ! "$1" -gt "$2" ]]; then - fail "assertion '$1' > '$2' failed" - fi -} - -function assert_greater_than_or_equal() { - if [[ ! "$1" -ge "$2" ]]; then - fail "assertion '$1' >= '$2' failed" - fi -} - -g_has_previously_infoed=false - -function info() { - if $g_show_info; then - if ! $g_has_previously_infoed; then - echo >&3 || true # echo an extra newline so it looks better - g_has_previously_infoed=true - fi - echo >&3 "info: $*" || true - fi -} - -function warn() { - echo >&4 "warning: $*" -} diff --git a/IntegrationTests/tests_01_allocation_counters/defines.sh b/IntegrationTests/tests_01_allocation_counters/defines.sh deleted file mode 100644 index 8df520f8..00000000 --- a/IntegrationTests/tests_01_allocation_counters/defines.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_allocation_counts.sh b/IntegrationTests/tests_01_allocation_counters/test_01_allocation_counts.sh deleted file mode 100644 index c752feb6..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_allocation_counts.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -source defines.sh - -set -eu -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -all_tests=() -for file in "$here/test_01_resources/"test_*.swift; do - test_name=$(basename "$file") - test_name=${test_name#test_*} - test_name=${test_name%*.swift} - all_tests+=( "$test_name" ) -done - -"$here/test_01_resources/run-swift-certificates-alloc-counter-tests.sh" -t "$tmp" > "$tmp/output" - -for test in "${all_tests[@]}"; do - cat "$tmp/output" # helps debugging - - while read -r test_case; do - test_case=${test_case#test_*} - total_allocations=$(grep "^test_$test_case.total_allocations:" "$tmp/output" | cut -d: -f2 | sed 's/ //g') - not_freed_allocations=$(grep "^test_$test_case.remaining_allocations:" "$tmp/output" | cut -d: -f2 | sed 's/ //g') - max_allowed_env_name="MAX_ALLOCS_ALLOWED_$test_case" - - info "$test_case: allocations not freed: $not_freed_allocations" - info "$test_case: total number of mallocs: $total_allocations" - - assert_less_than "$not_freed_allocations" 5 # allow some slack - assert_greater_than "$not_freed_allocations" -5 # allow some slack - if [[ -z "${!max_allowed_env_name+x}" ]]; then - if [[ -z "${!max_allowed_env_name+x}" ]]; then - warn "no reference number of allocations set (set to \$$max_allowed_env_name)" - warn "to set current number:" - warn " export $max_allowed_env_name=$total_allocations" - fi - else - max_allowed=${!max_allowed_env_name} - assert_less_than_or_equal "$total_allocations" "$max_allowed" - assert_greater_than "$total_allocations" "$(( max_allowed - 1000))" - fi - done < <(grep "^test_$test[^\W]*.total_allocations:" "$tmp/output" | cut -d: -f1 | cut -d. -f1 | sort | uniq) -done diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/run-swift-certificates-alloc-counter-tests.sh b/IntegrationTests/tests_01_allocation_counters/test_01_resources/run-swift-certificates-alloc-counter-tests.sh deleted file mode 100755 index 8422f382..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/run-swift-certificates-alloc-counter-tests.sh +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set -eu -here="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" - -tmp_dir="/tmp" - -while getopts "t:" opt; do - case "$opt" in - t) - tmp_dir="$OPTARG" - ;; - *) - exit 1 - ;; - esac -done - -nio_checkout=$(mktemp -d "$tmp_dir/.swift-nio_XXXXXX") -( -cd "$nio_checkout" -git clone --depth 1 https://github.com/apple/swift-nio -) - -shift $((OPTIND-1)) - -tests_to_run=("$here"/test_*.swift) - -if [[ $# -gt 0 ]]; then - tests_to_run=("$@") -fi - -"$nio_checkout/swift-nio/IntegrationTests/allocation-counter-tests-framework/run-allocation-counter.sh" \ - -p "$here/../../.." \ - -m SwiftASN1 \ - -m X509 \ - -m Crypto \ - -s "$here/shared.swift" \ - -t "$tmp_dir" \ - -d <( echo '.package(url: "https://github.com/apple/swift-asn1.git", from: "0.9.1"),.package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"),' ) \ - "${tests_to_run[@]}" diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/shared.swift b/IntegrationTests/tests_01_allocation_counters/test_01_resources/shared.swift deleted file mode 100644 index 943fb236..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/shared.swift +++ /dev/null @@ -1,447 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - - -import X509 -import Foundation -import Crypto - -enum WebPKI { - static let all = [br, af, cf, dz, de] - static let br = """ - -----BEGIN CERTIFICATE----- - MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx - KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd - BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl - YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 - OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy - aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 - ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN - 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ - RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 - hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 - ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM - EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj - QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 - A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy - WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ - 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 - 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT - 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml - e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p - TpPDpFQUWw== - -----END CERTIFICATE----- - """ - static let af = """ - -----BEGIN CERTIFICATE----- - MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x - GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv - b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV - BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W - YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa - GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg - Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J - WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB - rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp - +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 - ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i - Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz - PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og - /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH - oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI - yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud - EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 - A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL - MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT - ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f - BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn - g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl - fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K - WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha - B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc - hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR - TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD - mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z - ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y - 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza - 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u - -----END CERTIFICATE----- - """ - static let cf = """ - -----BEGIN CERTIFICATE----- - MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw - CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu - ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg - RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV - UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu - Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf - Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q - RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ - BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD - AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY - JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv - 6pZjamVFkpUBtA== - -----END CERTIFICATE----- - """ - static let dz = """ - -----BEGIN CERTIFICATE----- - MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD - VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf - BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 - YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x - NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G - A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 - d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF - Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG - SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN - FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w - DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw - CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh - DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 - -----END CERTIFICATE----- - """ - static let de = """ - -----BEGIN CERTIFICATE----- - MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE - BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ - IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 - MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV - BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w - HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF - AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj - Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj - TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u - KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj - qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm - MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 - ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP - zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk - L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC - jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA - HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC - AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB - /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg - p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm - DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 - COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry - L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf - JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg - IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io - 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV - 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ - XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq - T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe - MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== - -----END CERTIFICATE----- - """ -} - - -@available(macOS 11.0, *) -enum TestCertificate { - static let referenceTime = Date() - - static let all = [ - ca1, - ca1CrossSignedByCA2, - ca1WithAlternativePrivateKey, - ca2, - ca2CrossSignedByCA1, - intermediate1, - intermediate1WithoutSKIAKI, - intermediate1WithIncorrectSKIAKI, - localhostLeaf, - isolatedSelfSignedCert, - isolatedSelfSignedCertWithWeirdCriticalExtension, - ] - - private static let ca1PrivateKey = P384.Signing.PrivateKey() - private static let ca1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 1") - } - static let ca1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let ca1CrossSignedByCA2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca2Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() - static let ca1WithAlternativePrivateKey: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1AlternativePrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let ca2PrivateKey = P384.Signing.PrivateKey() - private static let ca2Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 2") - } - static let ca2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca2Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - static let ca2CrossSignedByCA1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca1Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - static let intermediate1PrivateKey = P256.Signing.PrivateKey() - static let intermediate1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test Intermediate CA 1") - } - static let intermediate1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithoutSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithIncorrectSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier(keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation))) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() - static let localhostLeaf: Certificate = { - let localhostLeafName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("localhost") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(localhostLeafPrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: intermediate1.subject, - subject: localhostLeafName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.notCertificateAuthority - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) - }, - issuerPrivateKey: .init(intermediate1PrivateKey) - ) - }() - - private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() - static let isolatedSelfSignedCert: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() - - static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - - // An opaque extension that just so happens to be critical - Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() -} - -extension TimeInterval { - private static let oneDay: TimeInterval = 60 * 60 * 24 - - static func days(_ days: Int) -> TimeInterval { - return Double(days) * oneDay - } -} diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_parse_webpki_roots.swift b/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_parse_webpki_roots.swift deleted file mode 100644 index 544207ed..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_parse_webpki_roots.swift +++ /dev/null @@ -1,30 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import X509 -import Foundation -import SwiftASN1 - -func run(identifier: String) { - let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } - measure(identifier: identifier) { - var totalExtensionCount = 0 - for _ in 0..<1000 { - for derEncodedCA in derEncodedCAs { - totalExtensionCount += try! Certificate(derEncoded: derEncodedCA).extensions.count - } - } - return totalExtensionCount - } -} diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_cow_append_contents_of.swift b/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_cow_append_contents_of.swift deleted file mode 100644 index 04e49892..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_cow_append_contents_of.swift +++ /dev/null @@ -1,30 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import _CertificateInternals - -func run(identifier: String) { - measure(identifier: identifier) { - var count = 0 - for _ in 0..<1000 { - var tinyArray = _TinyArray() - for i in 0..<1000 { - tinyArray.append(i) - } - count += tinyArray.count - } - - return count - } -} diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_non_allocating_operations.swift b/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_non_allocating_operations.swift deleted file mode 100644 index a0edc802..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_tiny_array_non_allocating_operations.swift +++ /dev/null @@ -1,32 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import _CertificateInternals - -func run(identifier: String) { - measure(identifier: identifier) { - var counts = 0 - for _ in 0..<1000 { - counts += _TinyArray(CollectionOfOne(1)).count - - do { - var array = _TinyArray() - array.append(contentsOf: CollectionOfOne(1)) - counts += array.count - } - } - - return counts - } -} diff --git a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_validation.swift b/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_validation.swift deleted file mode 100644 index ca9f0d00..00000000 --- a/IntegrationTests/tests_01_allocation_counters/test_01_resources/test_validation.swift +++ /dev/null @@ -1,321 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import X509 -import Foundation -import Crypto -import SwiftASN1 - - -func run(identifier: String) { - guard #available(macOS 11.0, *) else { return } - var counts = 0 - // this allocates all certificates before we start counting allocations - counts += TestCertificate.all.map { $0.extensions.count }.reduce(0, +) - measure(identifier: identifier) { - - for _ in 0..