Skip to content

Patch OkHttp's Platform class to avoid eager call to Security.getProviders()#10714

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomasterfrom
mcculls/avoid-okhttp-conscrypt-check
Mar 3, 2026
Merged

Patch OkHttp's Platform class to avoid eager call to Security.getProviders()#10714
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomasterfrom
mcculls/avoid-okhttp-conscrypt-check

Conversation

@mcculls
Copy link
Contributor

@mcculls mcculls commented Mar 2, 2026
edited
Loading

Motivation

We want to avoid this call because it can lead to unwanted side-effects, such as initialization of java-util-logging on IBM JDKs that bundle the IBMSASL provider. The only reason for this call is to check for the Conscrypt module, which is only available on Android and is not applicable to how the tracer uses OkHttp.

Patched class is based on https://raw.githubusercontent.com/DataDog/okhttp/refs/heads/java7/okhttp/src/main/java/okhttp3/internal/platform/Platform.java with the following sections of code removed:

  public static boolean isConscryptPreferred() {
    // mainly to allow tests to run cleanly
    if ("conscrypt".equals(System.getProperty("okhttp.platform"))) {
      return true;
    }

    // check if Provider manually installed
    String preferredProvider = Security.getProviders()[0].getName();
    return "Conscrypt".equals(preferredProvider);
  }

    if (isConscryptPreferred()) {
      Platform conscrypt = ConscryptPlatform.buildIfSupported();

      if (conscrypt != null) {
        return conscrypt;
      }
    }

Contributor Checklist

Jira ticket: [PROJ-IDENT]

Note: Once your PR is ready to merge, add it to the merge queue by commenting /merge. /merge -c cancels the queue request. /merge -f --reason "reason" skips all merge queue checks; please use this judiciously, as some checks do not run at the PR-level. For more information, see this doc.

@mcculls mcculls requested review from a team as code owners March 2, 2026 18:59
@mcculls mcculls added the type: enhancement Enhancements and improvements label Mar 2, 2026
@mcculls mcculls requested review from mhlidd and removed request for a team March 2, 2026 18:59
@mcculls mcculls added comp: core Tracer core tag: no release notes Changes to exclude from release notes labels Mar 2, 2026
@mcculls mcculls changed the title Patches OkHttp's Platform class to avoid eager call to Security.getProviders() Patch OkHttp's Platform class to avoid eager call to Security.getProviders() Mar 2, 2026
@mcculls mcculls force-pushed the mcculls/avoid-okhttp-conscrypt-check branch from f2f15c6 to d1d45a0 Compare March 2, 2026 19:02
@mcculls
Patch OkHttp's Platform class to avoid eager call to Security.getProv…
71a9f37 
…iders()

We want to avoid this call because it can lead to unwanted side-effects, such as
initialization of java-util-logging on IBM JDKs that bundle the IBMSASL provider.
The only reason for this call is to check for the Conscrypt module, which is only
available on Android and is not applicable to how the tracer uses OkHttp.

Patched class is based on https://raw.githubusercontent.com/DataDog/okhttp/refs/heads/java7/okhttp/src/main/java/okhttp3/internal/platform/Platform.java with the following sections of code removed:

```
  public static boolean isConscryptPreferred() {
    // mainly to allow tests to run cleanly
    if ("conscrypt".equals(System.getProperty("okhttp.platform"))) {
      return true;
    }

    // check if Provider manually installed
    String preferredProvider = Security.getProviders()[0].getName();
    return "Conscrypt".equals(preferredProvider);
  }
```

```
    if (isConscryptPreferred()) {
      Platform conscrypt = ConscryptPlatform.buildIfSupported();

      if (conscrypt != null) {
        return conscrypt;
      }
    }
```
@mcculls mcculls force-pushed the mcculls/avoid-okhttp-conscrypt-check branch from d1d45a0 to 71a9f37 Compare March 2, 2026 19:09
amarziali
amarziali approved these changes Mar 2, 2026
View reviewed changes
Copy link
Contributor

