Optimize AppSecRequestContext numeric conversion to eliminate exceptions on hot path

[jandro996]

What Does This Do

Replaces exception-driven numeric parsing in AppSecRequestContext.convertToNumericAttribute() with fast-path validation to eliminate NumberFormatException overhead when processing non-numeric attribute values.

Key changes:

• Adds pre-validation check before attempting numeric parsing (validates format: optional sign, digits, single decimal, scientific notation)
• Trims whitespace before validation (fixes strings like " 42 ")
• Maintains try-catch as fallback for overflow edge cases
• Adds comprehensive test coverage (49 new edge case tests)
• Adds JMH benchmarks demonstrating performance improvement

Motivation

Fixes #10494 - Memory growth/overhead in production services with DD_APPSEC_ENABLED=true.

Root cause: AppSec request processing frequently attempts to parse non-numeric attribute values (health check responses, request IDs, headers) as numbers. Each failed parse throws a NumberFormatException, causing ~1000ns overhead + allocation per call. Under profiling, this amplifies into observable memory pressure.

Additional Notes

Why numeric parsing matters: The tracer must distinguish numeric from string values for semantic correctness in Datadog backend. The traceSegment.setTagTop(key, value) method has type-specific overloads (Number, String, Boolean) that encode metadata for backend processing.

Performance impact (JMH benchmarks):

• Valid numeric inputs: 50-95 ns/op (optimized path maintained)
• Invalid inputs: 40-70 ns/op (fast rejection without exceptions)
• Estimated improvement: ~10-25x faster vs exception-driven parsing (based on known Java exception cost of ~1000ns+)

Contributor Checklist

• Format the title according the contribution guidelines
• Assign the type: and (comp: or inst:) labels in addition to any useful labels
• Don't use close, fix or any linking keywords when referencing an issue.
  Use solves instead, and assign the PR milestone to the issue
• Update the CODEOWNERS file on source file addition, move, or deletion
• Update the public documentation in case of new configuration flag or behavior

Jira ticket: APPSEC-61110

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 414bf71220

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[pr-commenter]

Benchmarks

Startup

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/issue-10494
git_commit_date	1770367396	1770367768
git_commit_sha	b83178b	4004a3a
release_version	1.60.0-SNAPSHOT~b83178b28d	1.60.0-SNAPSHOT~4004a3ad21

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1770369509	1770369509
ci_job_id	1405600788	1405600788
ci_pipeline_id	94966133	94966133
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-0-yr8j2lha 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-0-yr8j2lha 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module	Agent	Agent
parent	None	None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 65 metrics, 6 unstable metrics.

Startup time reports for insecure-bank

gantt
    title insecure-bank - global startup overhead: candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1066374
Total [baseline] (8.768 s) : 0, 8768290
Agent [candidate] (1.065 s) : 0, 1065135
Total [candidate] (8.756 s) : 0, 8755744
section iast
Agent [baseline] (1.242 s) : 0, 1242482
Total [baseline] (9.393 s) : 0, 9393130
Agent [candidate] (1.233 s) : 0, 1233148
Total [candidate] (9.393 s) : 0, 9393484

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.066 s	-
Agent	iast	1.242 s	176.107 ms (16.5%)
Total	tracing	8.768 s	-
Total	iast	9.393 s	624.84 ms (7.1%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.065 s	-
Agent	iast	1.233 s	168.013 ms (15.8%)
Total	tracing	8.756 s	-
Total	iast	9.393 s	637.74 ms (7.3%)