<100 { - counts += await testAllSuccessfulValidations() - counts += await testAllUnsuccessfulValidations() - } - - return counts - } -} - -// MARK: - successful validation - -@available(macOS 11.0, *) -func testAllSuccessfulValidations() async -> Int { - var counts = 0 - counts += await testTrivialChainBuilding() - counts += await testExtraRootsAreIgnored() - counts += await testPuttingRootsInTheIntermediariesIsntAProblem() - counts += await testSupportsCrossSignedRootWithoutTrouble() - counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() - counts += await testPrefersToUseIntermediatesWithSKIThatMatches() - counts += await testPrefersNoSKIToNonMatchingSKI() - counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() - counts += await testPolicyFailuresCanFindLongerPaths() - counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() - counts += await testTrustRootsCanBeNonSelfSignedLeaves() - counts += await testTrustRootsCanBeNonSelfSignedIntermediates() - return counts -} - -@available(macOS 11.0, *) -func testTrivialChainBuilding() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testExtraRootsAreIgnored() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testSupportsCrossSignedRootWithoutTrouble() async -> Int { - let roots = CertificateStore([TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testPrefersNoSKIToNonMatchingSKI() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - return chain.count -} - -@available(macOS 11.0, *) -func testPolicyFailuresCanFindLongerPaths() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { - FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { - // we use a custom policy here to ignore the fact that the basic constraints extension is critical. - struct IgnoreBasicConstraintsPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] - -func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - return .meetsPolicy - } - } - - let roots = CertificateStore([TestCertificate.localhostLeaf]) - - var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -@available(macOS 11.0, *) -func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { - let roots = CertificateStore([TestCertificate.intermediate1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -// MARK: - unsuccessful validation - -@available(macOS 11.0, *) -func testAllUnsuccessfulValidations() async -> Int { - var counts = 0 - counts += await testWePoliceCriticalExtensionsOnLeafCerts() - counts += await testMissingIntermediateFailsToBuild() - counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() - counts += await testMissingRootFailsToBuild() - return counts -} - -@available(macOS 11.0, *) -func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - - return policyResults.count -} - -@available(macOS 11.0, *) -func testMissingIntermediateFailsToBuild() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -@available(macOS 11.0, *) -func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.isolatedSelfSignedCert, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - return policyResults.count -} - -@available(macOS 11.0, *) -func testMissingRootFailsToBuild() async -> Int { - let roots = CertificateStore([]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate(leafCertificate: TestCertificate.localhostLeaf, intermediates: CertificateStore([TestCertificate.intermediate1])) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -fileprivate struct FailIfCertInChainPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] - - private let forbiddenCert: Certificate - - init(forbiddenCert: Certificate) { - self.forbiddenCert = forbiddenCert - } - - func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - if chain.contains(self.forbiddenCert) { - return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") - } else { - return .meetsPolicy - } - } -} diff --git a/scripts/integration_tests.sh b/scripts/integration_tests.sh deleted file mode 100755 index 5de4822d..00000000 --- a/scripts/integration_tests.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -##===----------------------------------------------------------------------===## -## -## This source file is part of the SwiftCertificates open source project -## -## Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -## Licensed under Apache License v2.0 -## -## See LICENSE.txt for license information -## See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -## -## SPDX-License-Identifier: Apache-2.0 -## -##===----------------------------------------------------------------------===## - -set +ex - -mkdir -p .build # for the junit.xml file -./IntegrationTests/run-tests.sh --junit-xml .build/junit-sh-tests.xml -i $@ From 80bac7f8107ebaa460206246af4ad01f22d2c1a3 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 24 Aug 2023 13:22:29 +0100 Subject: [PATCH 20/44] use released version --- benchmarks/Package.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 727388d7..2f23d691 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -22,7 +22,7 @@ let package = Package( ], dependencies: [ .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", branch: "threshold-export"), + .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.9.0"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), ], From d95888c91d2080acf33438ae64b7d55e88f60b22 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Mon, 4 Sep 2023 11:17:39 +0100 Subject: [PATCH 21/44] revork folder structure and add BlackHole module --- .../Benchmarks.swift | 3 +- benchmarks/Package.swift | 28 +++++++++++-------- .../{ => Benchmarks}/ParseWebPKI.swift | 2 +- .../{ => Benchmarks}/TinyArrayAppend.swift | 2 +- .../TinyArrayNonAllocationFunctions.swift | 2 +- .../{ => Benchmarks}/VerifierBenchmark.swift | 2 +- benchmarks/Sources/BlackHole/blackHole.swift | 20 +++++++++++++ .../BenchmarkTests.swift} | 2 +- 8 files changed, 44 insertions(+), 17 deletions(-) rename benchmarks/Benchmarks/{CertificatesBenchmarks => BenchmarksRunner}/Benchmarks.swift (98%) rename benchmarks/Sources/{ => Benchmarks}/ParseWebPKI.swift (99%) rename benchmarks/Sources/{ => Benchmarks}/TinyArrayAppend.swift (97%) rename benchmarks/Sources/{ => Benchmarks}/TinyArrayNonAllocationFunctions.swift (97%) rename benchmarks/Sources/{ => Benchmarks}/VerifierBenchmark.swift (99%) create mode 100644 benchmarks/Sources/BlackHole/blackHole.swift rename benchmarks/Tests/{Tests.swift => BenchmarksTests/BenchmarkTests.swift} (98%) diff --git a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift b/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift similarity index 98% rename from benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift rename to benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift index f654f5c6..905e74d0 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmarks/Benchmarks.swift +++ b/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift @@ -13,9 +13,10 @@ //===----------------------------------------------------------------------===// import Benchmark -import Sources +import Benchmarks import Foundation + let benchmarks = { Benchmark.defaultConfiguration = .init( metrics: [.mallocCountTotal, .syscalls] + .arc, diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 2f23d691..e8e8f79e 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -28,32 +28,38 @@ let package = Package( ], targets: [ .executableTarget( - name: "CertificatesBenchmarks", + name: "BenchmarksRunner", dependencies: [ - "Sources", + "Benchmarks", .product(name: "Benchmark", package: "package-benchmark"), ], - path: "Benchmarks/CertificatesBenchmarks", + path: "Benchmarks/BenchmarksRunner", plugins: [ .plugin(name: "BenchmarkPlugin", package: "package-benchmark") ] ), .target( - name: "Sources", + name: "Benchmarks", dependencies: [ - .product(name: "Benchmark", package: "package-benchmark"), + "BlackHole", .product(name: "X509", package: "swift-certificates"), .product(name: "SwiftASN1", package: "swift-asn1"), .product(name: "Crypto", package: "swift-crypto"), - ], - path: "Sources" + ] + ), + .target( + name: "BlackHole", + dependencies: [ + .product(name: "X509", package: "swift-certificates"), + .product(name: "SwiftASN1", package: "swift-asn1"), + .product(name: "Crypto", package: "swift-crypto"), + ] ), .testTarget( - name: "Tests", + name: "BenchmarksTests", dependencies: [ - "Sources", - ], - path: "Tests" + "Benchmarks", + ] ) ] ) diff --git a/benchmarks/Sources/ParseWebPKI.swift b/benchmarks/Sources/Benchmarks/ParseWebPKI.swift similarity index 99% rename from benchmarks/Sources/ParseWebPKI.swift rename to benchmarks/Sources/Benchmarks/ParseWebPKI.swift index cf4c8636..c1e0fdde 100644 --- a/benchmarks/Sources/ParseWebPKI.swift +++ b/benchmarks/Sources/Benchmarks/ParseWebPKI.swift @@ -12,10 +12,10 @@ // //===----------------------------------------------------------------------===// +import BlackHole import X509 import SwiftASN1 import Foundation -import Benchmark public func parseWebPKIRoots() -> () -> Void { let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } diff --git a/benchmarks/Sources/TinyArrayAppend.swift b/benchmarks/Sources/Benchmarks/TinyArrayAppend.swift similarity index 97% rename from benchmarks/Sources/TinyArrayAppend.swift rename to benchmarks/Sources/Benchmarks/TinyArrayAppend.swift index 0272b8f1..8358cf7c 100644 --- a/benchmarks/Sources/TinyArrayAppend.swift +++ b/benchmarks/Sources/Benchmarks/TinyArrayAppend.swift @@ -12,8 +12,8 @@ // //===----------------------------------------------------------------------===// +import BlackHole import _CertificateInternals -import Benchmark public func tinyArrayAppend() { var count = 0 diff --git a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift b/benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift similarity index 97% rename from benchmarks/Sources/TinyArrayNonAllocationFunctions.swift rename to benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift index 58da5222..9ae44798 100644 --- a/benchmarks/Sources/TinyArrayNonAllocationFunctions.swift +++ b/benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift @@ -12,8 +12,8 @@ // //===----------------------------------------------------------------------===// +import BlackHole import _CertificateInternals -import Benchmark public func tinyArrayNonAllocationFunctions() { var counts = 0 diff --git a/benchmarks/Sources/VerifierBenchmark.swift b/benchmarks/Sources/Benchmarks/VerifierBenchmark.swift similarity index 99% rename from benchmarks/Sources/VerifierBenchmark.swift rename to benchmarks/Sources/Benchmarks/VerifierBenchmark.swift index 74a5e375..31d55395 100644 --- a/benchmarks/Sources/VerifierBenchmark.swift +++ b/benchmarks/Sources/Benchmarks/VerifierBenchmark.swift @@ -12,11 +12,11 @@ // //===----------------------------------------------------------------------===// +import BlackHole import X509 import Foundation import Crypto import SwiftASN1 -import Benchmark public func verifier() async { var counts = 0 diff --git a/benchmarks/Sources/BlackHole/blackHole.swift b/benchmarks/Sources/BlackHole/blackHole.swift new file mode 100644 index 00000000..cc6fa022 --- /dev/null +++ b/benchmarks/Sources/BlackHole/blackHole.swift @@ -0,0 +1,20 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + + +// Current recommendation for a black hole function according to: +// https://forums.swift.org/t/compiler-swallows-blackhole/64305/10 +// https://github.com/apple/swift/commit/1fceeab71e79dc96f1b6f560bf745b016d7fcdcf +@_optimize(none) +public func blackHole(_: some Any) {} diff --git a/benchmarks/Tests/Tests.swift b/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift similarity index 98% rename from benchmarks/Tests/Tests.swift rename to benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift index 013a7292..29cfb256 100644 --- a/benchmarks/Tests/Tests.swift +++ b/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import Sources +import Benchmarks import XCTest final class TestRunner: XCTestCase { From 5f62f025fd6e65df11caa4cbb549172e29040d6c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Mon, 4 Sep 2023 11:20:47 +0100 Subject: [PATCH 22/44] crash in debug configuration --- benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift b/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift index 29cfb256..646e6c9a 100644 --- a/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift +++ b/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift @@ -16,9 +16,9 @@ import Benchmarks import XCTest final class TestRunner: XCTestCase { - override func setUpWithError() throws { + override func setUp() { #if DEBUG - throw XCTSkip("performance tests only run in release mode") + fatalError("performance tests only run in release mode") #endif } func testVerifier() async { From 962957038917fb27ef330f76e57835bb12228871 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Mon, 4 Sep 2023 11:24:02 +0100 Subject: [PATCH 23/44] swift-format --- benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift | 1 - benchmarks/Sources/BlackHole/blackHole.swift | 1 - 2 files changed, 2 deletions(-) diff --git a/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift b/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift index 905e74d0..02724751 100644 --- a/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift +++ b/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift @@ -16,7 +16,6 @@ import Benchmark import Benchmarks import Foundation - let benchmarks = { Benchmark.defaultConfiguration = .init( metrics: [.mallocCountTotal, .syscalls] + .arc, diff --git a/benchmarks/Sources/BlackHole/blackHole.swift b/benchmarks/Sources/BlackHole/blackHole.swift index cc6fa022..6aa75ff2 100644 --- a/benchmarks/Sources/BlackHole/blackHole.swift +++ b/benchmarks/Sources/BlackHole/blackHole.swift @@ -12,7 +12,6 @@ // //===----------------------------------------------------------------------===// - // Current recommendation for a black hole function according to: // https://forums.swift.org/t/compiler-swallows-blackhole/64305/10 // https://github.com/apple/swift/commit/1fceeab71e79dc96f1b6f560bf745b016d7fcdcf From e14741a39305b286d96cb8612dc2ffd3d6a56ce8 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Mon, 4 Sep 2023 11:41:23 +0100 Subject: [PATCH 24/44] update baselines --- benchmarks/Package.swift | 2 +- .../5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 ++++++ ....json => BenchmarksRunner.TinyArray.append(_:).p90.json} | 0 ...marksRunner.TinyArray_non-allocating_functions.p90.json} | 0 .../Thresholds/5.7/BenchmarksRunner.Verifier.p90.json | 3 +++ .../5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json | 6 ------ .../5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 ++++++ ....json => BenchmarksRunner.TinyArray.append(_:).p90.json} | 0 ...marksRunner.TinyArray_non-allocating_functions.p90.json} | 0 .../Thresholds/5.8/BenchmarksRunner.Verifier.p90.json | 3 +++ .../5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json | 6 ------ .../Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json | 3 --- .../5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 ++++++ ....json => BenchmarksRunner.TinyArray.append(_:).p90.json} | 0 ...marksRunner.TinyArray_non-allocating_functions.p90.json} | 2 +- .../BenchmarksRunner.Verifier.p90.json} | 0 .../5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json | 6 ------ .../Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json | 3 --- .../main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 ++++++ ....json => BenchmarksRunner.TinyArray.append(_:).p90.json} | 0 ...marksRunner.TinyArray_non-allocating_functions.p90.json} | 2 +- .../Thresholds/main/BenchmarksRunner.Verifier.p90.json | 3 +++ .../main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json | 6 ------ .../main/CertificatesBenchmarks.Verifier.p90.json | 3 --- 24 files changed, 36 insertions(+), 36 deletions(-) create mode 100644 benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/5.7/{CertificatesBenchmarks.TinyArray.append(_:).p90.json => BenchmarksRunner.TinyArray.append(_:).p90.json} (100%) rename benchmarks/Thresholds/5.7/{CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json => BenchmarksRunner.TinyArray_non-allocating_functions.p90.json} (100%) create mode 100644 benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/5.8/{CertificatesBenchmarks.TinyArray.append(_:).p90.json => BenchmarksRunner.TinyArray.append(_:).p90.json} (100%) rename benchmarks/Thresholds/5.8/{CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json => BenchmarksRunner.TinyArray_non-allocating_functions.p90.json} (100%) create mode 100644 benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/5.9/{CertificatesBenchmarks.TinyArray.append(_:).p90.json => BenchmarksRunner.TinyArray.append(_:).p90.json} (100%) rename benchmarks/Thresholds/5.9/{CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json => BenchmarksRunner.TinyArray_non-allocating_functions.p90.json} (73%) rename benchmarks/Thresholds/{5.7/CertificatesBenchmarks.Verifier.p90.json => 5.9/BenchmarksRunner.Verifier.p90.json} (100%) delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json create mode 100644 benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/main/{CertificatesBenchmarks.TinyArray.append(_:).p90.json => BenchmarksRunner.TinyArray.append(_:).p90.json} (100%) rename benchmarks/Thresholds/main/{CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json => BenchmarksRunner.TinyArray_non-allocating_functions.p90.json} (73%) create mode 100644 benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index e8e8f79e..7a762de5 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -24,7 +24,7 @@ let package = Package( .package(path: "../"), .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.9.0"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - .package(url: "https://github.com/apple/swift-asn1.git", .upToNextMinor(from: "0.10.0")), + .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), ], targets: [ .executableTarget( diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..62f33178 --- /dev/null +++ b/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 213, + "releaseCount" : 7418, + "retainCount" : 6982, + "retainReleaseDelta" : 436 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json similarity index 100% rename from benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json similarity index 100% rename from benchmarks/Thresholds/5.7/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json new file mode 100644 index 00000000..b7987e54 --- /dev/null +++ b/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1250 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index f2daa7e4..00000000 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 435, - "releaseCount" : 7677, - "retainCount" : 6843, - "retainReleaseDelta" : 834 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..b4495382 --- /dev/null +++ b/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 213, + "releaseCount" : 6960, + "retainCount" : 6574, + "retainReleaseDelta" : 386 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray.append(_:).p90.json similarity index 100% rename from benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray.append(_:).p90.json diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json similarity index 100% rename from benchmarks/Thresholds/5.8/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json new file mode 100644 index 00000000..b7987e54 --- /dev/null +++ b/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1250 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 1dc1762f..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 435, - "releaseCount" : 7206, - "retainCount" : 6422, - "retainReleaseDelta" : 784 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json deleted file mode 100644 index 78abae6a..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmarks.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1249 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..69a3e2c7 --- /dev/null +++ b/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 215, + "releaseCount" : 6760, + "retainCount" : 6374, + "retainReleaseDelta" : 386 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray.append(_:).p90.json similarity index 100% rename from benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray.append(_:).p90.json diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json similarity index 73% rename from benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json index 9d6c15b3..b015ade2 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 32, + "mallocCountTotal" : 16, "releaseCount" : 2, "retainCount" : 1, "retainReleaseDelta" : 1 diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json similarity index 100% rename from benchmarks/Thresholds/5.7/CertificatesBenchmarks.Verifier.p90.json rename to benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 917888d0..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 435, - "releaseCount" : 7044, - "retainCount" : 6260, - "retainReleaseDelta" : 784 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json deleted file mode 100644 index 20af10dc..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmarks.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1258 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..a0ddbf71 --- /dev/null +++ b/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 213, + "releaseCount" : 4199, + "retainCount" : 3775, + "retainReleaseDelta" : 424 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json similarity index 100% rename from benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json similarity index 73% rename from benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json index 50e00ff1..6579116f 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 24, + "mallocCountTotal" : 20, "releaseCount" : 1, "retainCount" : 1, "retainReleaseDelta" : 0 diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json new file mode 100644 index 00000000..5fa12148 --- /dev/null +++ b/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1253 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 3667f48f..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 439, - "releaseCount" : 4559, - "retainCount" : 3775, - "retainReleaseDelta" : 784 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json deleted file mode 100644 index 20af10dc..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmarks.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1258 -} \ No newline at end of file From 12aabc3ed4b94c434c2bd3e4908cbe660bcfaa0c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Mon, 11 Sep 2023 19:23:50 +0100 Subject: [PATCH 25/44] Move to single target --- .../Benchmarks.swift | 11 ++--- .../CertificatesBenchmark}/ParseWebPKI.swift | 4 +- .../TinyArrayAppend.swift | 2 +- .../TinyArrayNonAllocationFunctions.swift | 2 +- .../VerifierBenchmark.swift | 2 +- benchmarks/Package.swift | 33 +++---------- benchmarks/Sources/BlackHole/blackHole.swift | 19 -------- .../BenchmarksTests/BenchmarkTests.swift | 48 ------------------- ...nchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 --- ...hmarksRunner.TinyArray.append(_:).p90.json | 6 --- .../5.7/BenchmarksRunner.Verifier.p90.json | 3 -- ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++ ...tesBenchmark.TinyArray.append(_:).p90.json | 6 +++ ...inyArray_non-allocating_functions.p90.json | 6 +++ .../CertificatesBenchmark.Verifier.p90.json | 3 ++ ...nchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 --- ...inyArray_non-allocating_functions.p90.json | 6 --- .../5.8/BenchmarksRunner.Verifier.p90.json | 3 -- ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++ ...tesBenchmark.TinyArray.append(_:).p90.json | 6 +++ ...inyArray_non-allocating_functions.p90.json | 6 +++ .../CertificatesBenchmark.Verifier.p90.json | 3 ++ ...nchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 --- ...inyArray_non-allocating_functions.p90.json | 6 --- .../5.9/BenchmarksRunner.Verifier.p90.json | 3 -- ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++ ...esBenchmark.TinyArray.append(_:).p90.json} | 2 +- ...nyArray_non-allocating_functions.p90.json} | 2 +- .../CertificatesBenchmark.Verifier.p90.json | 3 ++ ...nchmarksRunner.Parse_WebPKI_Roots.p90.json | 6 --- ...hmarksRunner.TinyArray.append(_:).p90.json | 6 --- .../main/BenchmarksRunner.Verifier.p90.json | 3 -- ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++ ...esBenchmark.TinyArray.append(_:).p90.json} | 2 +- ...nyArray_non-allocating_functions.p90.json} | 2 +- .../CertificatesBenchmark.Verifier.p90.json | 3 ++ 36 files changed, 80 insertions(+), 169 deletions(-) rename benchmarks/Benchmarks/{BenchmarksRunner => CertificatesBenchmark}/Benchmarks.swift (83%) rename benchmarks/{Sources/Benchmarks => Benchmarks/CertificatesBenchmark}/ParseWebPKI.swift (99%) rename benchmarks/{Sources/Benchmarks => Benchmarks/CertificatesBenchmark}/TinyArrayAppend.swift (97%) rename benchmarks/{Sources/Benchmarks => Benchmarks/CertificatesBenchmark}/TinyArrayNonAllocationFunctions.swift (97%) rename benchmarks/{Sources/Benchmarks => Benchmarks/CertificatesBenchmark}/VerifierBenchmark.swift (99%) delete mode 100644 benchmarks/Sources/BlackHole/blackHole.swift delete mode 100644 benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift delete mode 100644 benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/5.9/{BenchmarksRunner.TinyArray.append(_:).p90.json => CertificatesBenchmark.TinyArray.append(_:).p90.json} (73%) rename benchmarks/Thresholds/{5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json => 5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json} (73%) create mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json rename benchmarks/Thresholds/{5.8/BenchmarksRunner.TinyArray.append(_:).p90.json => main/CertificatesBenchmark.TinyArray.append(_:).p90.json} (73%) rename benchmarks/Thresholds/main/{BenchmarksRunner.TinyArray_non-allocating_functions.p90.json => CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json} (73%) create mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json diff --git a/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift similarity index 83% rename from benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift rename to benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index 02724751..9de687b5 100644 --- a/benchmarks/Benchmarks/BenchmarksRunner/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -13,13 +13,11 @@ //===----------------------------------------------------------------------===// import Benchmark -import Benchmarks import Foundation let benchmarks = { Benchmark.defaultConfiguration = .init( - metrics: [.mallocCountTotal, .syscalls] + .arc, - warmupIterations: 1 + metrics: [.mallocCountTotal, .syscalls] + .arc ) Benchmark("Verifier", configuration: .init(metrics: [.mallocCountTotal, .syscalls])) { benchmark in @@ -28,11 +26,12 @@ let benchmarks = { } } - let runParseWebPKIRoots = parseWebPKIRoots() - Benchmark("Parse WebPKI Roots") { benchmark in + Benchmark("Parse WebPKI Roots") { benchmark, run in for _ in benchmark.scaledIterations { - runParseWebPKIRoots() + run() } + } setup: { + parseWebPKIRootsSetup() } Benchmark("TinyArray non-allocating functions") { benchmark in diff --git a/benchmarks/Sources/Benchmarks/ParseWebPKI.swift b/benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift similarity index 99% rename from benchmarks/Sources/Benchmarks/ParseWebPKI.swift rename to benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift index c1e0fdde..cdec0dae 100644 --- a/benchmarks/Sources/Benchmarks/ParseWebPKI.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift @@ -12,12 +12,12 @@ // //===----------------------------------------------------------------------===// -import BlackHole +import Benchmark import X509 import SwiftASN1 import Foundation -public func parseWebPKIRoots() -> () -> Void { +public func parseWebPKIRootsSetup() -> () -> Void { let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } return { for derEncodedCA in derEncodedCAs { diff --git a/benchmarks/Sources/Benchmarks/TinyArrayAppend.swift b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift similarity index 97% rename from benchmarks/Sources/Benchmarks/TinyArrayAppend.swift rename to benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift index 8358cf7c..114116d0 100644 --- a/benchmarks/Sources/Benchmarks/TinyArrayAppend.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import BlackHole +import Benchmark import _CertificateInternals public func tinyArrayAppend() { diff --git a/benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift similarity index 97% rename from benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift rename to benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift index 9ae44798..67f33353 100644 --- a/benchmarks/Sources/Benchmarks/TinyArrayNonAllocationFunctions.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import BlackHole +import Benchmark import _CertificateInternals public func tinyArrayNonAllocationFunctions() { diff --git a/benchmarks/Sources/Benchmarks/VerifierBenchmark.swift b/benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift similarity index 99% rename from benchmarks/Sources/Benchmarks/VerifierBenchmark.swift rename to benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift index 31d55395..2dd3f3da 100644 --- a/benchmarks/Sources/Benchmarks/VerifierBenchmark.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift @@ -12,7 +12,7 @@ // //===----------------------------------------------------------------------===// -import BlackHole +import Benchmark import X509 import Foundation import Crypto diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 7a762de5..1bfeeed8 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -22,44 +22,23 @@ let package = Package( ], dependencies: [ .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.9.0"), + .package(url: "https://github.com/ordo-one/package-benchmark", branch: "support-failure-on-improvement"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), ], targets: [ .executableTarget( - name: "BenchmarksRunner", + name: "CertificatesBenchmark", dependencies: [ - "Benchmarks", .product(name: "Benchmark", package: "package-benchmark"), - ], - path: "Benchmarks/BenchmarksRunner", - plugins: [ - .plugin(name: "BenchmarkPlugin", package: "package-benchmark") - ] - ), - .target( - name: "Benchmarks", - dependencies: [ - "BlackHole", - .product(name: "X509", package: "swift-certificates"), - .product(name: "SwiftASN1", package: "swift-asn1"), - .product(name: "Crypto", package: "swift-crypto"), - ] - ), - .target( - name: "BlackHole", - dependencies: [ .product(name: "X509", package: "swift-certificates"), .product(name: "SwiftASN1", package: "swift-asn1"), .product(name: "Crypto", package: "swift-crypto"), + ], + path: "Benchmarks/CertificatesBenchmark", + plugins: [ + .plugin(name: "BenchmarkPlugin", package: "package-benchmark") ] ), - .testTarget( - name: "BenchmarksTests", - dependencies: [ - "Benchmarks", - ] - ) ] ) diff --git a/benchmarks/Sources/BlackHole/blackHole.swift b/benchmarks/Sources/BlackHole/blackHole.swift deleted file mode 100644 index 6aa75ff2..00000000 --- a/benchmarks/Sources/BlackHole/blackHole.swift +++ /dev/null @@ -1,19 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -// Current recommendation for a black hole function according to: -// https://forums.swift.org/t/compiler-swallows-blackhole/64305/10 -// https://github.com/apple/swift/commit/1fceeab71e79dc96f1b6f560bf745b016d7fcdcf -@_optimize(none) -public func blackHole(_: some Any) {} diff --git a/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift b/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift deleted file mode 100644 index 646e6c9a..00000000 --- a/benchmarks/Tests/BenchmarksTests/BenchmarkTests.swift +++ /dev/null @@ -1,48 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmarks -import XCTest - -final class TestRunner: XCTestCase { - override func setUp() { - #if DEBUG - fatalError("performance tests only run in release mode") - #endif - } - func testVerifier() async { - for _ in 0..<100 { - await verifier() - } - } - - func testPraseWebPKIRoots() { - let runParseWebPKIRoots = parseWebPKIRoots() - for _ in 0..<1000 { - runParseWebPKIRoots() - } - } - - func testTinyArrayNonAllocationFunctions() { - for _ in 0..<1000 { - tinyArrayNonAllocationFunctions() - } - } - - func testTinyArrayAppend() { - for _ in 0..<1000 { - tinyArrayAppend() - } - } -} diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 62f33178..00000000 --- a/benchmarks/Thresholds/5.7/BenchmarksRunner.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 213, - "releaseCount" : 7418, - "retainCount" : 6982, - "retainReleaseDelta" : 436 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json deleted file mode 100644 index efa04ea5..00000000 --- a/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 26, - "releaseCount" : 13, - "retainCount" : 1, - "retainReleaseDelta" : 12 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json deleted file mode 100644 index b7987e54..00000000 --- a/benchmarks/Thresholds/5.7/BenchmarksRunner.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1250 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..c0863a40 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 197, + "releaseCount" : 7425, + "retainCount" : 6989, + "retainReleaseDelta" : 436 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..7de7819b --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 10, + "releaseCount" : 19, + "retainCount" : 7, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..2c6aa012 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 0, + "releaseCount" : 8, + "retainCount" : 7, + "retainReleaseDelta" : 1 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..af632d19 --- /dev/null +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1234 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index b4495382..00000000 --- a/benchmarks/Thresholds/5.8/BenchmarksRunner.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 213, - "releaseCount" : 6960, - "retainCount" : 6574, - "retainReleaseDelta" : 386 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index b015ade2..00000000 --- a/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 16, - "releaseCount" : 2, - "retainCount" : 1, - "retainReleaseDelta" : 1 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json deleted file mode 100644 index b7987e54..00000000 --- a/benchmarks/Thresholds/5.8/BenchmarksRunner.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1250 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..11fa1191 --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 197, + "releaseCount" : 6967, + "retainCount" : 6581, + "retainReleaseDelta" : 386 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..7de7819b --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 10, + "releaseCount" : 19, + "retainCount" : 7, + "retainReleaseDelta" : 12 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..2c6aa012 --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 0, + "releaseCount" : 8, + "retainCount" : 7, + "retainReleaseDelta" : 1 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..af632d19 --- /dev/null +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1234 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 69a3e2c7..00000000 --- a/benchmarks/Thresholds/5.9/BenchmarksRunner.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 215, - "releaseCount" : 6760, - "retainCount" : 6374, - "retainReleaseDelta" : 386 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index b015ade2..00000000 --- a/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 16, - "releaseCount" : 2, - "retainCount" : 1, - "retainReleaseDelta" : 1 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json deleted file mode 100644 index 78abae6a..00000000 --- a/benchmarks/Thresholds/5.9/BenchmarksRunner.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1249 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..3ea07836 --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 197, + "releaseCount" : 6761, + "retainCount" : 6375, + "retainReleaseDelta" : 386 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json similarity index 73% rename from benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json index efa04ea5..9ca5e3f0 100644 --- a/benchmarks/Thresholds/5.9/BenchmarksRunner.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 26, + "mallocCountTotal" : 10, "releaseCount" : 13, "retainCount" : 1, "retainReleaseDelta" : 12 diff --git a/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json similarity index 73% rename from benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index b015ade2..aeb1aaf5 100644 --- a/benchmarks/Thresholds/5.7/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 16, + "mallocCountTotal" : 0, "releaseCount" : 2, "retainCount" : 1, "retainReleaseDelta" : 1 diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..53a8379e --- /dev/null +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1233 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index a0ddbf71..00000000 --- a/benchmarks/Thresholds/main/BenchmarksRunner.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 213, - "releaseCount" : 4199, - "retainCount" : 3775, - "retainReleaseDelta" : 424 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json deleted file mode 100644 index efa04ea5..00000000 --- a/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 26, - "releaseCount" : 13, - "retainCount" : 1, - "retainReleaseDelta" : 12 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json b/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json deleted file mode 100644 index 5fa12148..00000000 --- a/benchmarks/Thresholds/main/BenchmarksRunner.Verifier.p90.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "mallocCountTotal" : 1253 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..cdc0b490 --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 197, + "releaseCount" : 4200, + "retainCount" : 3776, + "retainReleaseDelta" : 424 +} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json similarity index 73% rename from benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray.append(_:).p90.json rename to benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json index efa04ea5..9ca5e3f0 100644 --- a/benchmarks/Thresholds/5.8/BenchmarksRunner.