@amarziali amarziali left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pre-approving. thanks for the fix

@mcculls mcculls force-pushed the mcculls/avoid-okhttp-conscrypt-check branch from d0dc9e0 to 04e998f Compare March 2, 2026 19:28
@pr-commenter
Copy link

pr-commenter bot commented Mar 2, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-okhttp-conscrypt-check
git_commit_date 1772465864 1772480780
git_commit_sha 1c44c6f 4b338b0
release_version 1.60.0-SNAPSHOT~1c44c6f9a7 1.60.0-SNAPSHOT~4b338b00c7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1772482668 1772482668
ci_job_id 1468691101 1468691101
ci_pipeline_id 99843290 99843290
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-nv9d2ryy 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-nv9d2ryy 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 14 performance improvements and 1 performance regressions! Performance is the same for 47 metrics, 9 unstable metrics.

scenario Δ mean execution_time candidate mean execution_time baseline mean execution_time
scenario:startup:insecure-bank:iast:IAST better
[-2.090ms; -1.717ms] or [-7.713%; -6.338%]		 25.190ms 27.093ms
scenario:startup:insecure-bank:iast:AppSec better
[-10.190ms; -6.846ms] or [-29.351%; -19.719%]		 26.199ms 34.717ms
scenario:startup:insecure-bank:tracing:AppSec better
[-1.607ms; -1.144ms] or [-4.877%; -3.473%]		 31.569ms 32.945ms
scenario:startup:insecure-bank:tracing:Debugger better
[-7.222ms; -2.559ms] or [-11.465%; -4.062%]		 58.104ms 62.995ms
scenario:startup:petclinic:appsec:AppSec worse
[+7.582ms; +12.632ms] or [+4.497%; +7.492%]		 178.696ms 168.590ms
scenario:startup:petclinic:appsec:Remote Config better
[-123.816µs; -88.892µs] or [-18.118%; -13.007%]		 577.039µs 683.393µs
scenario:startup:petclinic:iast:IAST better
[-2.755ms; -1.653ms] or [-10.072%; -6.046%]		 25.145ms 27.349ms
scenario:startup:petclinic:profiling:ProfilingAgent better
[-6.596ms; -3.483ms] or [-6.657%; -3.515%]		 94.043ms 99.082ms
scenario:startup:petclinic:profiling:Remote Config better
[-72.467µs; -34.883µs] or [-11.561%; -5.565%]		 573.170µs 626.845µs
scenario:startup:petclinic:profiling:Telemetry better
[-876.190µs; -335.599µs] or [-9.836%; -3.767%]		 8.302ms 8.908ms
scenario:startup:petclinic:profiling:Flare Poller better
[-329.948µs; -129.629µs] or [-8.820%; -3.465%]		 3.511ms 3.741ms
scenario:startup:petclinic:profiling:Profiling better
[-6.625ms; -3.480ms] or [-6.648%; -3.492%]		 94.604ms 99.657ms
scenario:startup:petclinic:tracing:AppSec better
[-1.626ms; -1.255ms] or [-4.930%; -3.806%]		 31.536ms 32.977ms
scenario:startup:petclinic:tracing:Debugger better
[-10.253ms; -5.489ms] or [-15.426%; -8.258%]		 58.592ms 66.462ms
scenario:startup:petclinic:tracing:Telemetry better
[-609.696µs; -364.355µs] or [-6.638%; -3.967%]		 8.698ms 9.185ms
Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065181
Total [baseline] (8.739 s) : 0, 8738565
Agent [candidate] (1.062 s) : 0, 1061801
Total [candidate] (8.898 s) : 0, 8898132
section iast
Agent [baseline] (1.242 s) : 0, 1241892
Total [baseline] (9.432 s) : 0, 9431699
Agent [candidate] (1.226 s) : 0, 1226487
