Optimize JNI performance and fix Decimal validation#349
Merged
muditchaudhary merged 6 commits intocedar-policy:mainfrom Apr 21, 2026
Merged
Optimize JNI performance and fix Decimal validation#349muditchaudhary merged 6 commits intocedar-policy:mainfrom
muditchaudhary merged 6 commits intocedar-policy:mainfrom
Conversation
added 3 commits
April 17, 2026 08:44
Improve JNI call performance ~3x with reduced overhead. Add JMH benchmark suite for tracking JNI performance. Fix Decimal validator to accept leading zeros in corpus integration tests. Signed-off-by: Chris Simmons <simmonsc@amazon.com>
Rename snake_case methods to camelCase to comply with the MethodName
checkstyle rule ('^[a-z][a-zA-Z0-9]*$').
Signed-off-by: Chris Simmons <simmonsc@amazon.com>
JMH generates padding fields and dead stores intentionally for cache-line isolation, which triggers false positives in SpotBugs. Signed-off-by: Chris Simmons <simmonsc@amazon.com>
| smallEntities.add(new Entity(resource, new HashMap<>(), new HashSet<>())); | ||
| } | ||
|
|
||
| private void setUpMediumScenario() throws Exception { |
Contributor
There was a problem hiding this comment.
Nit: I think if we anticipate adding more scenarios, we might want to rename this (perhaps basicPhotoFlashScenario), but I think this is good as is
| if (node.size() == 1) { | ||
| if (node.has(ENTITY_ESCAPE_SEQ)) { | ||
| JsonNode val = node.get(ENTITY_ESCAPE_SEQ); | ||
| if (val.isObject() && val.has("id") && val.has("type") && val.size() == 2) { |
Contributor
There was a problem hiding this comment.
Nit: Looks like we can also shed the val.isObject() && because val.has(...) checks this already
Method that allows checking whether this node is JSON Object node and contains value for specified property.
muditchaudhary
requested changes
Apr 18, 2026
Contributor
muditchaudhary
left a comment
muditchaudhary
left a comment
There was a problem hiding this comment.
Mostly nits except for decimal validation.
| JsonNode val = node.get(ENTITY_ESCAPE_SEQ); | ||
| if (val.isObject() && val.has("id") && val.has("type") && val.size() == 2) { | ||
| EntityIdentifier id = new EntityIdentifier(val.get("id").textValue()); | ||
| Optional<EntityTypeName> type = EntityTypeName.parse(val.get("type").textValue()); |
Contributor
There was a problem hiding this comment.
Not required for this PR, but something I remembered while reviewing it: we can further optimize the deserializer by caching results from pure functions that cross the FFI boundary like EntityTypeName.parse(_) to avoid redundant and expensive FFI roundtrip costs for the same inputs. Can probably extend this idea beyond deserializers.
| mediumRequest = new AuthorizationRequest(principal, action, resource, new HashMap<>()); | ||
|
|
||
| Set<Policy> policies = new HashSet<>(); | ||
| policies.add(new Policy( |
Contributor
| let handle = thread::spawn(move || call_cedar_in_thread(j_call_str, j_input_str)); | ||
|
|
||
| let result = match handle.join() { | ||
| let result = match panic::catch_unwind(|| call_cedar(&j_call_str, &j_input_str)) { |
Contributor
There was a problem hiding this comment.
This is nice.
Nit: call_cedar_in_thread is probably dead code now.
added 2 commits
April 18, 2026 15:52
- Fix Decimal validation to correctly handle leading zeros and enforce range bounds [-922337203685477.5808, 922337203685477.5807] instead of the previous format-only regex check - Add DecimalTests covering boundary values, leading zeros, and out-of-range rejection - Remove unused EscapeType enum from ValueDeserializer - Remove redundant val.isObject() check in entity deserialization - Move benchmark policies and entities to resource files, use PolicySet.parsePolicies() and Entities.parse() instead of inline construction Signed-off-by: Chris Simmons <simmonsc@amazon.com>
Add --locked flag to cargo install for cargo-zigbuild to prevent dependency resolution from pulling cargo-platform 0.3.3 which requires rustc 1.91. Also fix trailing whitespace flagged by checkstyle. Signed-off-by: Chris Simmons <simmonsc@amazon.com>
Tighten Decimal regex to require digits before and after the dot, rejecting invalid forms like .1, 1., and -.0. Simplify range validation using BigDecimal. Remove trim() to reject whitespace inputs. Add edge case tests. Fix JMH resource path so benchmarks run. Signed-off-by: Chris Simmons <simmonsc@amazon.com>
muditchaudhary
approved these changes
Apr 20, 2026
mark-creamer-amazon
approved these changes
Apr 21, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Improve JNI call performance ~3x with reduced overhead. Add JMH benchmark suite for tracking JNI performance. Fix Decimal validator to accept leading zeros in corpus integration tests.
Issue #, if available:
Description of changes:
Cedar-Java JMH Benchmark Results — After Performance Fixes
Date: 2026-04-15
Base: 1d141bc (main)
JDK: 21.0.10 (Corretto)
JMH: 1.37
OS: macOS (Darwin 25.3.0, aarch64)
Config: @WarmUp(iterations=3, time=1) @measurement(iterations=5, time=1) @fork(1)
Changes applied:
Results (thorough run: 2 forks, 5 warmup, 20 measurement iterations):
Benchmark Mode Cnt Score Error Units
AuthorizationBenchmark.isAuthorized_medium avgt 40 122.606 ± 2.303 us/op
AuthorizationBenchmark.isAuthorized_small avgt 40 25.416 ± 0.837 us/op
AuthorizationBenchmark.validate_small avgt 40 159.865 ± 29.990 us/op
Comparison to baseline (1d141bc):
Baseline After Improvement
isAuthorized_small 85.4 ± 3.4 25.4 ± 0.8 ~3.4x faster
isAuthorized_medium 329.1 ± 258.4 122.6 ± 2.3 ~2.7x faster
validate_small 353.3 ± 146.0 159.9 ± 30.0 ~2.2x faster