gantt
    title insecure-bank - break down per module: candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.197 ms) : 0, 1197
crashtracking [candidate] (1.19 ms) : 0, 1190
BytebuddyAgent [baseline] (630.543 ms) : 0, 630543
BytebuddyAgent [candidate] (629.126 ms) : 0, 629126
AgentMeter [baseline] (28.9 ms) : 0, 28900
AgentMeter [candidate] (28.899 ms) : 0, 28899
GlobalTracer [baseline] (258.253 ms) : 0, 258253
GlobalTracer [candidate] (258.024 ms) : 0, 258024
AppSec [baseline] (32.927 ms) : 0, 32927
AppSec [candidate] (32.74 ms) : 0, 32740
Debugger [baseline] (59.794 ms) : 0, 59794
Debugger [candidate] (62.085 ms) : 0, 62085
Remote Config [baseline] (630.314 µs) : 0, 630
Remote Config [candidate] (608.652 µs) : 0, 609
Telemetry [baseline] (10.849 ms) : 0, 10849
Telemetry [candidate] (10.592 ms) : 0, 10592
Flare Poller [baseline] (7.711 ms) : 0, 7711
Flare Poller [candidate] (6.45 ms) : 0, 6450
section iast
crashtracking [baseline] (1.217 ms) : 0, 1217
crashtracking [candidate] (1.198 ms) : 0, 1198
BytebuddyAgent [baseline] (803.707 ms) : 0, 803707
BytebuddyAgent [candidate] (796.635 ms) : 0, 796635
AgentMeter [baseline] (11.562 ms) : 0, 11562
AgentMeter [candidate] (11.322 ms) : 0, 11322
GlobalTracer [baseline] (249.972 ms) : 0, 249972
GlobalTracer [candidate] (248.766 ms) : 0, 248766
AppSec [baseline] (34.304 ms) : 0, 34304
AppSec [candidate] (34.999 ms) : 0, 34999
Debugger [baseline] (66.105 ms) : 0, 66105
Debugger [candidate] (65.157 ms) : 0, 65157
Remote Config [baseline] (555.707 µs) : 0, 556
Remote Config [candidate] (543.039 µs) : 0, 543
Telemetry [baseline] (8.775 ms) : 0, 8775
Telemetry [candidate] (8.685 ms) : 0, 8685
Flare Poller [baseline] (3.54 ms) : 0, 3540
Flare Poller [candidate] (3.473 ms) : 0, 3473
IAST [baseline] (27.087 ms) : 0, 27087
IAST [candidate] (27.025 ms) : 0, 27025

Loading

Startup time reports for petclinic

gantt
    title petclinic - global startup overhead: candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.069 s) : 0, 1069047
Total [baseline] (10.932 s) : 0, 10932479
Agent [candidate] (1.07 s) : 0, 1069796
Total [candidate] (11.034 s) : 0, 11034386
section appsec
Agent [baseline] (1.241 s) : 0, 1240800
Total [baseline] (11.02 s) : 0, 11019982
Agent [candidate] (1.243 s) : 0, 1242907
Total [candidate] (10.966 s) : 0, 10965889
section iast
Agent [baseline] (1.236 s) : 0, 1236359
Total [baseline] (11.285 s) : 0, 11285034
Agent [candidate] (1.234 s) : 0, 1234201
Total [candidate] (11.212 s) : 0, 11212391
section profiling
Agent [baseline] (1.193 s) : 0, 1193218
Total [baseline] (11.047 s) : 0, 11047092
Agent [candidate] (1.189 s) : 0, 1189368
Total [candidate] (11.052 s) : 0, 11052444

Loading

• baseline results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.069 s	-
Agent	appsec	1.241 s	171.754 ms (16.1%)
Agent	iast	1.236 s	167.313 ms (15.7%)
Agent	profiling	1.193 s	124.171 ms (11.6%)
Total	tracing	10.932 s	-
Total	appsec	11.02 s	87.503 ms (0.8%)
Total	iast	11.285 s	352.556 ms (3.2%)
Total	profiling	11.047 s	114.613 ms (1.0%)

• candidate results

Module	Variant	Duration	Δ tracing
Agent	tracing	1.07 s	-
Agent	appsec	1.243 s	173.111 ms (16.2%)
Agent	iast	1.234 s	164.405 ms (15.4%)
Agent	profiling	1.189 s	119.572 ms (11.2%)
Total	tracing	11.034 s	-
Total	appsec	10.966 s	-68.497 ms (-0.6%)
Total	iast	11.212 s	178.005 ms (1.6%)
Total	profiling	11.052 s	18.058 ms (0.2%)