Total [candidate] (9.558 s) : 0, 9558194
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.065 s -
Agent iast 1.242 s 176.711 ms (16.6%)
Total tracing 8.739 s -
Total iast 9.432 s 693.133 ms (7.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.062 s -
Agent iast 1.226 s 164.686 ms (15.5%)
Total tracing 8.898 s -
Total iast 9.558 s 660.062 ms (7.4%) 
gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.191 ms) : 0, 1191
crashtracking [candidate] (1.191 ms) : 0, 1191
BytebuddyAgent [baseline] (627.577 ms) : 0, 627577
BytebuddyAgent [candidate] (629.829 ms) : 0, 629829
AgentMeter [baseline] (29.072 ms) : 0, 29072
AgentMeter [candidate] (29.135 ms) : 0, 29135
GlobalTracer [baseline] (257.775 ms) : 0, 257775
GlobalTracer [candidate] (258.508 ms) : 0, 258508
AppSec [baseline] (32.945 ms) : 0, 32945
AppSec [candidate] (31.569 ms) : 0, 31569
Debugger [baseline] (62.995 ms) : 0, 62995
Debugger [candidate] (58.104 ms) : 0, 58104
Remote Config [baseline] (618.4 µs) : 0, 618
Remote Config [candidate] (596.227 µs) : 0, 596
Telemetry [baseline] (11.369 ms) : 0, 11369
Telemetry [candidate] (8.763 ms) : 0, 8763
Flare Poller [baseline] (5.421 ms) : 0, 5421
Flare Poller [candidate] (7.958 ms) : 0, 7958
section iast
crashtracking [baseline] (1.208 ms) : 0, 1208
crashtracking [candidate] (1.192 ms) : 0, 1192
BytebuddyAgent [baseline] (804.16 ms) : 0, 804160
BytebuddyAgent [candidate] (796.127 ms) : 0, 796127
AgentMeter [baseline] (11.6 ms) : 0, 11600
AgentMeter [candidate] (11.315 ms) : 0, 11315
GlobalTracer [baseline] (249.478 ms) : 0, 249478
GlobalTracer [candidate] (247.48 ms) : 0, 247480
AppSec [baseline] (34.717 ms) : 0, 34717
AppSec [candidate] (26.199 ms) : 0, 26199
Debugger [baseline] (64.828 ms) : 0, 64828
Debugger [candidate] (63.89 ms) : 0, 63890
Remote Config [baseline] (533.564 µs) : 0, 534
Remote Config [candidate] (540.979 µs) : 0, 541
Telemetry [baseline] (8.615 ms) : 0, 8615
Telemetry [candidate] (13.968 ms) : 0, 13968
Flare Poller [baseline] (3.488 ms) : 0, 3488
Flare Poller [candidate] (4.603 ms) : 0, 4603
IAST [baseline] (27.093 ms) : 0, 27093
IAST [candidate] (25.19 ms) : 0, 25190
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.065 s) : 0, 1065082
Total [baseline] (10.997 s) : 0, 10997179
Agent [candidate] (1.057 s) : 0, 1056997
Total [candidate] (11.022 s) : 0, 11022223
section appsec
Agent [baseline] (1.248 s) : 0, 1247588
Total [baseline] (11.133 s) : 0, 11133214
Agent [candidate] (1.26 s) : 0, 1259715
Total [candidate] (11.197 s) : 0, 11197355
section iast
Agent [baseline] (1.244 s) : 0, 1244425
Total [baseline] (11.287 s) : 0, 11286942
Agent [candidate] (1.226 s) : 0, 1226025
Total [candidate] (11.307 s) : 0, 11307130
section profiling
Agent [baseline] (1.194 s) : 0, 1194439
Total [baseline] (10.992 s) : 0, 10991723
Agent [candidate] (1.188 s) : 0, 1187700
Total [candidate] (11.103 s) : 0, 11102978
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.065 s -
Agent appsec 1.248 s 182.506 ms (17.1%)
Agent iast 1.244 s 179.343 ms (16.8%)
Agent profiling 1.194 s 129.357 ms (12.1%)
Total tracing 10.997 s -
Total appsec 11.133 s 136.035 ms (1.2%)
Total iast 11.287 s 289.763 ms (2.6%)
