f3e28aa192
This change boosts SSL handshake performance from 2,627 to ~10,000 per
second which is the same level of performance as NGINX at establishing
secure connections. That's impressive if we consider that redbean is a
forking frontend application server. This was accomplished by:
1. Enabling either SSL session caching or SSL tickets. We choose to
use tickets since they reduce network round trips too and that's
a more important metric than wrk'ing localhost.
2. Fixing mbedtls_mpi_sub_abs() which is the most frequently called
function. It's called about 12,000 times during an SSL handshake
since it's the basis of most arithmetic operations like addition
and for some strange reason it was designed to make two needless
copies in addition to calling malloc and free. That's now fixed.
3. Improving TLS output buffering during the SSL handshake only, so
that only a single is write and read system call is needed until
blocking on the ping pong.
redbean will now do a better job wiping sensitive memory from a child
process as soon as it's not needed. The nice thing about fork is it's
much faster than reverse proxying so the goal is to use the different
address spaces along with setuid() to minimize the risk that a server
key will be compromised in the event that application code is hacked.
|
||
|---|---|---|
| .. | ||
| alg | ||
| bits | ||
| calls | ||
| crt | ||
| dns | ||
| elf | ||
| fmt | ||
| integral | ||
| intrin | ||
| isystem | ||
| linux | ||
| log | ||
| mem | ||
| nexgen32e | ||
| nt | ||
| ohmyplus | ||
| rand | ||
| runtime | ||
| sock | ||
| stdio | ||
| str | ||
| stubs | ||
| sysv | ||
| testlib | ||
| time | ||
| tinymath | ||
| unicode | ||
| x | ||
| zipos | ||
| assert.h | ||
| complex.h | ||
| dce.h | ||
| disclaimer.inc | ||
| dos.h | ||
| errno.h | ||
| inttypes.h | ||
| libc.mk | ||
| limits.h | ||
| literal.h | ||
| mach.h | ||
| macho.internal.h | ||
| macros-cpp.internal.inc | ||
| macros.internal.h | ||
| macros.internal.inc | ||
| math.h | ||
| notice.inc | ||
| notice.internal.h | ||
| paths.h | ||
| README.md | ||
| zip.h | ||
SYNOPSIS
Cosmopolitan Standard Library.
OVERVIEW
This directory defines static archives defining functions, like printf(), mmap(), win32, etc. Please note that the Cosmopolitan build configuration doesn't link any C/C++ library dependencies by default, so you still have the flexibility to choose the one provided by your system. If you'd prefer Cosmopolitan, just add $(LIBC) and $(CRT) to your linker arguments.
Your library is compromised of many bite-sized static archives. We use the checkdeps tool to guarantee that the contents of the archives are organized in a logical way that's easy to use with or without our makefile infrastructure, since there's no cyclic dependencies.
The Cosmopolitan Library exports only the most stable canonical system calls for all supported operating systems, regardless of which platform is used for compilation. We polyfill many of the APIs, e.g. read(), write() so they work consistently everywhere while other apis, e.g. CreateWindowEx(), might only work on one platform, in which case they become no-op functions on others.
Cosmopolitan polyfill wrappers will usually use the dollar sign naming convention, so they may be bypassed when necessary. This same convention is used when multiple implementations of string library and other performance-critical function are provided to allow Cosmopolitan to go fast on both old and newer computers.
We take an approach to configuration that relies heavily on the compiler's dead code elimination pass (libc/dce.h). Most of the code is written so that, for example, folks not wanting support for OpenBSD can flip a bit in SUPPORT_VECTOR and that code will be omitted from the build. The same is true for builds that are tuned using -march=native which effectively asks the library to not include runtime support hooks for x86 processors older than what you use.
Please note that, unlike Cygwin or MinGW, Cosmopolitan does not achieve broad support by bolting on a POSIX emulation layer. We do nothing more than (in most cases) stateless API translations that get you 90% of the way there in a fast lightweight manner. We therefore can't address some of the subtle differences, such as the nuances of absolute paths on Windows. Our approach could be compared to something more along the lines of, "the Russians just used a pencil to write in space", versus spending millions researching a pen like NASA.