Hi!
I am wondering if there are any reasons to build OpenSSL with the
'-no-asm' [1][2] option?
Below are the results of synthetic benchmarks for Subversion, depending on
whether OpenSSL is built with or without asm support:
1) OpenSSL is built with the ‘-no-asm’ option.
svnbench null-export https://localhost/svn/iso/~7GB.iso
0 directories
1 files
7,395,016,704 bytes in files
0 properties
0 bytes in properties
50.812102 seconds taken
7,404,963,366 bytes transferred over network
2) OpenSSL is built without the ‘-no-asm’ option.
svnbench null-export https://localhost/svn/iso/~7GB.iso
0 directories
1 files
7,395,016,704 bytes in files
0 properties
0 bytes in properties
17.406729 seconds taken
7,404,963,353 bytes transferred over network
This ~3x improvement is well observed when dealing with localhost, where the
network bandwidth is high enough.
So I would like to suggest enabling asm support for OpenSSL, unless of course
there is a reason to build OpenSSL with the '--no-asm' option. Note that this
change requires NASM [3] to build TortoiseSVN.
[2] https://wiki.openssl.org/index.php/Compilation_and_Installation#Configure_Options
Best Regards,
Denis Kovalchuk
So I would like to suggest enabling asm support for OpenSSL, unless of course
there is a reason to build OpenSSL with the '--no-asm' option. Note that this
change requires NASM [3] to build TortoiseSVN.
> Very interesting results. Did you run this on a build from /trunk/ -
> ie with OpenSSL 3.1?
Yes, these results were from trunk with OpenSSL 3.1. However, I believe that
they should be similar with OpenSSL 1.1.x as well.
> The reason for the no-asm option was that the asm code often (it felt like
> every other release) was broken. Either with the asm that comes with VS,
> or later with MASM as well: When they switched to requiring MASM I thought
> the build problems were solved, but the second version after the switch
> failed again.
>
> So I had enough and used the no-asm switch.
Let me try to summarize and list a few more reasons on why I think that
switching to the default OpenSSL build could be beneficial for the project:
1. The improvement comes from using AES-NI instructions for HTTPS.
So this should reduce the CPU usage for all network operations. Perhaps, it
could be especially visible on low-tier hardware.
2. Spending less CPU on common operations means more laptop battery time
and more CPU available for other tasks, in all setups.
For example, here are a couple of additional benchmarks performed over
typical 1Gb LAN that illustrate the overall CPU time reduction:
Null-export of Subversion root dir, 1Gb LAN:
CPU time: 130 sec 🠒 8 sec (16x less CPU used)
Total time: 175 sec 🠒 175 sec
Avg CPU load: 74% 🠒 4%
Null-export of .iso file, 1Gb LAN:
CPU time: 13 sec 🠒 1 sec (13x less CPU used)
Total time: 63 sec 🠒 63 sec
Avg CPU load: 20% 🠒 2%
3. Building OpenSSL with assembler support is the current default.
Multiple known projects such as Node.js seem to use and regularly test this
configuration on different platforms and provide additional test coverage.
Compared to that, I think that the `no-asm` build falls into the group of
non-standard configurations (maybe even not intended for production use),
and therefore it could be far less tested in practice.
4. Perhaps you are right about the real setups/throughput, but SVN is good
at handling large files and so there might be users that have multi-terabyte
repositories containing assets and other large binaries.
=============--- ext/build/OpenSSL.build (revision 29575)
+++ ext/build/OpenSSL.build (working copy)
@@ -52,7 +52,6 @@
<exec program="perl" workingdir="${targetDir}">
<arg value="..\Configure" />
<arg value="${targetName}" />
- <arg value="no-asm" />
<arg value="no-gost" />
<arg value="no-shared" />
<arg value="no-autoload-config" />
]]]
I can ask Ian to install nasm on the build machine, but I have no idea how long that will take.Could you maybe add a nant target that enables the asm build and still use no-asm if the nant target was not called? That way the nightly builds would still run through with no-asm. And users who don't have nasm installed can also build without changes.
good idea, haven't thought of the "schedule" action :)
I've tried to come up with something useful in r29579, let's hope I didn't screw up too badly.