Total profiling 10.992 s -5.456 ms (-0.0%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.057 s -
Agent appsec 1.26 s 202.719 ms (19.2%)
Agent iast 1.226 s 169.028 ms (16.0%)
Agent profiling 1.188 s 130.703 ms (12.4%)
Total tracing 11.022 s -
Total appsec 11.197 s 175.133 ms (1.6%)
Total iast 11.307 s 284.907 ms (2.6%)
Total profiling 11.103 s 80.756 ms (0.7%) 
gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.193 ms) : 0, 1193
crashtracking [candidate] (1.187 ms) : 0, 1187
BytebuddyAgent [baseline] (627.556 ms) : 0, 627556
BytebuddyAgent [candidate] (628.288 ms) : 0, 628288
AgentMeter [baseline] (28.975 ms) : 0, 28975
AgentMeter [candidate] (28.993 ms) : 0, 28993
GlobalTracer [baseline] (257.535 ms) : 0, 257535
GlobalTracer [candidate] (257.339 ms) : 0, 257339
AppSec [baseline] (32.977 ms) : 0, 32977
AppSec [candidate] (31.536 ms) : 0, 31536
Debugger [baseline] (66.462 ms) : 0, 66462
Debugger [candidate] (58.592 ms) : 0, 58592
Remote Config [baseline] (606.045 µs) : 0, 606
Remote Config [candidate] (587.461 µs) : 0, 587
Telemetry [baseline] (9.185 ms) : 0, 9185
Telemetry [candidate] (8.698 ms) : 0, 8698
Flare Poller [baseline] (4.508 ms) : 0, 4508
Flare Poller [candidate] (5.738 ms) : 0, 5738
section appsec
crashtracking [baseline] (1.199 ms) : 0, 1199
crashtracking [candidate] (1.205 ms) : 0, 1205
BytebuddyAgent [baseline] (663.567 ms) : 0, 663567
BytebuddyAgent [candidate] (667.124 ms) : 0, 667124
AgentMeter [baseline] (12.029 ms) : 0, 12029
AgentMeter [candidate] (12.108 ms) : 0, 12108
GlobalTracer [baseline] (260.016 ms) : 0, 260016
GlobalTracer [candidate] (260.572 ms) : 0, 260572
AppSec [baseline] (168.59 ms) : 0, 168590
AppSec [candidate] (178.696 ms) : 0, 178696
Debugger [baseline] (66.802 ms) : 0, 66802
Debugger [candidate] (65.918 ms) : 0, 65918
Remote Config [baseline] (683.393 µs) : 0, 683
Remote Config [candidate] (577.039 µs) : 0, 577
Telemetry [baseline] (9.294 ms) : 0, 9294
Telemetry [candidate] (9.064 ms) : 0, 9064
Flare Poller [baseline] (3.672 ms) : 0, 3672
Flare Poller [candidate] (3.588 ms) : 0, 3588
IAST [baseline] (25.527 ms) : 0, 25527
IAST [candidate] (24.377 ms) : 0, 24377
section iast
crashtracking [baseline] (1.206 ms) : 0, 1206
crashtracking [candidate] (1.193 ms) : 0, 1193
BytebuddyAgent [baseline] (804.319 ms) : 0, 804319
BytebuddyAgent [candidate] (794.939 ms) : 0, 794939
AgentMeter [baseline] (11.619 ms) : 0, 11619
AgentMeter [candidate] (11.263 ms) : 0, 11263
GlobalTracer [baseline] (249.326 ms) : 0, 249326
GlobalTracer [candidate] (247.461 ms) : 0, 247461
AppSec [baseline] (34.071 ms) : 0, 34071
AppSec [candidate] (26.184 ms) : 0, 26184
Debugger [baseline] (67.544 ms) : 0, 67544
Debugger [candidate] (69.523 ms) : 0, 69523
Remote Config [baseline] (547.407 µs) : 0, 547
Remote Config [candidate] (522.623 µs) : 0, 523
Telemetry [baseline] (8.732 ms) : 0, 8732
Telemetry [candidate] (10.17 ms) : 0, 10170
Flare Poller [baseline] (3.522 ms) : 0, 3522
Flare Poller [candidate] (3.509 ms) : 0, 3509
IAST [baseline] (27.349 ms) : 0, 27349
IAST [candidate] (25.145 ms) : 0, 25145
section profiling
crashtracking [baseline] (1.161 ms) : 0, 1161