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 26, + "mallocCountTotal" : 10, "releaseCount" : 13, "retainCount" : 1, "retainReleaseDelta" : 12 diff --git a/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json similarity index 73% rename from benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json rename to benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 6579116f..c005b120 100644 --- a/benchmarks/Thresholds/main/BenchmarksRunner.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,5 +1,5 @@ { - "mallocCountTotal" : 20, + "mallocCountTotal" : 0, "releaseCount" : 1, "retainCount" : 1, "retainReleaseDelta" : 0 diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..53a8379e --- /dev/null +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,3 @@ +{ + "mallocCountTotal" : 1233 +} \ No newline at end of file From 680a4154961a80d23ff693a9dbd942852124bda5 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Tue, 12 Sep 2023 15:51:01 +0100 Subject: [PATCH 26/44] update swift-format script --- scripts/run-swift-format.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/run-swift-format.sh b/scripts/run-swift-format.sh index 0311d152..33f89257 100644 --- a/scripts/run-swift-format.sh +++ b/scripts/run-swift-format.sh @@ -39,7 +39,7 @@ swiftformat_bin=${swiftformat_bin:-$(command -v swift-format)} || fatal "❌ swi "${swiftformat_bin}" lint \ --parallel --recursive --strict \ "${repo_root}/Sources" "${repo_root}/Tests" \ - "${repo_root}/benchmarks/Benchmarks" "${repo_root}/benchmarks/Sources" "${repo_root}/benchmarks/Tests" \ + "${repo_root}/benchmarks/Benchmarks" \ && swift_format_rc=$? || swift_format_rc=$? if [[ "${swift_format_rc}" -ne 0 ]]; then @@ -47,7 +47,7 @@ if [[ "${swift_format_rc}" -ne 0 ]]; then To fix, run the following command: - % swift-format format --parallel --recursive --in-place Sources Tests benchmarks/Benchmarks benchmarks/Sources benchmarks/Tests + % swift-format format --parallel --recursive --in-place Sources Tests benchmarks/Benchmarks " exit "${swift_format_rc}" fi From a6a14c955cfc810058b975beb9cf06d8669ad0e7 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Wed, 13 Sep 2023 16:09:23 +0100 Subject: [PATCH 27/44] enable arc for `Verifier` --- benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index 9de687b5..1c58183b 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -20,7 +20,7 @@ let benchmarks = { metrics: [.mallocCountTotal, .syscalls] + .arc ) - Benchmark("Verifier", configuration: .init(metrics: [.mallocCountTotal, .syscalls])) { benchmark in + Benchmark("Verifier") { benchmark in for _ in benchmark.scaledIterations { await verifier() } From c79bad9a3d2333216f41e1b458fff0566d0cf682 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 11:08:55 +0100 Subject: [PATCH 28/44] update to `package-benchmark` `1.11.0` --- benchmarks/Package.swift | 2 +- .../5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 7 ++++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 7 ++++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 5 +++-- .../Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json | 6 +++++- .../5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 7 ++++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 7 ++++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 5 +++-- .../Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json | 6 +++++- .../5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 7 ++++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 7 ++++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 5 +++-- .../Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json | 6 +++++- .../main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 7 ++++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 7 ++++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 5 +++-- .../main/CertificatesBenchmark.Verifier.p90.json | 6 +++++- 17 files changed, 65 insertions(+), 37 deletions(-) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index 1bfeeed8..f10c0572 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -22,7 +22,7 @@ let package = Package( ], dependencies: [ .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", branch: "support-failure-on-improvement"), + .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.11.0"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), ], diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index c0863a40..f63fdcf8 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 197, - "releaseCount" : 7425, - "retainCount" : 6989, - "retainReleaseDelta" : 436 + "objectAllocCount" : 148, + "releaseCount" : 7418, + "retainCount" : 6982, + "retainReleaseDelta" : 288 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json index 7de7819b..faafc089 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 10, - "releaseCount" : 19, - "retainCount" : 7, - "retainReleaseDelta" : 12 + "objectAllocCount" : 10, + "releaseCount" : 12, + "retainCount" : 0, + "retainReleaseDelta" : 2 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 2c6aa012..d06674f7 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 0, - "releaseCount" : 8, - "retainCount" : 7, + "objectAllocCount" : 0, + "releaseCount" : 1, + "retainCount" : 0, "retainReleaseDelta" : 1 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json index af632d19..52ceac5d 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json @@ -1,3 +1,7 @@ { - "mallocCountTotal" : 1234 + "mallocCountTotal" : 1234, + "objectAllocCount" : 708, + "releaseCount" : 27520, + "retainCount" : 26539, + "retainReleaseDelta" : 273 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 11fa1191..531827b4 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 197, - "releaseCount" : 6967, - "retainCount" : 6581, - "retainReleaseDelta" : 386 + "objectAllocCount" : 148, + "releaseCount" : 6960, + "retainCount" : 6574, + "retainReleaseDelta" : 238 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json index 7de7819b..faafc089 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 10, - "releaseCount" : 19, - "retainCount" : 7, - "retainReleaseDelta" : 12 + "objectAllocCount" : 10, + "releaseCount" : 12, + "retainCount" : 0, + "retainReleaseDelta" : 2 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 2c6aa012..d06674f7 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 0, - "releaseCount" : 8, - "retainCount" : 7, + "objectAllocCount" : 0, + "releaseCount" : 1, + "retainCount" : 0, "retainReleaseDelta" : 1 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json index af632d19..3d8095ec 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json @@ -1,3 +1,7 @@ { - "mallocCountTotal" : 1234 + "mallocCountTotal" : 1234, + "objectAllocCount" : 708, + "releaseCount" : 19461, + "retainCount" : 18531, + "retainReleaseDelta" : 222 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 3ea07836..5e97d33a 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 197, - "releaseCount" : 6761, - "retainCount" : 6375, - "retainReleaseDelta" : 386 + "objectAllocCount" : 148, + "releaseCount" : 6760, + "retainCount" : 6374, + "retainReleaseDelta" : 238 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json index 9ca5e3f0..faafc089 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 10, - "releaseCount" : 13, - "retainCount" : 1, - "retainReleaseDelta" : 12 + "objectAllocCount" : 10, + "releaseCount" : 12, + "retainCount" : 0, + "retainReleaseDelta" : 2 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index aeb1aaf5..d06674f7 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 0, - "releaseCount" : 2, - "retainCount" : 1, + "objectAllocCount" : 0, + "releaseCount" : 1, + "retainCount" : 0, "retainReleaseDelta" : 1 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json index 53a8379e..d2238fed 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json @@ -1,3 +1,7 @@ { - "mallocCountTotal" : 1233 + "mallocCountTotal" : 1233, + "objectAllocCount" : 708, + "releaseCount" : 15698, + "retainCount" : 14768, + "retainReleaseDelta" : 222 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index cdc0b490..79006194 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 197, - "releaseCount" : 4200, - "retainCount" : 3776, - "retainReleaseDelta" : 424 + "objectAllocCount" : 148, + "releaseCount" : 4199, + "retainCount" : 3775, + "retainReleaseDelta" : 276 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json index 9ca5e3f0..faafc089 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 10, - "releaseCount" : 13, - "retainCount" : 1, - "retainReleaseDelta" : 12 + "objectAllocCount" : 10, + "releaseCount" : 12, + "retainCount" : 0, + "retainReleaseDelta" : 2 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index c005b120..1d184750 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,6 +1,7 @@ { "mallocCountTotal" : 0, - "releaseCount" : 1, - "retainCount" : 1, + "objectAllocCount" : 0, + "releaseCount" : 0, + "retainCount" : 0, "retainReleaseDelta" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json index 53a8379e..32589160 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json @@ -1,3 +1,7 @@ { - "mallocCountTotal" : 1233 + "mallocCountTotal" : 1233, + "objectAllocCount" : 708, + "releaseCount" : 14083, + "retainCount" : 13152, + "retainReleaseDelta" : 223 } \ No newline at end of file From 7421ca4b07ea408d095a615ad58db2751e97c8a6 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:21:38 +0100 Subject: [PATCH 29/44] update to `package-benchmark` `1.11.1` --- benchmarks/Package.swift | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift index f10c0572..f2dad563 100644 --- a/benchmarks/Package.swift +++ b/benchmarks/Package.swift @@ -22,7 +22,7 @@ let package = Package( ], dependencies: [ .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.11.0"), + .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.11.1"), .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), ], From b877e99ae764cd6a57111352e56b544cb478aa76 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:21:48 +0100 Subject: [PATCH 30/44] update benchmark metrics --- .../CertificatesBenchmark/Benchmarks.swift | 15 +++++++++++++-- .../5.7/CertificatesBenchmark.Verifier.p90.json | 4 ++-- .../5.8/CertificatesBenchmark.Verifier.p90.json | 4 ++-- .../5.9/CertificatesBenchmark.Verifier.p90.json | 4 ++-- 4 files changed, 19 insertions(+), 8 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index 1c58183b..2e5db725 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -17,10 +17,21 @@ import Foundation let benchmarks = { Benchmark.defaultConfiguration = .init( - metrics: [.mallocCountTotal, .syscalls] + .arc + metrics: [ + .mallocCountTotal, + .syscalls, + .readSyscalls, + .writeSyscalls, + .memoryLeaked, + .retainCount, + .retainCount, + ] ) + + var configWithoutRetainRelease = Benchmark.defaultConfiguration + configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) - Benchmark("Verifier") { benchmark in + Benchmark("Verifier", configuration: ) { benchmark in for _ in benchmark.scaledIterations { await verifier() } diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json index 52ceac5d..3fd9f37a 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 1234, "objectAllocCount" : 708, - "releaseCount" : 27520, - "retainCount" : 26539, + "releaseCount" : 26707, + "retainCount" : 25726, "retainReleaseDelta" : 273 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json index 3d8095ec..7f0c75f6 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 1234, "objectAllocCount" : 708, - "releaseCount" : 19461, - "retainCount" : 18531, + "releaseCount" : 19636, + "retainCount" : 18706, "retainReleaseDelta" : 222 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json index d2238fed..2f5f8dbe 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 1233, "objectAllocCount" : 708, - "releaseCount" : 15698, - "retainCount" : 14768, + "releaseCount" : 15687, + "retainCount" : 14757, "retainReleaseDelta" : 222 } \ No newline at end of file From cea0ab57ddd0b705749ea226067ef430811faa34 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:30:44 +0100 Subject: [PATCH 31/44] update metrics captured --- .../Benchmarks/CertificatesBenchmark/Benchmarks.swift | 2 +- .../5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 6 +++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 6 +++--- .../Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json | 7 +++---- .../5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 6 +++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 6 +++--- .../Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json | 7 +++---- .../5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 6 +++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 6 +++--- .../Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json | 7 +++---- .../main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 6 +++--- .../CertificatesBenchmark.TinyArray.append(_:).p90.json | 6 +++--- ...esBenchmark.TinyArray_non-allocating_functions.p90.json | 6 +++--- .../main/CertificatesBenchmark.Verifier.p90.json | 7 +++---- 17 files changed, 49 insertions(+), 53 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index 2e5db725..4a46736b 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -31,7 +31,7 @@ let benchmarks = { var configWithoutRetainRelease = Benchmark.defaultConfiguration configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) - Benchmark("Verifier", configuration: ) { benchmark in + Benchmark("Verifier", configuration: configWithoutRetainRelease) { benchmark in for _ in benchmark.scaledIterations { await verifier() } diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index f63fdcf8..1c0bc11e 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 197, - "objectAllocCount" : 148, - "releaseCount" : 7418, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 6982, - "retainReleaseDelta" : 288 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json index faafc089..0ac06358 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 10, - "objectAllocCount" : 10, - "releaseCount" : 12, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 2 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index d06674f7..47594dcb 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 0, - "objectAllocCount" : 0, - "releaseCount" : 1, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 1 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json index 3fd9f37a..61a21692 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,6 @@ { "mallocCountTotal" : 1234, - "objectAllocCount" : 708, - "releaseCount" : 26707, - "retainCount" : 25726, - "retainReleaseDelta" : 273 + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 531827b4..2b76a42d 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 197, - "objectAllocCount" : 148, - "releaseCount" : 6960, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 6574, - "retainReleaseDelta" : 238 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json index faafc089..0ac06358 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 10, - "objectAllocCount" : 10, - "releaseCount" : 12, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 2 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index d06674f7..47594dcb 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 0, - "objectAllocCount" : 0, - "releaseCount" : 1, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 1 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json index 7f0c75f6..61a21692 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,6 @@ { "mallocCountTotal" : 1234, - "objectAllocCount" : 708, - "releaseCount" : 19636, - "retainCount" : 18706, - "retainReleaseDelta" : 222 + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 5e97d33a..452a2fe4 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 197, - "objectAllocCount" : 148, - "releaseCount" : 6760, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 6374, - "retainReleaseDelta" : 238 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json index faafc089..0ac06358 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 10, - "objectAllocCount" : 10, - "releaseCount" : 12, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 2 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index d06674f7..47594dcb 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 0, - "objectAllocCount" : 0, - "releaseCount" : 1, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 1 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json index 2f5f8dbe..42f48a8d 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,6 @@ { "mallocCountTotal" : 1233, - "objectAllocCount" : 708, - "releaseCount" : 15687, - "retainCount" : 14757, - "retainReleaseDelta" : 222 + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 79006194..4b00b62f 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 197, - "objectAllocCount" : 148, - "releaseCount" : 4199, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 3775, - "retainReleaseDelta" : 276 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json index faafc089..0ac06358 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 10, - "objectAllocCount" : 10, - "releaseCount" : 12, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 2 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 1d184750..47594dcb 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -1,7 +1,7 @@ { "mallocCountTotal" : 0, - "objectAllocCount" : 0, - "releaseCount" : 0, + "memoryLeaked" : 0, + "readSyscalls" : 0, "retainCount" : 0, - "retainReleaseDelta" : 0 + "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json index 32589160..42f48a8d 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json @@ -1,7 +1,6 @@ { "mallocCountTotal" : 1233, - "objectAllocCount" : 708, - "releaseCount" : 14083, - "retainCount" : 13152, - "retainReleaseDelta" : 223 + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 } \ No newline at end of file From 05943cb0badcfaed46b447696263d6b1e39f3caa Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:44:50 +0100 Subject: [PATCH 32/44] include release count --- benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift | 5 +++-- .../5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 1 + .../5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json | 1 + ...atesBenchmark.TinyArray_non-allocating_functions.p90.json | 1 + .../5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 1 + .../5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json | 1 + ...atesBenchmark.TinyArray_non-allocating_functions.p90.json | 1 + .../5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 