The main scope of this PoC is to check, if Memory Mapped Files from NIO are indeed faster and whether or not they leave any traces in memory.
+- Root
+- src - main sources
+- test - Benchmarks
+- heapdumps - all heapdumps gathered before and after obtaining a reference to a secret
+- FileInputStreamReader - Heapdumps for Files.newInputStream impl
+- MemoryMappedFileReader - Heapdumps for Memory Mapped Files
+- Benchmark.txt - Benchmark results
+- make_heapdumo.sh - a short script for making heapdumps
+- make_native_dump.sh - Dumps whole process memory
+- verify_native_heap_dump.sh - Checks if a native dump contains our string (at least first 6 bytes)
+- OQL-queries.txt - Queries for MATBenchmark (path) Mode Cnt Score Error Units
FileInputStreamReaderTest.FileInputStreamPerf ./src/test/resources/short-secret avgt 31 4.678 ± 0.371 us/op
FileInputStreamReaderTest.FileInputStreamPerf ./src/test/resources/long-secret avgt 31 13.048 ± 1.467 us/op
FileInputStreamReaderTest.MemoryMappedPerf ./src/test/resources/short-secret avgt 31 9.666 ± 0.989 us/op
FileInputStreamReaderTest.MemoryMappedPerf ./src/test/resources/long-secret avgt 31 40.217 ± 2.420 us/opOur String hasn’t been found in any of the 2nd heap dumps (the one after System.gc()). That’s good!
|
Important
|
Not a widely known fact - you can only take a heapdump (by using jcmd for example) by using the same user that is running the java process. Otherwise you’d get:
|
java.io.IOException: well-known file /tmp/.java_pid28744 is not secure: file should be owned by the current user (which is 1001) but is owned by 1000
at sun.tools.attach.LinuxVirtualMachine.checkPermissions(Native Method)
at sun.tools.attach.LinuxVirtualMachine.<init>(LinuxVirtualMachine.java:117)
at sun.tools.attach.LinuxAttachProvider.attachVirtualMachine(LinuxAttachProvider.java:63)
at com.sun.tools.attach.VirtualMachine.attach(VirtualMachine.java:208)
at sun.tools.jcmd.JCmd.executeCommandForPid(JCmd.java:147)
at sun.tools.jcmd.JCmd.main(JCmd.java:131)