crashtracking [candidate] (1.171 ms) : 0, 1171
BytebuddyAgent [baseline] (683.426 ms) : 0, 683426
BytebuddyAgent [candidate] (685.607 ms) : 0, 685607
AgentMeter [baseline] (8.645 ms) : 0, 8645
AgentMeter [candidate] (8.657 ms) : 0, 8657
GlobalTracer [baseline] (217.385 ms) : 0, 217385
GlobalTracer [candidate] (217.247 ms) : 0, 217247
AppSec [baseline] (32.848 ms) : 0, 32848
AppSec [candidate] (32.179 ms) : 0, 32179
Debugger [baseline] (67.781 ms) : 0, 67781
Debugger [candidate] (65.535 ms) : 0, 65535
Remote Config [baseline] (626.845 µs) : 0, 627
Remote Config [candidate] (573.17 µs) : 0, 573
Telemetry [baseline] (8.908 ms) : 0, 8908
Telemetry [candidate] (8.302 ms) : 0, 8302
Flare Poller [baseline] (3.741 ms) : 0, 3741
Flare Poller [candidate] (3.511 ms) : 0, 3511
ProfilingAgent [baseline] (99.082 ms) : 0, 99082
ProfilingAgent [candidate] (94.043 ms) : 0, 94043
Profiling [baseline] (99.657 ms) : 0, 99657
Profiling [candidate] (94.604 ms) : 0, 94604
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-okhttp-conscrypt-check
git_commit_date 1772465864 1772480780
git_commit_sha 1c44c6f 4b338b0
release_version 1.60.0-SNAPSHOT~1c44c6f9a7 1.60.0-SNAPSHOT~4b338b00c7
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1772490923 1772490923
ci_job_id 1469204476 1469204476
ci_pipeline_id 99843290 99843290
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-eyyytoi9 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-eyyytoi9 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 3 performance regressions! Performance is the same for 15 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+258.771µs; +360.519µs] or [+9.655%; +13.452%]		 worse
[+345.706µs; +785.766µs] or [+4.454%; +10.123%]		 unstable
[-246.492op/s; +10.242op/s] or [-18.538%; +0.770%]		 2.990ms 8.328ms 1211.531op/s 2.680ms 7.762ms 1329.656op/s
scenario:load:insecure-bank:iast_FULL:high_load better
[-287.970µs; -111.313µs] or [-5.390%; -2.084%]		 unsure
[-531.982µs; -19.357µs] or [-4.240%; -0.154%]		 unstable
[-47.271op/s; +96.396op/s] or [-6.122%; +12.484%]		 5.143ms 12.270ms 796.688op/s 5.342ms 12.546ms 772.125op/s
scenario:load:petclinic:code_origins:high_load worse
[+0.725ms; +1.398ms] or [+4.175%; +8.048%]		 unsure
[+0.430ms; +1.776ms] or [+1.508%; +6.226%]		 unstable
[-41.721op/s; +12.283op/s] or [-15.886%; +4.677%]		 18.430ms 29.631ms 247.906op/s 17.369ms 28.528ms 262.625op/s
scenario:load:petclinic:profiling:high_load better
[-1262.373µs; -586.281µs] or [-6.646%; -3.087%]		 unsure
[-1470.186µs; -283.718µs] or [-4.824%; -0.931%]		 unstable
[-16.044op/s; +36.669op/s] or [-6.643%; +15.184%]		 18.069ms 29.602ms 251.812op/s 18.994ms 30.479ms 241.500op/s
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.175 ms) : 1164, 1186
.   : milestone, 1175,
iast (3.139 ms) : 3097, 3181
.   : milestone, 3139,
iast_FULL (5.991 ms) : 5930, 6052
.   : milestone, 5991,
iast_GLOBAL (3.446 ms) : 3392, 3501
.   : milestone, 3446,
profiling (2.067 ms) : 2047, 2086
.   : milestone, 2067,
tracing (1.791 ms) : 1777, 1806
.   : milestone, 1791,
section candidate
no_agent (1.192 ms) : 1181, 1204
.   : milestone, 1192,