1 + .../5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json | 1 + ...atesBenchmark.TinyArray_non-allocating_functions.p90.json | 1 + .../main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json | 1 + .../main/CertificatesBenchmark.TinyArray.append(_:).p90.json | 1 + ...atesBenchmark.TinyArray_non-allocating_functions.p90.json | 1 + 13 files changed, 15 insertions(+), 2 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index 4a46736b..d70c3f8a 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -24,13 +24,14 @@ let benchmarks = { .writeSyscalls, .memoryLeaked, .retainCount, - .retainCount, + .releaseCount, ] ) var configWithoutRetainRelease = Benchmark.defaultConfiguration configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) - + + // async code is currently still quite flaky in the number of retain/release it does so we don't measure them today Benchmark("Verifier", configuration: configWithoutRetainRelease) { benchmark in for _ in benchmark.scaledIterations { await verifier() diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 1c0bc11e..18c7a1ea 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 197, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 7418, "retainCount" : 6982, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json index 0ac06358..dcdfad82 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 10, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 12, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 47594dcb..bd773412 100644 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 0, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 1, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 2b76a42d..67baa2f2 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 197, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 6960, "retainCount" : 6574, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json index 0ac06358..dcdfad82 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 10, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 12, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 47594dcb..bd773412 100644 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 0, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 1, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 452a2fe4..52255701 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 197, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 6760, "retainCount" : 6374, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json index 0ac06358..dcdfad82 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 10, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 12, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 47594dcb..bd773412 100644 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 0, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 1, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json index 4b00b62f..caca0609 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 197, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 4199, "retainCount" : 3775, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json index 0ac06358..dcdfad82 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 10, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 12, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json index 47594dcb..8e9ac913 100644 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -2,6 +2,7 @@ "mallocCountTotal" : 0, "memoryLeaked" : 0, "readSyscalls" : 0, + "releaseCount" : 0, "retainCount" : 0, "writeSyscalls" : 0 } \ No newline at end of file From 0322b9f2ccf9245331aa0c691405fd9d3856cd9c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:47:13 +0100 Subject: [PATCH 33/44] move `.benchmarkBaselines` to nested `.gitignore` --- .gitignore | 2 -- benchmarks/.gitignore | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 125b6f6c..2c654dc1 100644 --- a/.gitignore +++ b/.gitignore @@ -10,5 +10,3 @@ DerivedData/ Package.resolved .swiftpm /out - -/benchmarks/.benchmarkBaselines diff --git a/benchmarks/.gitignore b/benchmarks/.gitignore index 0023a534..e4ada293 100644 --- a/benchmarks/.gitignore +++ b/benchmarks/.gitignore @@ -6,3 +6,4 @@ DerivedData/ .swiftpm/configuration/registries.json .swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata .netrc +.benchmarkBaselines \ No newline at end of file From 24f57528181c1cdc5c436fdc80ab5c19f61e6c73 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 14 Sep 2023 14:53:08 +0100 Subject: [PATCH 34/44] swift-format --- benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift index d70c3f8a..3ae5a0ea 100644 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -27,10 +27,10 @@ let benchmarks = { .releaseCount, ] ) - + var configWithoutRetainRelease = Benchmark.defaultConfiguration configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) - + // async code is currently still quite flaky in the number of retain/release it does so we don't measure them today Benchmark("Verifier", configuration: configWithoutRetainRelease) { benchmark in for _ in benchmark.scaledIterations { From 4eaf659f14fedadc83fac6ada064ecde8e083364 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 10:43:48 +0100 Subject: [PATCH 35/44] Fix `.gitignore` --- benchmarks/.gitignore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/benchmarks/.gitignore b/benchmarks/.gitignore index e4ada293..2517bcdf 100644 --- a/benchmarks/.gitignore +++ b/benchmarks/.gitignore @@ -6,4 +6,4 @@ DerivedData/ .swiftpm/configuration/registries.json .swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata .netrc -.benchmarkBaselines \ No newline at end of file +.benchmarkBaselines/ \ No newline at end of file From 9dcdb7dabb1e49e31b819f55dff24b45597f7a8f Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:01:13 +0100 Subject: [PATCH 36/44] Add documentation --- README.md | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/README.md b/README.md index b1e7219d..463ec387 100644 --- a/README.md +++ b/README.md @@ -48,3 +48,24 @@ dependencies: [ ``` For detailed usage and API documentation, check [the documentation](https://swiftpackageindex.com/apple/swift-certificates/main/documentation/x509). + +## Benchmarks + +Benchmarks for `swift-certificates` are in a separate Swift Package in the `benchmarks` subfolder of this repository. +They use the [`package-benchmark`](https://github.com/ordo-one/package-benchmark) plugin. +Benchmarks depends on the [`jemalloc`](https://jemalloc.net) memory allocation library, which is used by `package-benchmark` to capture memory allocation statistics. +An installation guide can be found in the [Getting Started article](https://swiftpackageindex.com/ordo-one/package-benchmark/1.11.1/documentation/benchmark/gettingstarted#Installing-Prerequisites-and-Platform-Support) of `package-benchmark`. +Afterwards you can run the benchmarks from CLI by going to the `benchmarks` subfolder (e.g. `cd benchmarks`) and invoking: +``` +swift package benchmark +``` + +Profiling benchmarks in Xcode (or building the benchmarks in release mode) with `jemalloc` is currently not supported and requires disabling `jemalloc`. +Make sure Xcode is closed and then open it from the CLI with the `BENCHMARK_DISABLE_JEMALLOC=true` environment variable set e.g.: +``` +BENCHMARK_DISABLE_JEMALLOC=true xed . +``` + + +For more information please refer to `swift package benchmark --help` or the [documentation of `package-benchmark`](https://swiftpackageindex.com/ordo-one/package-benchmark/1.11.1/documentation/benchmark). + From 4a3f645bbe41d48f81a089f6e655208594dd7c32 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:03:22 +0100 Subject: [PATCH 37/44] change wording --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 463ec387..d70bd682 100644 --- a/README.md +++ b/README.md @@ -60,7 +60,7 @@ Afterwards you can run the benchmarks from CLI by going to the `benchmarks` subf swift package benchmark ``` -Profiling benchmarks in Xcode (or building the benchmarks in release mode) with `jemalloc` is currently not supported and requires disabling `jemalloc`. +Profiling benchmarks or building the benchmarks in release mode in Xcode with `jemalloc` is currently not supported and requires disabling `jemalloc`. Make sure Xcode is closed and then open it from the CLI with the `BENCHMARK_DISABLE_JEMALLOC=true` environment variable set e.g.: ``` BENCHMARK_DISABLE_JEMALLOC=true xed . From a2f65b84aac2eb05ae9fc98f96c3de9198ce3bf2 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:09:42 +0100 Subject: [PATCH 38/44] remove version number --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index d70bd682..7b93c7ba 100644 --- a/README.md +++ b/README.md @@ -54,7 +54,7 @@ For detailed usage and API documentation, check [the documentation](https://swif Benchmarks for `swift-certificates` are in a separate Swift Package in the `benchmarks` subfolder of this repository. They use the [`package-benchmark`](https://github.com/ordo-one/package-benchmark) plugin. Benchmarks depends on the [`jemalloc`](https://jemalloc.net) memory allocation library, which is used by `package-benchmark` to capture memory allocation statistics. -An installation guide can be found in the [Getting Started article](https://swiftpackageindex.com/ordo-one/package-benchmark/1.11.1/documentation/benchmark/gettingstarted#Installing-Prerequisites-and-Platform-Support) of `package-benchmark`. +An installation guide can be found in the [Getting Started article](https://swiftpackageindex.com/ordo-one/package-benchmark/documentation/benchmark/gettingstarted#Installing-Prerequisites-and-Platform-Support) of `package-benchmark`. Afterwards you can run the benchmarks from CLI by going to the `benchmarks` subfolder (e.g. `cd benchmarks`) and invoking: ``` swift package benchmark @@ -67,5 +67,5 @@ BENCHMARK_DISABLE_JEMALLOC=true xed . ``` -For more information please refer to `swift package benchmark --help` or the [documentation of `package-benchmark`](https://swiftpackageindex.com/ordo-one/package-benchmark/1.11.1/documentation/benchmark). +For more information please refer to `swift package benchmark --help` or the [documentation of `package-benchmark`](https://swiftpackageindex.com/ordo-one/package-benchmark/documentation/benchmark). From 24588c29a3320d48f0b487f7e7d0cdef1b60e891 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:53:01 +0100 Subject: [PATCH 39/44] remove benchmarks folder --- benchmarks/.gitignore | 9 - .../CertificatesBenchmark/Benchmarks.swift | 60 -- .../CertificatesBenchmark/ParseWebPKI.swift | 159 ----- .../TinyArrayAppend.swift | 28 - .../TinyArrayNonAllocationFunctions.swift | 27 - .../VerifierBenchmark.swift | 666 ------------------ benchmarks/Package.swift | 44 -- ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 - ...tesBenchmark.TinyArray.append(_:).p90.json | 8 - ...inyArray_non-allocating_functions.p90.json | 8 - .../CertificatesBenchmark.Verifier.p90.json | 6 - ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 - ...tesBenchmark.TinyArray.append(_:).p90.json | 8 - ...inyArray_non-allocating_functions.p90.json | 8 - .../CertificatesBenchmark.Verifier.p90.json | 6 - ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 - ...tesBenchmark.TinyArray.append(_:).p90.json | 8 - ...inyArray_non-allocating_functions.p90.json | 8 - .../CertificatesBenchmark.Verifier.p90.json | 6 - ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 - ...tesBenchmark.TinyArray.append(_:).p90.json | 8 - ...inyArray_non-allocating_functions.p90.json | 8 - .../CertificatesBenchmark.Verifier.p90.json | 6 - 23 files changed, 1113 deletions(-) delete mode 100644 benchmarks/.gitignore delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift delete mode 100644 benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift delete mode 100644 benchmarks/Package.swift delete mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json delete mode 100644 benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json diff --git a/benchmarks/.gitignore b/benchmarks/.gitignore deleted file mode 100644 index 2517bcdf..00000000 --- a/benchmarks/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -.DS_Store -/.build -/Packages -xcuserdata/ -DerivedData/ -.swiftpm/configuration/registries.json -.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata -.netrc -.benchmarkBaselines/ \ No newline at end of file diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift deleted file mode 100644 index 3ae5a0ea..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift +++ /dev/null @@ -1,60 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import Foundation - -let benchmarks = { - Benchmark.defaultConfiguration = .init( - metrics: [ - .mallocCountTotal, - .syscalls, - .readSyscalls, - .writeSyscalls, - .memoryLeaked, - .retainCount, - .releaseCount, - ] - ) - - var configWithoutRetainRelease = Benchmark.defaultConfiguration - configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) - - // async code is currently still quite flaky in the number of retain/release it does so we don't measure them today - Benchmark("Verifier", configuration: configWithoutRetainRelease) { benchmark in - for _ in benchmark.scaledIterations { - await verifier() - } - } - - Benchmark("Parse WebPKI Roots") { benchmark, run in - for _ in benchmark.scaledIterations { - run() - } - } setup: { - parseWebPKIRootsSetup() - } - - Benchmark("TinyArray non-allocating functions") { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayNonAllocationFunctions() - } - } - - Benchmark("TinyArray.append(_:)") { benchmark in - for _ in benchmark.scaledIterations { - tinyArrayAppend() - } - } -} diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift b/benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift deleted file mode 100644 index cdec0dae..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift +++ /dev/null @@ -1,159 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import X509 -import SwiftASN1 -import Foundation - -public func parseWebPKIRootsSetup() -> () -> Void { - let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } - return { - for derEncodedCA in derEncodedCAs { - blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) - } - } -} - -enum WebPKI { - static let all = [br, af, cf, dz, de] - static let br = """ - -----BEGIN CERTIFICATE----- - MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx - KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd - BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl - YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 - OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy - aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 - ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G - CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN - 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ - RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 - hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 - ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM - EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj - QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 - A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy - WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ - 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 - 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT - 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml - e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p - TpPDpFQUWw== - -----END CERTIFICATE----- - """ - static let af = """ - -----BEGIN CERTIFICATE----- - MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x - GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv - b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV - BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W - YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa - GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg - Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J - WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB - rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp - +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 - ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i - Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz - PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og - /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH - oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI - yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud - EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 - A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL - MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT - ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f - BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn - g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl - fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K - WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha - B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc - hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR - TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD - mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z - ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y - 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza - 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u - -----END CERTIFICATE----- - """ - static let cf = """ - -----BEGIN CERTIFICATE----- - MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw - CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu - ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg - RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV - UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu - Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq - hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf - Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q - RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ - BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD - AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY - JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv - 6pZjamVFkpUBtA== - -----END CERTIFICATE----- - """ - static let dz = """ - -----BEGIN CERTIFICATE----- - MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD - VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf - BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 - YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x - NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G - A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 - d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF - Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG - SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN - FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w - DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw - CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh - DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 - -----END CERTIFICATE----- - """ - static let de = """ - -----BEGIN CERTIFICATE----- - MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE - BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ - IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 - MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV - BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w - HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF - AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj - Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj - TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u - KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj - qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm - MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 - ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP - zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk - L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC - jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA - HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC - AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB - /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg - p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm - DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 - COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry - L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf - JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg - IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io - 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV - 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ - XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq - T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe - MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== - -----END CERTIFICATE----- - """ -} diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift deleted file mode 100644 index 114116d0..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift +++ /dev/null @@ -1,28 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import _CertificateInternals - -public func tinyArrayAppend() { - var count = 0 - - var tinyArray = _TinyArray() - for i in 0..<1000 { - tinyArray.append(i) - } - count += tinyArray.count - - blackHole(count) -} diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift b/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift deleted file mode 100644 index 67f33353..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift +++ /dev/null @@ -1,27 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import _CertificateInternals - -public func tinyArrayNonAllocationFunctions() { - var counts = 0 - counts += _TinyArray(CollectionOfOne(1)).count - - var array = _TinyArray() - array.append(contentsOf: CollectionOfOne(1)) - counts += array.count - - blackHole(counts) -} diff --git a/benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift b/benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift deleted file mode 100644 index 2dd3f3da..00000000 --- a/benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift +++ /dev/null @@ -1,666 +0,0 @@ -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import Benchmark -import X509 -import Foundation -import Crypto -import SwiftASN1 - -public func verifier() async { - var counts = 0 - - counts += await testAllSuccessfulValidations() - counts += await testAllUnsuccessfulValidations() - - blackHole(counts) -} - -// MARK: - successful validation - -func testAllSuccessfulValidations() async -> Int { - var counts = 0 - counts += await testTrivialChainBuilding() - counts += await testExtraRootsAreIgnored() - counts += await testPuttingRootsInTheIntermediariesIsntAProblem() - counts += await testSupportsCrossSignedRootWithoutTrouble() - counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() - counts += await testPrefersToUseIntermediatesWithSKIThatMatches() - counts += await testPrefersNoSKIToNonMatchingSKI() - counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() - counts += await testPolicyFailuresCanFindLongerPaths() - counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() - counts += await testTrustRootsCanBeNonSelfSignedLeaves() - counts += await testTrustRootsCanBeNonSelfSignedIntermediates() - return counts -} - -func testTrivialChainBuilding() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testExtraRootsAreIgnored() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSupportsCrossSignedRootWithoutTrouble() async -> Int { - let roots = CertificateStore([TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([ - TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, - ]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testPrefersNoSKIToNonMatchingSKI() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([ - TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI, - ]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { - let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([ - TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1, - ]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - return chain.count -} - -func testPolicyFailuresCanFindLongerPaths() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) - - var verifier = Verifier(rootCertificates: roots) { - FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) - RFC5280Policy(validationTime: TestCertificate.referenceTime) - } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([ - TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, - ]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.isolatedSelfSignedCert, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { - // we use a custom policy here to ignore the fact that the basic constraints extension is critical. - struct IgnoreBasicConstraintsPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] - - func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - return .meetsPolicy - } - } - - let roots = CertificateStore([TestCertificate.localhostLeaf]) - - var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { - let roots = CertificateStore([TestCertificate.intermediate1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .validCertificate(let chain) = result else { - fatalError("Failed to validate: \(result)") - } - - return chain.count -} - -// MARK: - unsuccessful validation - -func testAllUnsuccessfulValidations() async -> Int { - var counts = 0 - counts += await testWePoliceCriticalExtensionsOnLeafCerts() - counts += await testMissingIntermediateFailsToBuild() - counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() - counts += await testMissingRootFailsToBuild() - return counts -} - -func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { - let roots = CertificateStore([ - TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, - ]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - - return policyResults.count -} - -func testMissingIntermediateFailsToBuild() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([]) - ) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { - let roots = CertificateStore([TestCertificate.ca1]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.isolatedSelfSignedCert, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Incorrectly validated: \(result)") - } - return policyResults.count -} - -func testMissingRootFailsToBuild() async -> Int { - let roots = CertificateStore([]) - - var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } - let result = await verifier.validate( - leafCertificate: TestCertificate.localhostLeaf, - intermediates: CertificateStore([TestCertificate.intermediate1]) - ) - - guard case .couldNotValidate(let policyResults) = result else { - fatalError("Accidentally validated: \(result)") - } - - return policyResults.count -} - -private struct FailIfCertInChainPolicy: VerifierPolicy { - let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] - - private let forbiddenCert: Certificate - - init(forbiddenCert: Certificate) { - self.forbiddenCert = forbiddenCert - } - - func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { - guard chain.contains(self.forbiddenCert) else { - return .meetsPolicy - } - return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") - } -} - -enum TestCertificate { - static let referenceTime = Date() - - static let all = [ - ca1, - ca1CrossSignedByCA2, - ca1WithAlternativePrivateKey, - ca2, - ca2CrossSignedByCA1, - intermediate1, - intermediate1WithoutSKIAKI, - intermediate1WithIncorrectSKIAKI, - localhostLeaf, - isolatedSelfSignedCert, - isolatedSelfSignedCertWithWeirdCriticalExtension, - ] - - private static let ca1PrivateKey = P384.Signing.PrivateKey() - private static let ca1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 1") - } - static let ca1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) - ) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let ca1CrossSignedByCA2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca2Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) - ) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() - static let ca1WithAlternativePrivateKey: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca1AlternativePrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca1Name, - subject: ca1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice( - Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation) - ) - ) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let ca2PrivateKey = P384.Signing.PrivateKey() - private static let ca2Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test CA 2") - } - static let ca2: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(3650), - issuer: ca2Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) - ) - }, - issuerPrivateKey: .init(ca2PrivateKey) - ) - }() - static let ca2CrossSignedByCA1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(ca2PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: ca1Name, - subject: ca2Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) - ) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - static let intermediate1PrivateKey = P256.Signing.PrivateKey() - static let intermediate1Name = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Swift Certificate Test Intermediate CA 1") - } - static let intermediate1: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice( - Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation) - ) - ) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithoutSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - static let intermediate1WithIncorrectSKIAKI: Certificate = { - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(intermediate1PrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(5 * 365), - issuer: ca1.subject, - subject: intermediate1Name, - signatureAlgorithm: .ecdsaWithSHA384, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: 1) - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) - SubjectKeyIdentifier( - keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) - ) - }, - issuerPrivateKey: .init(ca1PrivateKey) - ) - }() - - private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() - static let localhostLeaf: Certificate = { - let localhostLeafName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("localhost") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(localhostLeafPrivateKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: intermediate1.subject, - subject: localhostLeafName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.notCertificateAuthority - ) - KeyUsage(keyCertSign: true) - AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) - }, - issuerPrivateKey: .init(intermediate1PrivateKey) - ) - }() - - private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() - static let isolatedSelfSignedCert: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() - - static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { - let isolatedSelfSignedCertName = try! DistinguishedName { - CountryName("US") - OrganizationName("Apple") - CommonName("Isolated Self-Signed Cert") - } - - return try! Certificate( - version: .v3, - serialNumber: .init(), - publicKey: .init(isolatedSelfSignedCertKey.publicKey), - notValidBefore: referenceTime - .days(365), - notValidAfter: referenceTime + .days(365), - issuer: isolatedSelfSignedCertName, - subject: isolatedSelfSignedCertName, - signatureAlgorithm: .ecdsaWithSHA256, - extensions: Certificate.Extensions { - Critical( - BasicConstraints.isCertificateAuthority(maxPathLength: nil) - ) - KeyUsage(keyCertSign: true) - - // An opaque extension that just so happens to be critical - Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) - }, - issuerPrivateKey: .init(isolatedSelfSignedCertKey) - ) - }() -} - -extension TimeInterval { - private static let oneDay: TimeInterval = 60 * 60 * 24 - - static func days(_ days: Int) -> TimeInterval { - return Double(days) * oneDay - } -} diff --git a/benchmarks/Package.swift b/benchmarks/Package.swift deleted file mode 100644 index f2dad563..00000000 --- a/benchmarks/Package.swift +++ /dev/null @@ -1,44 +0,0 @@ -// swift-tools-version: 5.7 -//===----------------------------------------------------------------------===// -// -// This source file is part of the SwiftCertificates open source project -// -// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors -// Licensed under Apache License v2.0 -// -// See LICENSE.txt for license information -// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors -// -// SPDX-License-Identifier: Apache-2.0 -// -//===----------------------------------------------------------------------===// - -import PackageDescription - -let package = Package( - name: "benchmarks", - platforms: [ - .macOS(.v13), - ], - dependencies: [ - .package(path: "../"), - .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.11.1"), - .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), - .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), - ], - targets: [ - .executableTarget( - name: "CertificatesBenchmark", - dependencies: [ - .product(name: "Benchmark", package: "package-benchmark"), - .product(name: "X509", package: "swift-certificates"), - .product(name: "SwiftASN1", package: "swift-asn1"), - .product(name: "Crypto", package: "swift-crypto"), - ], - path: "Benchmarks/CertificatesBenchmark", - plugins: [ - .plugin(name: "BenchmarkPlugin", package: "package-benchmark") - ] - ), - ] -) diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 18c7a1ea..00000000 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 197, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 7418, - "retainCount" : 6982, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json deleted file mode 100644 index dcdfad82..00000000 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 10, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 12, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index bd773412..00000000 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 0, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 1, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 61a21692..00000000 --- a/benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 1234, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 67baa2f2..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 197, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 6960, - "retainCount" : 6574, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json deleted file mode 100644 index dcdfad82..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 10, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 12, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index bd773412..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 0, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 1, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 61a21692..00000000 --- a/benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 1234, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index 52255701..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 197, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 6760, - "retainCount" : 6374, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json deleted file mode 100644 index dcdfad82..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 10, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 12, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index bd773412..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 0, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 1, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 42f48a8d..00000000 --- a/benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 1233, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json deleted file mode 100644 index caca0609..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 197, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 4199, - "retainCount" : 3775, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json deleted file mode 100644 index dcdfad82..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 10, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 12, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json deleted file mode 100644 index 8e9ac913..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "mallocCountTotal" : 0, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "releaseCount" : 0, - "retainCount" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file diff --git a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json deleted file mode 100644 index 42f48a8d..00000000 --- a/benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json +++ /dev/null @@ -1,6 +0,0 @@ -{ - "mallocCountTotal" : 1233, - "memoryLeaked" : 0, - "readSyscalls" : 0, - "writeSyscalls" : 0 -} \ No newline at end of file From 2cfc0b4c06585a657ba4898f75e85d6f4f74a4bd Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:53:14 +0100 Subject: [PATCH 40/44] add uppercase Benchmarks folder --- Benchmarks/.gitignore | 9 + .../CertificatesBenchmark/Benchmarks.swift | 60 ++ .../CertificatesBenchmark/ParseWebPKI.swift | 159 +++++ .../TinyArrayAppend.swift | 28 + .../TinyArrayNonAllocationFunctions.swift | 27 + .../VerifierBenchmark.swift | 666 ++++++++++++++++++ Benchmarks/Package.swift | 44 ++ ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 + ...tesBenchmark.TinyArray.append(_:).p90.json | 8 + ...inyArray_non-allocating_functions.p90.json | 8 + .../CertificatesBenchmark.Verifier.p90.json | 6 + ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 + ...tesBenchmark.TinyArray.append(_:).p90.json | 8 + ...inyArray_non-allocating_functions.p90.json | 8 + .../CertificatesBenchmark.Verifier.p90.json | 6 + ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 + ...tesBenchmark.TinyArray.append(_:).p90.json | 8 + ...inyArray_non-allocating_functions.p90.json | 8 + .../CertificatesBenchmark.Verifier.p90.json | 6 + ...catesBenchmark.Parse_WebPKI_Roots.p90.json | 8 + ...tesBenchmark.TinyArray.append(_:).p90.json | 8 + ...inyArray_non-allocating_functions.p90.json | 8 + .../CertificatesBenchmark.Verifier.p90.json | 6 + 23 files changed, 1113 insertions(+) create mode 100644 Benchmarks/.gitignore create mode 100644 Benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift create mode 100644 Benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift create mode 100644 Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift create mode 100644 Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift create mode 100644 Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift create mode 100644 Benchmarks/Package.swift create mode 100644 Benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 Benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json create mode 100644 Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json create mode 100644 Benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 Benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json create mode 100644 Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json create mode 100644 Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json create mode 100644 Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json create mode 100644 Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json diff --git a/Benchmarks/.gitignore b/Benchmarks/.gitignore new file mode 100644 index 00000000..2517bcdf --- /dev/null +++ b/Benchmarks/.gitignore @@ -0,0 +1,9 @@ +.DS_Store +/.build +/Packages +xcuserdata/ +DerivedData/ +.swiftpm/configuration/registries.json +.swiftpm/xcode/package.xcworkspace/contents.xcworkspacedata +.netrc +.benchmarkBaselines/ \ No newline at end of file diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift new file mode 100644 index 00000000..3ae5a0ea --- /dev/null +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/Benchmarks.swift @@ -0,0 +1,60 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import Foundation + +let benchmarks = { + Benchmark.defaultConfiguration = .init( + metrics: [ + .mallocCountTotal, + .syscalls, + .readSyscalls, + .writeSyscalls, + .memoryLeaked, + .retainCount, + .releaseCount, + ] + ) + + var configWithoutRetainRelease = Benchmark.defaultConfiguration + configWithoutRetainRelease.metrics.removeAll(where: { $0 == .retainCount || $0 == .releaseCount }) + + // async code is currently still quite flaky in the number of retain/release it does so we don't measure them today + Benchmark("Verifier", configuration: configWithoutRetainRelease) { benchmark in + for _ in benchmark.scaledIterations { + await verifier() + } + } + + Benchmark("Parse WebPKI Roots") { benchmark, run in + for _ in benchmark.scaledIterations { + run() + } + } setup: { + parseWebPKIRootsSetup() + } + + Benchmark("TinyArray non-allocating functions") { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayNonAllocationFunctions() + } + } + + Benchmark("TinyArray.append(_:)") { benchmark in + for _ in benchmark.scaledIterations { + tinyArrayAppend() + } + } +} diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift new file mode 100644 index 00000000..cdec0dae --- /dev/null +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/ParseWebPKI.swift @@ -0,0 +1,159 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import X509 +import SwiftASN1 +import Foundation + +public func parseWebPKIRootsSetup() -> () -> Void { + let derEncodedCAs = WebPKI.all.map { try! PEMDocument(pemString: $0).derBytes } + return { + for derEncodedCA in derEncodedCAs { + blackHole(try! Certificate(derEncoded: derEncodedCA).extensions.count) + } + } +} + +enum WebPKI { + static let all = [br, af, cf, dz, de] + static let br = """ + -----BEGIN CERTIFICATE----- + MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUx + KzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAd + BgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNl + YyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgxMDAxMTAyOTU2WhcNMzMxMDAxMjM1 + OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lzdGVtcyBFbnRlcnBy + aXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBDZW50 + ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0G + CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN + 8ELg63iIVl6bmlQdTQyK9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/ + RLyTPWGrTs0NvvAgJ1gORH8EGoel15YUNpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4 + hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZFiP0Zf3WHHx+xGwpzJFu5 + ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W0eDrXltM + EnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGj + QjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1 + A/d2O2GCahKqGFPrAyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOy + WL6ukK2YJ5f+AbGwUgC4TeQbIXQbfsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ + 1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzTucpH9sry9uetuUg/vBa3wW30 + 6gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7hP0HHRwA11fXT + 91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml + e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4p + TpPDpFQUWw== + -----END CERTIFICATE----- + """ + static let af = """ + -----BEGIN CERTIFICATE----- + MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0x + GTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJv + b3QgQ0EgMjAeFw0wNjExMjQxODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNV + BAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMRswGQYDVQQDExJRdW9W + YWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCa + GMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6XJxg + Fyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55J + WpzmM+Yklvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bB + rrcCaoF6qUWD4gXmuVbBlDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp + +ARz8un+XJiM9XOva7R+zdRcAitMOeGylZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1 + ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt66/3FsvbzSUr5R/7mp/i + Ucw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1JdxnwQ5hYIiz + PtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og + /zOhD7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UH + oycR7hYQe7xFSkyyBNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuI + yV77zGHcizN300QyNQliBJIWENieJ0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1Ud + EwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBQahGK8SEwzJQTU7tD2 + A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGUa6FJpEcwRTEL + MAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT + ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2f + BluornFdLwUvZ+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzn + g/iN/Ae42l9NLmeyhP3ZRPx3UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2Bl + fF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodmVjB3pjd4M1IQWK4/YY7yarHvGH5K + WWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK+JDSV6IZUaUtl0Ha + B0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrWIozc + hLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPR + TUIZ3Ph1WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWD + mbA4CD/pXvk1B+TJYm5Xf6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0Z + ohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y + 4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8VCLAAVBpQ570su9t+Oza + 8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u + -----END CERTIFICATE----- + """ + static let cf = """ + -----BEGIN CERTIFICATE----- + MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQsw + CQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cu + ZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3Qg + RzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBlMQswCQYDVQQGEwJV + UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu + Y29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQBgcq + hkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJf + Zn4f5dwbRXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17Q + RSAPWXYQ1qAk8C3eNvJsKTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/ + BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgFUaFNN6KDec6NHSrkhDAKBggqhkjOPQQD + AwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5FyYZ5eEJJZVrmDxxDnOOlY + JjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy1vUhZscv + 6pZjamVFkpUBtA== + -----END CERTIFICATE----- + """ + static let dz = """ + -----BEGIN CERTIFICATE----- + MIICYDCCAgegAwIBAgIMDWpfCD8oXD5Rld9dMAoGCCqGSM49BAMCMIGRMQswCQYD + VQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAf + BgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3 + YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0x + NzA4MjMxOTM1MTBaFw00MjA4MjMxOTM1MTBaMIGRMQswCQYDVQQGEwJVUzERMA8G + A1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0NoaWNhZ28xITAfBgNVBAoTGFRydXN0 + d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UEAxMxVHJ1c3R3YXZlIEdsb2JhbCBF + Q0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTBZMBMGByqGSM49AgEGCCqG + SM49AwEHA0IABH77bOYj43MyCMpg5lOcunSNGLB4kFKA3TjASh3RqMyTpJcGOMoN + FWLGjgEqZZ2q3zSRLoHB5DOSMcT9CTqmP62jQzBBMA8GA1UdEwEB/wQFMAMBAf8w + DwYDVR0PAQH/BAUDAwcGADAdBgNVHQ4EFgQUo0EGrJBt0UrrdaVKEJmzsaGLSvcw + CgYIKoZIzj0EAwIDRwAwRAIgB+ZU2g6gWrKuEZ+Hxbb/ad4lvvigtwjzRM4q3wgh + DDcCIC0mA6AFvWvR9lz4ZcyGbbOcNEhjhAnFjXca4syc4XR7 + -----END CERTIFICATE----- + """ + static let de = """ + -----BEGIN CERTIFICATE----- + MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UE + BhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ + IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0 + MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVowYjELMAkGA1UEBhMCQ04xMjAwBgNV + BAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8w + HQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0BAQEF + AAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJj + Dp6L3TQsAlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBj + TnnEt1u9ol2x8kECK62pOqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+u + KU49tm7srsHwJ5uu4/Ts765/94Y9cnrrpftZTqfrlYwiOXnhLQiPzLyRuEH3FMEj + qcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ9Cy5WmYqsBebnh52nUpm + MUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQxXABZG12 + ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloP + zgsMR6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3Gk + L30SgLdTMEZeS1SZD2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeC + jGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4oR24qoAATILnsn8JuLwwoC8N9VKejveSswoA + HQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx9hoh49pwBiFYFIeFd3mqgnkC + AwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlRMA8GA1UdEwEB + /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg + p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZm + DRd9FBUb1Ov9H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5 + COmSdI31R9KrO9b7eGZONn356ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ry + L3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd+PwyvzeG5LuOmCd+uh8W4XAR8gPf + JWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQHtZa37dG/OaG+svg + IHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBDF8Io + 2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV + 09tL7ECQ8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQ + XR4EzzffHqhmsYzmIGrv/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrq + T8p+ck0LcIymSLumoRT2+1hEmRSuqguTaaApJUqlyyvdimYHFngVV3Eb7PVHhPOe + MTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g== + -----END CERTIFICATE----- + """ +} diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift new file mode 100644 index 00000000..114116d0 --- /dev/null +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayAppend.swift @@ -0,0 +1,28 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import _CertificateInternals + +public func tinyArrayAppend() { + var count = 0 + + var tinyArray = _TinyArray() + for i in 0..<1000 { + tinyArray.append(i) + } + count += tinyArray.count + + blackHole(count) +} diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift new file mode 100644 index 00000000..67f33353 --- /dev/null +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/TinyArrayNonAllocationFunctions.swift @@ -0,0 +1,27 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import _CertificateInternals + +public func tinyArrayNonAllocationFunctions() { + var counts = 0 + counts += _TinyArray(CollectionOfOne(1)).count + + var array = _TinyArray() + array.append(contentsOf: CollectionOfOne(1)) + counts += array.count + + blackHole(counts) +} diff --git a/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift b/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift new file mode 100644 index 00000000..2dd3f3da --- /dev/null +++ b/Benchmarks/Benchmarks/CertificatesBenchmark/VerifierBenchmark.swift @@ -0,0 +1,666 @@ +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import Benchmark +import X509 +import Foundation +import Crypto +import SwiftASN1 + +public func verifier() async { + var counts = 0 + + counts += await testAllSuccessfulValidations() + counts += await testAllUnsuccessfulValidations() + + blackHole(counts) +} + +// MARK: - successful validation + +func testAllSuccessfulValidations() async -> Int { + var counts = 0 + counts += await testTrivialChainBuilding() + counts += await testExtraRootsAreIgnored() + counts += await testPuttingRootsInTheIntermediariesIsntAProblem() + counts += await testSupportsCrossSignedRootWithoutTrouble() + counts += await testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() + counts += await testPrefersToUseIntermediatesWithSKIThatMatches() + counts += await testPrefersNoSKIToNonMatchingSKI() + counts += await testRejectsRootsThatDidNotSignTheCertBeforeThem() + counts += await testPolicyFailuresCanFindLongerPaths() + counts += await testSelfSignedCertsAreTrustedWhenInTrustStore() + counts += await testTrustRootsCanBeNonSelfSignedLeaves() + counts += await testTrustRootsCanBeNonSelfSignedIntermediates() + return counts +} + +func testTrivialChainBuilding() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testExtraRootsAreIgnored() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPuttingRootsInTheIntermediariesIsntAProblem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1, TestCertificate.ca2]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSupportsCrossSignedRootWithoutTrouble() async -> Int { + let roots = CertificateStore([TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.ca1CrossSignedByCA2]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testBuildsTheShorterPathInTheCaseOfCrossSignedRoots() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, + ]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersToUseIntermediatesWithSKIThatMatches() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1, TestCertificate.intermediate1WithoutSKIAKI]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testPrefersNoSKIToNonMatchingSKI() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1WithIncorrectSKIAKI, TestCertificate.intermediate1WithoutSKIAKI, + ]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testRejectsRootsThatDidNotSignTheCertBeforeThem() async -> Int { + let roots = CertificateStore([TestCertificate.ca1WithAlternativePrivateKey, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.ca1CrossSignedByCA2, TestCertificate.ca2CrossSignedByCA1, TestCertificate.intermediate1, + ]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + return chain.count +} + +func testPolicyFailuresCanFindLongerPaths() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.ca2]) + + var verifier = Verifier(rootCertificates: roots) { + FailIfCertInChainPolicy(forbiddenCert: TestCertificate.ca1) + RFC5280Policy(validationTime: TestCertificate.referenceTime) + } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([ + TestCertificate.intermediate1, TestCertificate.ca2CrossSignedByCA1, TestCertificate.ca1CrossSignedByCA2, + ]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testSelfSignedCertsAreTrustedWhenInTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1, TestCertificate.isolatedSelfSignedCert]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCert, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedLeaves() async -> Int { + // we use a custom policy here to ignore the fact that the basic constraints extension is critical. + struct IgnoreBasicConstraintsPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [.X509ExtensionID.basicConstraints] + + func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + return .meetsPolicy + } + } + + let roots = CertificateStore([TestCertificate.localhostLeaf]) + + var verifier = Verifier(rootCertificates: roots) { IgnoreBasicConstraintsPolicy() } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +func testTrustRootsCanBeNonSelfSignedIntermediates() async -> Int { + let roots = CertificateStore([TestCertificate.intermediate1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .validCertificate(let chain) = result else { + fatalError("Failed to validate: \(result)") + } + + return chain.count +} + +// MARK: - unsuccessful validation + +func testAllUnsuccessfulValidations() async -> Int { + var counts = 0 + counts += await testWePoliceCriticalExtensionsOnLeafCerts() + counts += await testMissingIntermediateFailsToBuild() + counts += await testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() + counts += await testMissingRootFailsToBuild() + return counts +} + +func testWePoliceCriticalExtensionsOnLeafCerts() async -> Int { + let roots = CertificateStore([ + TestCertificate.ca1, TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, + ]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCertWithWeirdCriticalExtension, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + + return policyResults.count +} + +func testMissingIntermediateFailsToBuild() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([]) + ) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +func testSelfSignedCertsAreRejectedWhenNotInTheTrustStore() async -> Int { + let roots = CertificateStore([TestCertificate.ca1]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.isolatedSelfSignedCert, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Incorrectly validated: \(result)") + } + return policyResults.count +} + +func testMissingRootFailsToBuild() async -> Int { + let roots = CertificateStore([]) + + var verifier = Verifier(rootCertificates: roots) { RFC5280Policy(validationTime: TestCertificate.referenceTime) } + let result = await verifier.validate( + leafCertificate: TestCertificate.localhostLeaf, + intermediates: CertificateStore([TestCertificate.intermediate1]) + ) + + guard case .couldNotValidate(let policyResults) = result else { + fatalError("Accidentally validated: \(result)") + } + + return policyResults.count +} + +private struct FailIfCertInChainPolicy: VerifierPolicy { + let verifyingCriticalExtensions: [ASN1ObjectIdentifier] = [] + + private let forbiddenCert: Certificate + + init(forbiddenCert: Certificate) { + self.forbiddenCert = forbiddenCert + } + + func chainMeetsPolicyRequirements(chain: UnverifiedCertificateChain) async -> PolicyEvaluationResult { + guard chain.contains(self.forbiddenCert) else { + return .meetsPolicy + } + return .failsToMeetPolicy(reason: "chain must not contain \(self.forbiddenCert)") + } +} + +enum TestCertificate { + static let referenceTime = Date() + + static let all = [ + ca1, + ca1CrossSignedByCA2, + ca1WithAlternativePrivateKey, + ca2, + ca2CrossSignedByCA1, + intermediate1, + intermediate1WithoutSKIAKI, + intermediate1WithIncorrectSKIAKI, + localhostLeaf, + isolatedSelfSignedCert, + isolatedSelfSignedCertWithWeirdCriticalExtension, + ] + + private static let ca1PrivateKey = P384.Signing.PrivateKey() + private static let ca1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 1") + } + static let ca1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let ca1CrossSignedByCA2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca2Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + private static let ca1AlternativePrivateKey = P384.Signing.PrivateKey() + static let ca1WithAlternativePrivateKey: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca1AlternativePrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca1Name, + subject: ca1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice( + Insecure.SHA1.hash(data: ca1AlternativePrivateKey.publicKey.derRepresentation) + ) + ) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let ca2PrivateKey = P384.Signing.PrivateKey() + private static let ca2Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test CA 2") + } + static let ca2: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(3650), + issuer: ca2Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) + ) + }, + issuerPrivateKey: .init(ca2PrivateKey) + ) + }() + static let ca2CrossSignedByCA1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(ca2PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: ca1Name, + subject: ca2Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca2PrivateKey.publicKey.derRepresentation)) + ) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + static let intermediate1PrivateKey = P256.Signing.PrivateKey() + static let intermediate1Name = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Swift Certificate Test Intermediate CA 1") + } + static let intermediate1: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca1.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice( + Insecure.SHA1.hash(data: intermediate1PrivateKey.publicKey.derRepresentation) + ) + ) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithoutSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + static let intermediate1WithIncorrectSKIAKI: Certificate = { + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(intermediate1PrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(5 * 365), + issuer: ca1.subject, + subject: intermediate1Name, + signatureAlgorithm: .ecdsaWithSHA384, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: 1) + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! ca2.extensions.subjectKeyIdentifier!.keyIdentifier) + SubjectKeyIdentifier( + keyIdentifier: ArraySlice(Insecure.SHA1.hash(data: ca1PrivateKey.publicKey.derRepresentation)) + ) + }, + issuerPrivateKey: .init(ca1PrivateKey) + ) + }() + + private static let localhostLeafPrivateKey = P256.Signing.PrivateKey() + static let localhostLeaf: Certificate = { + let localhostLeafName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("localhost") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(localhostLeafPrivateKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: intermediate1.subject, + subject: localhostLeafName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.notCertificateAuthority + ) + KeyUsage(keyCertSign: true) + AuthorityKeyIdentifier(keyIdentifier: try! intermediate1.extensions.subjectKeyIdentifier!.keyIdentifier) + }, + issuerPrivateKey: .init(intermediate1PrivateKey) + ) + }() + + private static let isolatedSelfSignedCertKey = P256.Signing.PrivateKey() + static let isolatedSelfSignedCert: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() + + static let isolatedSelfSignedCertWithWeirdCriticalExtension: Certificate = { + let isolatedSelfSignedCertName = try! DistinguishedName { + CountryName("US") + OrganizationName("Apple") + CommonName("Isolated Self-Signed Cert") + } + + return try! Certificate( + version: .v3, + serialNumber: .init(), + publicKey: .init(isolatedSelfSignedCertKey.publicKey), + notValidBefore: referenceTime - .days(365), + notValidAfter: referenceTime + .days(365), + issuer: isolatedSelfSignedCertName, + subject: isolatedSelfSignedCertName, + signatureAlgorithm: .ecdsaWithSHA256, + extensions: Certificate.Extensions { + Critical( + BasicConstraints.isCertificateAuthority(maxPathLength: nil) + ) + KeyUsage(keyCertSign: true) + + // An opaque extension that just so happens to be critical + Certificate.Extension(oid: [1, 2, 3, 4, 5], critical: true, value: [1, 2, 3, 4, 5]) + }, + issuerPrivateKey: .init(isolatedSelfSignedCertKey) + ) + }() +} + +extension TimeInterval { + private static let oneDay: TimeInterval = 60 * 60 * 24 + + static func days(_ days: Int) -> TimeInterval { + return Double(days) * oneDay + } +} diff --git a/Benchmarks/Package.swift b/Benchmarks/Package.swift new file mode 100644 index 00000000..f2dad563 --- /dev/null +++ b/Benchmarks/Package.swift @@ -0,0 +1,44 @@ +// swift-tools-version: 5.7 +//===----------------------------------------------------------------------===// +// +// This source file is part of the SwiftCertificates open source project +// +// Copyright (c) 2023 Apple Inc. and the SwiftCertificates project authors +// Licensed under Apache License v2.0 +// +// See LICENSE.txt for license information +// See CONTRIBUTORS.txt for the list of SwiftCertificates project authors +// +// SPDX-License-Identifier: Apache-2.0 +// +//===----------------------------------------------------------------------===// + +import PackageDescription + +let package = Package( + name: "benchmarks", + platforms: [ + .macOS(.v13), + ], + dependencies: [ + .package(path: "../"), + .package(url: "https://github.com/ordo-one/package-benchmark", from: "1.11.1"), + .package(url: "https://github.com/apple/swift-crypto.git", from: "2.5.0"), + .package(url: "https://github.com/apple/swift-asn1.git", from: "1.0.0-beta.1"), + ], + targets: [ + .executableTarget( + name: "CertificatesBenchmark", + dependencies: [ + .product(name: "Benchmark", package: "package-benchmark"), + .product(name: "X509", package: "swift-certificates"), + .product(name: "SwiftASN1", package: "swift-asn1"), + .product(name: "Crypto", package: "swift-crypto"), + ], + path: "Benchmarks/CertificatesBenchmark", + plugins: [ + .plugin(name: "BenchmarkPlugin", package: "package-benchmark") + ] + ), + ] +) diff --git a/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..18c7a1ea --- /dev/null +++ b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 197, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 7418, + "retainCount" : 6982, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..dcdfad82 --- /dev/null +++ b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 10, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 12, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..bd773412 --- /dev/null +++ b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 0, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 1, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..61a21692 --- /dev/null +++ b/Benchmarks/Thresholds/5.7/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 1234, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..67baa2f2 --- /dev/null +++ b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 197, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 6960, + "retainCount" : 6574, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..dcdfad82 --- /dev/null +++ b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 10, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 12, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..bd773412 --- /dev/null +++ b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 0, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 1, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..61a21692 --- /dev/null +++ b/Benchmarks/Thresholds/5.8/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 1234, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..52255701 --- /dev/null +++ b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 197, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 6760, + "retainCount" : 6374, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..dcdfad82 --- /dev/null +++ b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 10, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 12, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..bd773412 --- /dev/null +++ b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 0, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 1, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..42f48a8d --- /dev/null +++ b/Benchmarks/Thresholds/5.9/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 1233, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json b/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json new file mode 100644 index 00000000..caca0609 --- /dev/null +++ b/Benchmarks/Thresholds/main/CertificatesBenchmark.Parse_WebPKI_Roots.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 197, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 4199, + "retainCount" : 3775, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json b/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json new file mode 100644 index 00000000..dcdfad82 --- /dev/null +++ b/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray.append(_:).p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 10, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 12, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json b/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json new file mode 100644 index 00000000..8e9ac913 --- /dev/null +++ b/Benchmarks/Thresholds/main/CertificatesBenchmark.TinyArray_non-allocating_functions.p90.json @@ -0,0 +1,8 @@ +{ + "mallocCountTotal" : 0, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "releaseCount" : 0, + "retainCount" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file diff --git a/Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json b/Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json new file mode 100644 index 00000000..42f48a8d --- /dev/null +++ b/Benchmarks/Thresholds/main/CertificatesBenchmark.Verifier.p90.json @@ -0,0 +1,6 @@ +{ + "mallocCountTotal" : 1233, + "memoryLeaked" : 0, + "readSyscalls" : 0, + "writeSyscalls" : 0 +} \ No newline at end of file From ba59cfd814c569af5c12aaa021a5f4472d4ae8ba Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:54:48 +0100 Subject: [PATCH 41/44] fix formatting script --- scripts/run-swift-format.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/run-swift-format.sh b/scripts/run-swift-format.sh index 33f89257..1e9c2ce1 100644 --- a/scripts/run-swift-format.sh +++ b/scripts/run-swift-format.sh @@ -39,7 +39,7 @@ swiftformat_bin=${swiftformat_bin:-$(command -v swift-format)} || fatal "❌ swi "${swiftformat_bin}" lint \ --parallel --recursive --strict \ "${repo_root}/Sources" "${repo_root}/Tests" \ - "${repo_root}/benchmarks/Benchmarks" \ + "${repo_root}/Benchmarks/Benchmarks" \ && swift_format_rc=$? || swift_format_rc=$? if [[ "${swift_format_rc}" -ne 0 ]]; then @@ -47,7 +47,7 @@ if [[ "${swift_format_rc}" -ne 0 ]]; then To fix, run the following command: - % swift-format format --parallel --recursive --in-place Sources Tests benchmarks/Benchmarks + % swift-format format --parallel --recursive --in-place Sources Tests Benchmarks/Benchmarks " exit "${swift_format_rc}" fi From b163e0505c2ba55d5addc3ccd92970d3a6e3249b Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 11:56:47 +0100 Subject: [PATCH 42/44] update readme with new uppercase folder name --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7b93c7ba..2089b106 100644 --- a/README.md +++ b/README.md @@ -51,11 +51,11 @@ For detailed usage and API documentation, check [the documentation](https://swif ## Benchmarks -Benchmarks for `swift-certificates` are in a separate Swift Package in the `benchmarks` subfolder of this repository. +Benchmarks for `swift-certificates` are in a separate Swift Package in the `Benchmarks` subfolder of this repository. They use the [`package-benchmark`](https://github.com/ordo-one/package-benchmark) plugin. Benchmarks depends on the [`jemalloc`](https://jemalloc.net) memory allocation library, which is used by `package-benchmark` to capture memory allocation statistics. An installation guide can be found in the [Getting Started article](https://swiftpackageindex.com/ordo-one/package-benchmark/documentation/benchmark/gettingstarted#Installing-Prerequisites-and-Platform-Support) of `package-benchmark`. -Afterwards you can run the benchmarks from CLI by going to the `benchmarks` subfolder (e.g. `cd benchmarks`) and invoking: +Afterwards you can run the benchmarks from CLI by going to the `Benchmarks` subfolder (e.g. `cd Benchmarks`) and invoking: ``` swift package benchmark ``` From c830afda211cd15ff5a566e7e539e9fae61e966c Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 12:15:08 +0100 Subject: [PATCH 43/44] update Benchmarks folder name in docker compose --- docker/docker-compose.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/docker-compose.yaml b/docker/docker-compose.yaml index 700f62ef..31ead6d3 100644 --- a/docker/docker-compose.yaml +++ b/docker/docker-compose.yaml @@ -25,11 +25,11 @@ services: test: <<: *common - command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd benchmarks && swift package benchmark baseline check --check-absolute-path Thresholds/$${SWIFT_VERSION-}/" + command: /bin/bash -xcl "swift $${SWIFT_TEST_VERB-test} $${WARN_AS_ERROR_ARG-} $${SANITIZER_ARG-} $${IMPORT_CHECK_ARG-} && cd Benchmarks && swift package benchmark baseline check --check-absolute-path Thresholds/$${SWIFT_VERSION-}/" update-benchmark-baseline: <<: *common - command: /bin/bash -xcl "cd benchmarks && swift package --scratch-path .build/$${SWIFT_VERSION-}/ --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" + command: /bin/bash -xcl "cd Benchmarks && swift package --scratch-path .build/$${SWIFT_VERSION-}/ --allow-writing-to-package-directory benchmark --format metricP90AbsoluteThresholds --path Thresholds/$${SWIFT_VERSION-}/" # util shell: From b165a428698b13987be9f34eeae227ddab4b65a9 Mon Sep 17 00:00:00 2001 From: David Nadoba Date: Thu, 21 Sep 2023 13:09:56 +0100 Subject: [PATCH 44/44] drop allocation limits --- docker/docker-compose.2204.57.yaml | 4 ---- docker/docker-compose.2204.58.yaml | 4 ---- docker/docker-compose.2204.main.yaml | 4 ---- 3 files changed, 12 deletions(-) diff --git a/docker/docker-compose.2204.57.yaml b/docker/docker-compose.2204.57.yaml index 6e74f63c..eed34280 100644 --- a/docker/docker-compose.2204.57.yaml +++ b/docker/docker-compose.2204.57.yaml @@ -13,10 +13,6 @@ services: image: swift-certificates:22.04-5.7 environment: - SWIFT_VERSION=5.7 - - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 - - MAX_ALLOCS_ALLOWED_validation=120050 - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors # - SANITIZER_ARG=--sanitize=thread # TSan broken still diff --git a/docker/docker-compose.2204.58.yaml b/docker/docker-compose.2204.58.yaml index 30558b9c..c6ebebb2 100644 --- a/docker/docker-compose.2204.58.yaml +++ b/docker/docker-compose.2204.58.yaml @@ -13,10 +13,6 @@ services: image: swift-certificates:22.04-5.8 environment: - SWIFT_VERSION=5.8 - - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 - - MAX_ALLOCS_ALLOWED_validation=120050 - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error # - SANITIZER_ARG=--sanitize=thread # TSan broken still diff --git a/docker/docker-compose.2204.main.yaml b/docker/docker-compose.2204.main.yaml index 7be12f7e..946230b3 100644 --- a/docker/docker-compose.2204.main.yaml +++ b/docker/docker-compose.2204.main.yaml @@ -12,10 +12,6 @@ services: image: swift-certificates:22.04-main environment: - SWIFT_VERSION=main - - MAX_ALLOCS_ALLOWED_parse_webpki_roots=422050 - - MAX_ALLOCS_ALLOWED_tiny_array_cow_append_contents_of=9050 - - MAX_ALLOCS_ALLOWED_tiny_array_non_allocating_operations=0 - - MAX_ALLOCS_ALLOWED_validation=120050 - WARN_AS_ERROR_ARG=-Xswiftc -warnings-as-errors - IMPORT_CHECK_ARG=--explicit-target-dependency-import-check error # - SANITIZER_ARG=--sanitize=thread # TSan broken still