gantt
    title petclinic - break down per module: candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.194 ms) : 0, 1194
crashtracking [candidate] (1.18 ms) : 0, 1180
BytebuddyAgent [baseline] (630.896 ms) : 0, 630896
BytebuddyAgent [candidate] (629.647 ms) : 0, 629647
AgentMeter [baseline] (28.937 ms) : 0, 28937
AgentMeter [candidate] (29.093 ms) : 0, 29093
GlobalTracer [baseline] (258.352 ms) : 0, 258352
GlobalTracer [candidate] (259.442 ms) : 0, 259442
AppSec [baseline] (32.893 ms) : 0, 32893
AppSec [candidate] (33.224 ms) : 0, 33224
Debugger [baseline] (64.414 ms) : 0, 64414
Debugger [candidate] (61.791 ms) : 0, 61791
Remote Config [baseline] (620.357 µs) : 0, 620
Remote Config [candidate] (625.631 µs) : 0, 626
Telemetry [baseline] (10.836 ms) : 0, 10836
Telemetry [candidate] (14.858 ms) : 0, 14858
Flare Poller [baseline] (5.4 ms) : 0, 5400
Flare Poller [candidate] (4.556 ms) : 0, 4556
section appsec
crashtracking [baseline] (1.191 ms) : 0, 1191
crashtracking [candidate] (1.201 ms) : 0, 1201
BytebuddyAgent [baseline] (658.502 ms) : 0, 658502
BytebuddyAgent [candidate] (660.224 ms) : 0, 660224
AgentMeter [baseline] (11.965 ms) : 0, 11965
AgentMeter [candidate] (11.986 ms) : 0, 11986
GlobalTracer [baseline] (258.84 ms) : 0, 258840
GlobalTracer [candidate] (259.651 ms) : 0, 259651
IAST [baseline] (25.35 ms) : 0, 25350
IAST [candidate] (25.376 ms) : 0, 25376
AppSec [baseline] (168.533 ms) : 0, 168533
AppSec [candidate] (168.19 ms) : 0, 168190
Debugger [baseline] (67.684 ms) : 0, 67684
Debugger [candidate] (67.514 ms) : 0, 67514
Remote Config [baseline] (657.926 µs) : 0, 658
Remote Config [candidate] (670.581 µs) : 0, 671
Telemetry [baseline] (9.106 ms) : 0, 9106
Telemetry [candidate] (9.089 ms) : 0, 9089
Flare Poller [baseline] (3.661 ms) : 0, 3661
Flare Poller [candidate] (3.625 ms) : 0, 3625
section iast
crashtracking [baseline] (1.183 ms) : 0, 1183
crashtracking [candidate] (1.182 ms) : 0, 1182
BytebuddyAgent [baseline] (798.374 ms) : 0, 798374
BytebuddyAgent [candidate] (796.944 ms) : 0, 796944
AgentMeter [baseline] (11.311 ms) : 0, 11311
AgentMeter [candidate] (11.281 ms) : 0, 11281
GlobalTracer [baseline] (248.466 ms) : 0, 248466
GlobalTracer [candidate] (248.786 ms) : 0, 248786
IAST [baseline] (27.002 ms) : 0, 27002
IAST [candidate] (26.846 ms) : 0, 26846
AppSec [baseline] (34.929 ms) : 0, 34929
AppSec [candidate] (34.563 ms) : 0, 34563
Debugger [baseline] (66.875 ms) : 0, 66875
Debugger [candidate] (66.403 ms) : 0, 66403
Remote Config [baseline] (551.794 µs) : 0, 552
Remote Config [candidate] (550.182 µs) : 0, 550
Telemetry [baseline] (8.753 ms) : 0, 8753
Telemetry [candidate] (8.745 ms) : 0, 8745
Flare Poller [baseline] (3.482 ms) : 0, 3482
Flare Poller [candidate] (3.453 ms) : 0, 3453
section profiling
crashtracking [baseline] (1.241 ms) : 0, 1241
crashtracking [candidate] (1.213 ms) : 0, 1213
BytebuddyAgent [baseline] (683.774 ms) : 0, 683774
BytebuddyAgent [candidate] (680.86 ms) : 0, 680860
AgentMeter [baseline] (9.026 ms) : 0, 9026
AgentMeter [candidate] (8.994 ms) : 0, 8994
GlobalTracer [baseline] (216.314 ms) : 0, 216314
GlobalTracer [candidate] (215.705 ms) : 0, 215705
AppSec [baseline] (32.433 ms) : 0, 32433
AppSec [candidate] (32.368 ms) : 0, 32368
Debugger [baseline] (67.908 ms) : 0, 67908
Debugger [candidate] (67.66 ms) : 0, 67660
Remote Config [baseline] (606.346 µs) : 0, 606
Remote Config [candidate] (609.491 µs) : 0, 609
Telemetry [baseline] (8.849 ms) : 0, 8849
Telemetry [candidate] (8.962 ms) : 0, 8962
Flare Poller [baseline] (3.747 ms) : 0, 3747
Flare Poller [candidate] (3.752 ms) : 0, 3752
ProfilingAgent [baseline] (99.221 ms) : 0, 99221
ProfilingAgent [candidate] (99.418 ms) : 0, 99418
Profiling [baseline] (99.79 ms) : 0, 99790
Profiling [candidate] (99.986 ms) : 0, 99986

Loading

Load

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/issue-10494
git_commit_date	1770367396	1770367768
git_commit_sha	b83178b	4004a3a
release_version	1.60.0-SNAPSHOT~b83178b28d	1.60.0-SNAPSHOT~4004a3ad21

See matching parameters

	Baseline	Candidate
application	insecure-bank	insecure-bank
ci_job_date	1770369995	1770369995
ci_job_id	1405600791	1405600791
ci_pipeline_id	94966133	94966133
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-1-o4fvjsed 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-1-o4fvjsed 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 3 performance regressions! Performance is the same for 14 metrics, 17 unstable metrics.

scenario	Δ mean agg_http_req_duration_p50	Δ mean agg_http_req_duration_p95	Δ mean throughput	candidate mean agg_http_req_duration_p50	candidate mean agg_http_req_duration_p95	candidate mean throughput	baseline mean agg_http_req_duration_p50	baseline mean agg_http_req_duration_p95	baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load	worse [+143.023µs; +258.581µs] or [+5.342%; +9.659%]	unstable [-956.738µs; +950.825µs] or [-11.653%; +11.581%]	unstable [-234.224op/s; +61.724op/s] or [-17.681%; +4.660%]	2.878ms	8.207ms	1238.438op/s	2.677ms	8.210ms	1324.688op/s
scenario:load:insecure-bank:iast_FULL:high_load	better [-377.691µs; -171.438µs] or [-6.841%; -3.105%]	better [-1063.870µs; -378.622µs] or [-8.082%; -2.876%]	unstable [-39.501op/s; +116.376op/s] or [-5.280%; +15.556%]	5.246ms	12.443ms	786.562op/s	5.521ms	13.164ms	748.125op/s
scenario:load:petclinic:iast:high_load	worse [+0.862ms; +1.936ms] or [+5.015%; +11.269%]	worse [+0.699ms; +2.502ms] or [+2.441%; +8.734%]	unstable [-42.029op/s; +8.842op/s] or [-15.892%; +3.343%]	18.577ms	30.244ms	247.875op/s	17.179ms	28.643ms	264.469op/s

Request duration reports for petclinic

gantt
    title petclinic - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (18.559 ms) : 18371, 18746
.   : milestone, 18559,
appsec (19.006 ms) : 18811, 19200
.   : milestone, 19006,
code_origins (17.614 ms) : 17439, 17789
.   : milestone, 17614,
iast (17.644 ms) : 17466, 17822
.   : milestone, 17644,
profiling (18.91 ms) : 18722, 19098
.   : milestone, 18910,
tracing (17.633 ms) : 17463, 17803
.   : milestone, 17633,
section candidate
no_agent (19.55 ms) : 19346, 19754
.   : milestone, 19550,
appsec (18.58 ms) : 18392, 18769
.   : milestone, 18580,
code_origins (17.769 ms) : 17591, 17946
.   : milestone, 17769,
iast (18.827 ms) : 18634, 19021
.   : milestone, 18827,
profiling (18.847 ms) : 18658, 19036
.   : milestone, 18847,
tracing (17.769 ms) : 17591, 17946
.   : milestone, 17769,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	18.559 ms [18.371 ms, 18.746 ms]	-
appsec	19.006 ms [18.811 ms, 19.2 ms]	447.361 µs (2.4%)
code_origins	17.614 ms [17.439 ms, 17.789 ms]	-944.55 µs (-5.1%)
iast	17.644 ms [17.466 ms, 17.822 ms]	-914.314 µs (-4.9%)
profiling	18.91 ms [18.722 ms, 19.098 ms]	351.304 µs (1.9%)
tracing	17.633 ms [17.463 ms, 17.803 ms]	-925.614 µs (-5.0%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	19.55 ms [19.346 ms, 19.754 ms]	-
appsec	18.58 ms [18.392 ms, 18.769 ms]	-969.535 µs (-5.0%)
code_origins	17.769 ms [17.591 ms, 17.946 ms]	-1.781 ms (-9.1%)
iast	18.827 ms [18.634 ms, 19.021 ms]	-722.415 µs (-3.7%)
profiling	18.847 ms [18.658 ms, 19.036 ms]	-702.925 µs (-3.6%)
tracing	17.769 ms [17.591 ms, 17.946 ms]	-1.781 ms (-9.1%)

Request duration reports for insecure-bank

gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.186 ms) : 1174, 1197
.   : milestone, 1186,
iast (3.251 ms) : 3206, 3295
.   : milestone, 3251,
iast_FULL (6.185 ms) : 6121, 6250
.   : milestone, 6185,
iast_GLOBAL (3.46 ms) : 3401, 3519
.   : milestone, 3460,
profiling (2.091 ms) : 2070, 2111
.   : milestone, 2091,
tracing (1.813 ms) : 1798, 1829
.   : milestone, 1813,
section candidate
no_agent (1.198 ms) : 1186, 1210
.   : milestone, 1198,
iast (3.219 ms) : 3177, 3262
.   : milestone, 3219,
iast_FULL (5.88 ms) : 5822, 5938
.   : milestone, 5880,
iast_GLOBAL (3.706 ms) : 3636, 3775
.   : milestone, 3706,
profiling (2.039 ms) : 2022, 2057
.   : milestone, 2039,
tracing (1.88 ms) : 1863, 1897
.   : milestone, 1880,

Loading

• baseline results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.186 ms [1.174 ms, 1.197 ms]	-
iast	3.251 ms [3.206 ms, 3.295 ms]	2.065 ms (174.2%)
iast_FULL	6.185 ms [6.121 ms, 6.25 ms]	5.0 ms (421.7%)
iast_GLOBAL	3.46 ms [3.401 ms, 3.519 ms]	2.275 ms (191.9%)
profiling	2.091 ms [2.07 ms, 2.111 ms]	905.201 µs (76.4%)
tracing	1.813 ms [1.798 ms, 1.829 ms]	627.589 µs (52.9%)

• candidate results

Variant	Request duration [CI 0.99]	Δ no_agent
no_agent	1.198 ms [1.186 ms, 1.21 ms]	-
iast	3.219 ms [3.177 ms, 3.262 ms]	2.022 ms (168.8%)
iast_FULL	5.88 ms [5.822 ms, 5.938 ms]	4.682 ms (390.9%)
iast_GLOBAL	3.706 ms [3.636 ms, 3.775 ms]	2.508 ms (209.4%)
profiling	2.039 ms [2.022 ms, 2.057 ms]	841.618 µs (70.3%)
tracing	1.88 ms [1.863 ms, 1.897 ms]	682.493 µs (57.0%)

Dacapo

Parameters

	Baseline	Candidate
baseline_or_candidate	baseline	candidate
git_branch	master	alejandro.gonzalez/issue-10494
git_commit_date	1770367396	1770367768
git_commit_sha	b83178b	4004a3a
release_version	1.60.0-SNAPSHOT~b83178b28d	1.60.0-SNAPSHOT~4004a3ad21

See matching parameters

	Baseline	Candidate
application	biojava	biojava
ci_job_date	1770369753	1770369753
ci_job_id	1405600793	1405600793
ci_pipeline_id	94966133	94966133
cpu_model	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version	Linux runner-zfyrx7zua-project-304-concurrent-2-zrwpuv3i 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux	Linux runner-zfyrx7zua-project-304-concurrent-2-zrwpuv3i 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 11 metrics, 1 unstable metrics.