iast (3.236 ms) : 3191, 3280
.   : milestone, 3236,
iast_FULL (5.803 ms) : 5745, 5860
.   : milestone, 5803,
iast_GLOBAL (3.791 ms) : 3730, 3851
.   : milestone, 3791,
profiling (2.092 ms) : 2071, 2113
.   : milestone, 2092,
tracing (1.759 ms) : 1744, 1774
.   : milestone, 1759,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.175 ms [1.164 ms, 1.186 ms] -
iast 3.139 ms [3.097 ms, 3.181 ms] 1.964 ms (167.2%)
iast_FULL 5.991 ms [5.93 ms, 6.052 ms] 4.816 ms (409.9%)
iast_GLOBAL 3.446 ms [3.392 ms, 3.501 ms] 2.271 ms (193.3%)
profiling 2.067 ms [2.047 ms, 2.086 ms] 891.558 µs (75.9%)
tracing 1.791 ms [1.777 ms, 1.806 ms] 616.231 µs (52.4%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.192 ms [1.181 ms, 1.204 ms] -
iast 3.236 ms [3.191 ms, 3.28 ms] 2.043 ms (171.3%)
iast_FULL 5.803 ms [5.745 ms, 5.86 ms] 4.61 ms (386.6%)
iast_GLOBAL 3.791 ms [3.73 ms, 3.851 ms] 2.598 ms (217.9%)
profiling 2.092 ms [2.071 ms, 2.113 ms] 899.273 µs (75.4%)
tracing 1.759 ms [1.744 ms, 1.774 ms] 566.419 µs (47.5%)
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.108 ms) : 17924, 18293
.   : milestone, 18108,
appsec (18.994 ms) : 18804, 19183
.   : milestone, 18994,
code_origins (17.765 ms) : 17590, 17941
.   : milestone, 17765,
iast (17.433 ms) : 17263, 17604
.   : milestone, 17433,
profiling (19.326 ms) : 19133, 19518
.   : milestone, 19326,
tracing (17.7 ms) : 17526, 17874
.   : milestone, 17700,
section candidate
no_agent (18.286 ms) : 18098, 18474
.   : milestone, 18286,
appsec (18.53 ms) : 18342, 18718
.   : milestone, 18530,
code_origins (18.825 ms) : 18638, 19011
.   : milestone, 18825,
iast (17.717 ms) : 17541, 17894
.   : milestone, 17717,
profiling (18.535 ms) : 18348, 18723
.   : milestone, 18535,
tracing (17.72 ms) : 17548, 17891
.   : milestone, 17720,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.108 ms [17.924 ms, 18.293 ms] -
appsec 18.994 ms [18.804 ms, 19.183 ms] 885.585 µs (4.9%)
code_origins 17.765 ms [17.59 ms, 17.941 ms] -343.174 µs (-1.9%)
iast 17.433 ms [17.263 ms, 17.604 ms] -674.969 µs (-3.7%)
profiling 19.326 ms [19.133 ms, 19.518 ms] 1.217 ms (6.7%)
tracing 17.7 ms [17.526 ms, 17.874 ms] -408.458 µs (-2.3%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 18.286 ms [18.098 ms, 18.474 ms] -
appsec 18.53 ms [18.342 ms, 18.718 ms] 244.275 µs (1.3%)
code_origins 18.825 ms [18.638 ms, 19.011 ms] 538.807 µs (2.9%)
iast 17.717 ms [17.541 ms, 17.894 ms] -568.508 µs (-3.1%)
profiling 18.535 ms [18.348 ms, 18.723 ms] 249.514 µs (1.4%)
tracing 17.72 ms [17.548 ms, 17.891 ms] -566.375 µs (-3.1%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master mcculls/avoid-okhttp-conscrypt-check
git_commit_date 1772465864 1772480780
git_commit_sha 1c44c6f 4b338b0
release_version 1.60.0-SNAPSHOT~1c44c6f9a7 1.60.0-SNAPSHOT~4b338b00c7
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1772482948 1772482948
ci_job_id 1468691104 1468691104
ci_pipeline_id 99843290 99843290
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-htu9jtdv 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-htu9jtdv 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7
    dateFormat X
