On Mon, Nov 10, 2014 at 9:04 PM, Nicholas Nethercote <n.netherc...@gmail.com> wrote: >> In your analysis, it would be better to use a call stack trace depth >> larger than 5 that allows us to see what non-NSS function is calling >> into NSS. > > I've attached to the bug a profile that uses a stack trace depth of 10.
Unfortunately, 10 isn't enough to see the non-NSS entry (one that doesn't start with "security/nss/") for every case. However, it looks like the data supports the types of changes that you are making and also my suggestions for coalescing and caching results, as well as my suggestion to avoid constructing CERTCertificate objects. Depending on how much effort you're willing to invest in this, many (probably most) of those allocations can be avoided. David Keeler is very familiar with the code in security/certverifier and security/manager/ssl/src that would be changed to implement the additional things I suggested, so I suggest you talk to him about it. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto