selinux/libsepol/include
John Brooks acb2a9bede Tweak avtab hash table parameters for better performance
Using the Fedora 20 targeted policy, running check_assertions requires
an avtab with around 22 million elements. With the default limit of 4096
buckets, performance is abysmal: it takes more than an hour to populate
the hash. Profiling shows most of that time under avtab_search_node.

This patch increases the hash from 13 to 20 bits and to a maximum of
1048576 buckets. The time for check_assertions on that policy is reduced
to about 3 minutes, which is enough to re-enable those checks as part of
the build process.

A full size table will allocate 4-8 MB of memory, up from 16-32 KB. In a
cursory review, these tables are usually short-lived and only 1-3 are
allocated together. Compared to the cost of entries in this table (up to
1 GB using the same policy), this isn't a significant increase.

Signed-off-by: John Brooks <john.brooks@jolla.com>
2015-01-15 10:44:01 -05:00
..
sepol Tweak avtab hash table parameters for better performance 2015-01-15 10:44:01 -05:00
Makefile libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00