    axisFormat %s
section baseline
no_agent (15.709 s) : 15709000, 15709000
.   : milestone, 15709000,
appsec (15.133 s) : 15133000, 15133000
.   : milestone, 15133000,
iast (18.36 s) : 18360000, 18360000
.   : milestone, 18360000,
iast_GLOBAL (18.202 s) : 18202000, 18202000
.   : milestone, 18202000,
profiling (14.842 s) : 14842000, 14842000
.   : milestone, 14842000,
tracing (14.755 s) : 14755000, 14755000
.   : milestone, 14755000,
section candidate
no_agent (15.547 s) : 15547000, 15547000
.   : milestone, 15547000,
appsec (15.029 s) : 15029000, 15029000
.   : milestone, 15029000,
iast (17.928 s) : 17928000, 17928000
.   : milestone, 17928000,
iast_GLOBAL (17.689 s) : 17689000, 17689000
.   : milestone, 17689000,
profiling (14.656 s) : 14656000, 14656000
.   : milestone, 14656000,
tracing (14.832 s) : 14832000, 14832000
.   : milestone, 14832000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.709 s [15.709 s, 15.709 s] -
appsec 15.133 s [15.133 s, 15.133 s] -576.0 ms (-3.7%)
iast 18.36 s [18.36 s, 18.36 s] 2.651 s (16.9%)
iast_GLOBAL 18.202 s [18.202 s, 18.202 s] 2.493 s (15.9%)
profiling 14.842 s [14.842 s, 14.842 s] -867.0 ms (-5.5%)
tracing 14.755 s [14.755 s, 14.755 s] -954.0 ms (-6.1%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.547 s [15.547 s, 15.547 s] -
appsec 15.029 s [15.029 s, 15.029 s] -518.0 ms (-3.3%)
iast 17.928 s [17.928 s, 17.928 s] 2.381 s (15.3%)
iast_GLOBAL 17.689 s [17.689 s, 17.689 s] 2.142 s (13.8%)
profiling 14.656 s [14.656 s, 14.656 s] -891.0 ms (-5.7%)
tracing 14.832 s [14.832 s, 14.832 s] -715.0 ms (-4.6%)
Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~4b338b00c7, baseline=1.60.0-SNAPSHOT~1c44c6f9a7
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.473 ms) : 1462, 1485
.   : milestone, 1473,
appsec (2.524 ms) : 2469, 2579
.   : milestone, 2524,
iast (2.269 ms) : 2199, 2338
.   : milestone, 2269,
iast_GLOBAL (2.31 ms) : 2239, 2380
.   : milestone, 2310,
profiling (2.108 ms) : 2053, 2164
.   : milestone, 2108,
tracing (2.07 ms) : 2016, 2124
.   : milestone, 2070,
section candidate
no_agent (1.484 ms) : 1472, 1495
.   : milestone, 1484,
appsec (3.81 ms) : 3589, 4031
.   : milestone, 3810,
iast (2.264 ms) : 2194, 2333
.   : milestone, 2264,
iast_GLOBAL (2.304 ms) : 2234, 2374
.   : milestone, 2304,
profiling (2.113 ms) : 2057, 2170
.   : milestone, 2113,
tracing (2.072 ms) : 2018, 2126
.   : milestone, 2072,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.473 ms [1.462 ms, 1.485 ms] -
appsec 2.524 ms [2.469 ms, 2.579 ms] 1.051 ms (71.3%)
iast 2.269 ms [2.199 ms, 2.338 ms] 795.376 µs (54.0%)
iast_GLOBAL 2.31 ms [2.239 ms, 2.38 ms] 836.427 µs (56.8%)
profiling 2.108 ms [2.053 ms, 2.164 ms] 634.873 µs (43.1%)
tracing 2.07 ms [2.016 ms, 2.124 ms] 596.686 µs (40.5%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.484 ms [1.472 ms, 1.495 ms] -
appsec 3.81 ms [3.589 ms, 4.031 ms] 2.326 ms (156.8%)
iast 2.264 ms [2.194 ms, 2.333 ms] 779.796 µs (52.6%)
iast_GLOBAL 2.304 ms [2.234 ms, 2.374 ms] 820.467 µs (55.3%)
profiling 2.113 ms [2.057 ms, 2.17 ms] 629.515 µs (42.4%)
tracing 2.072 ms [2.018 ms, 2.126 ms] 587.983 µs (39.6%)

@mcculls
Copy link
Contributor Author

mcculls commented Mar 3, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 3, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-03 09:42:29 UTC ℹ️ Start processing command /merge

2026-03-03 09:42:34 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 1h (p90).

2026-03-03 11:43:24 UTCMergeQueue: The build pipeline has timeout

The merge request has been interrupted because the build 99952881 took longer than expected. The current limit for the base branch 'master' is 120 minutes.

bric3
bric3 approved these changes Mar 3, 2026
View reviewed changes
Copy link
Contributor

@bric3 bric3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Side note it's not only for Android. JVM users can also use Security.insertProviderAt(Conscrypt.newProvider(), 1);, but indeed it's likely done early in the app's main and not before.

Refs: [on okhttp 3.x], [on okhttp 5x]

@mcculls
Copy link
Contributor Author

mcculls commented Mar 3, 2026

Side note it's not only for Android. JVM users can also use Security.insertProviderAt(Conscrypt.newProvider(), 1);, but indeed it's likely done early in the app's main and not before.

Right, but that is more about the application's use of Conscrypt - we're using OkHttp in a way that is isolated from the application, so we shouldn't be picking up things from the application environment.

@bric3 bric3 mentioned this pull request Mar 3, 2026
Merged
@mcculls
Copy link
Contributor Author

mcculls commented Mar 3, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link

gh-worker-devflow-routing-ef8351 bot commented Mar 3, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-03-03 11:45:56 UTC ℹ️ Start processing command /merge

2026-03-03 11:46:00 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 1h (p90).

2026-03-03 12:42:06 UTC ℹ️ MergeQueue: This merge request was merged

@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot merged commit edc4559 into master Mar 3, 2026
730 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d bot deleted the mcculls/avoid-okhttp-conscrypt-check branch March 3, 2026 12:42
@github-actions github-actions bot added this to the 1.61.0 milestone Mar 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bric3 bric3 bric3 approved these changes

@amarziali amarziali amarziali approved these changes

@mhlidd mhlidd Awaiting requested review from mhlidd mhlidd was automatically assigned from DataDog/apm-sdk-capabilities-java

Assignees

No one assigned

Labels

comp: core Tracer core tag: no release notes Changes to exclude from release notes type: enhancement Enhancements and improvements

Projects

None yet

Milestone

1.61.0

Development

Successfully merging this pull request may close these issues.

3 participants

@mcculls @bric3 @amarziali