Execution time for biojava

gantt
    title biojava - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.961 s) : 14961000, 14961000
.   : milestone, 14961000,
appsec (14.577 s) : 14577000, 14577000
.   : milestone, 14577000,
iast (17.91 s) : 17910000, 17910000
.   : milestone, 17910000,
iast_GLOBAL (17.667 s) : 17667000, 17667000
.   : milestone, 17667000,
profiling (14.992 s) : 14992000, 14992000
.   : milestone, 14992000,
tracing (15.195 s) : 15195000, 15195000
.   : milestone, 15195000,
section candidate
no_agent (15.114 s) : 15114000, 15114000
.   : milestone, 15114000,
appsec (14.89 s) : 14890000, 14890000
.   : milestone, 14890000,
iast (18.127 s) : 18127000, 18127000
.   : milestone, 18127000,
iast_GLOBAL (17.781 s) : 17781000, 17781000
.   : milestone, 17781000,
profiling (14.965 s) : 14965000, 14965000
.   : milestone, 14965000,
tracing (14.849 s) : 14849000, 14849000
.   : milestone, 14849000,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	14.961 s [14.961 s, 14.961 s]	-
appsec	14.577 s [14.577 s, 14.577 s]	-384.0 ms (-2.6%)
iast	17.91 s [17.91 s, 17.91 s]	2.949 s (19.7%)
iast_GLOBAL	17.667 s [17.667 s, 17.667 s]	2.706 s (18.1%)
profiling	14.992 s [14.992 s, 14.992 s]	31.0 ms (0.2%)
tracing	15.195 s [15.195 s, 15.195 s]	234.0 ms (1.6%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	15.114 s [15.114 s, 15.114 s]	-
appsec	14.89 s [14.89 s, 14.89 s]	-224.0 ms (-1.5%)
iast	18.127 s [18.127 s, 18.127 s]	3.013 s (19.9%)
iast_GLOBAL	17.781 s [17.781 s, 17.781 s]	2.667 s (17.6%)
profiling	14.965 s [14.965 s, 14.965 s]	-149.0 ms (-1.0%)
tracing	14.849 s [14.849 s, 14.849 s]	-265.0 ms (-1.8%)

Execution time for tomcat

gantt
    title tomcat - execution time [CI 0.99] : candidate=1.60.0-SNAPSHOT~4004a3ad21, baseline=1.60.0-SNAPSHOT~b83178b28d
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.472 ms) : 1461, 1484
.   : milestone, 1472,
appsec (3.694 ms) : 3478, 3911
.   : milestone, 3694,
iast (2.264 ms) : 2194, 2334
.   : milestone, 2264,
iast_GLOBAL (2.305 ms) : 2235, 2374
.   : milestone, 2305,
profiling (2.078 ms) : 2023, 2132
.   : milestone, 2078,
tracing (2.069 ms) : 2015, 2123
.   : milestone, 2069,
section candidate
no_agent (1.469 ms) : 1457, 1480
.   : milestone, 1469,
appsec (3.786 ms) : 3566, 4006
.   : milestone, 3786,
iast (2.257 ms) : 2188, 2326
.   : milestone, 2257,
iast_GLOBAL (2.305 ms) : 2235, 2375
.   : milestone, 2305,
profiling (2.079 ms) : 2024, 2134
.   : milestone, 2079,
tracing (2.072 ms) : 2018, 2126
.   : milestone, 2072,

Loading

• baseline results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.472 ms [1.461 ms, 1.484 ms]	-
appsec	3.694 ms [3.478 ms, 3.911 ms]	2.222 ms (151.0%)
iast	2.264 ms [2.194 ms, 2.334 ms]	791.916 µs (53.8%)
iast_GLOBAL	2.305 ms [2.235 ms, 2.374 ms]	832.432 µs (56.5%)
profiling	2.078 ms [2.023 ms, 2.132 ms]	605.504 µs (41.1%)
tracing	2.069 ms [2.015 ms, 2.123 ms]	596.544 µs (40.5%)

• candidate results

Variant	Execution Time [CI 0.99]	Δ no_agent
no_agent	1.469 ms [1.457 ms, 1.48 ms]	-
appsec	3.786 ms [3.566 ms, 4.006 ms]	2.318 ms (157.8%)
iast	2.257 ms [2.188 ms, 2.326 ms]	788.556 µs (53.7%)
iast_GLOBAL	2.305 ms [2.235 ms, 2.375 ms]	836.365 µs (57.0%)
profiling	2.079 ms [2.024 ms, 2.134 ms]	610.747 µs (41.6%)
tracing	2.072 ms [2.018 ms, 2.126 ms]	603.154 µs (41.1%)

[dougqh]

Nice. Thank you for doing that.
My only thought is that it would be nice to play this into a static utility that can be used throughout the code base.

[jandro996]

Nice. Thank you for doing that. My only thought is that it would be nice to play this into a static utility that can be used throughout the code base.

Thanks for the review @dougqh, I’ve moved the implementation into a static utility, as you suggested.