feat(profiling): TlsConfig for reusable TLS init#1619
feat(profiling): TlsConfig for reusable TLS init#1619morrisonlevi wants to merge 2 commits intomainfrom
Conversation
📚 Documentation Check Results📦
|
🔒 Cargo Deny Results📦
|
ProfileExporter::new() initializes TLS on every call, which on Linux involves expensive disk I/O to load the system certificate store. Add TlsConfig (wrapping rustls::ClientConfig with the platform verifier) and ProfileExporter::new_with_tls() so callers can initialize TLS once and reuse it across exporter instances. FFI: adds ddog_prof_TlsConfig_new, TlsConfig_try_clone, TlsConfig_drop, and Exporter_new_with_tls via ArcHandle<TlsConfig> for shared ownership. Co-authored-by: Cursor <cursoragent@cursor.com>
Clippy Allow Annotation ReportComparing clippy allow annotations between branches:
Summary by Rule
Annotation Counts by File
Annotation Stats by Crate
About This ReportThis report tracks Clippy allow annotations for specific rules, showing how they've changed in this PR. Decreasing the number of these annotations generally improves code quality. |
c58ab33 to
eb5eef9
Compare
Co-authored-by: Cursor <cursoragent@cursor.com>
BenchmarksComparisonBenchmark execution time: 2026-02-20 20:39:11 Comparing candidate commit f8ed78c in PR branch Found 0 performance improvements and 2 performance regressions! Performance is the same for 55 metrics, 2 unstable metrics. scenario:credit_card/is_card_number/378282246310005
CandidateCandidate benchmark detailsGroup 1
Group 2
Group 3
Group 4
Group 5
Group 6
Group 7
Group 8
Group 9
Group 10
Group 11
Group 12
Group 13
Group 14
Group 15
Group 16
Group 17
Group 18
Group 19
BaselineOmitted due to size. |
Artifact Size Benchmark Reportaarch64-alpine-linux-musl
aarch64-apple-darwin
aarch64-unknown-linux-gnu
libdatadog-x64-windows
libdatadog-x86-windows
x86_64-alpine-linux-musl
x86_64-apple-darwin
x86_64-unknown-linux-gnu
|
|
✨ Fix all issues with BitsAI or with Cursor
|
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #1619 +/- ##
==========================================
- Coverage 71.24% 71.21% -0.04%
==========================================
Files 423 424 +1
Lines 62198 62261 +63
==========================================
+ Hits 44315 44338 +23
- Misses 17883 17923 +40
🚀 New features to boost your workflow:
|
What does this PR do?
Adds a
TlsConfigtype that wraps arustls::ClientConfigpre-configuredwith the platform certificate verifier. Callers create a
TlsConfigonceand pass it to the new
ProfileExporter::new_with_tls()constructor,which injects it via
reqwest::ClientBuilder::tls_backend_preconfigured().The old
ProfileExporter::new()and its FFI counterpartddog_prof_Exporter_neware marked#[deprecated].FFI surface:
ddog_prof_TlsConfig_new— creates a ref-counted TLS config handleddog_prof_TlsConfig_try_clone— bumps the ref countddog_prof_TlsConfig_drop— decrements the ref countddog_prof_Exporter_new_with_tls— creates an exporter using apre-built TLS config
Motivation
ProfileExporter::new()callsreqwest::ClientBuilder::build(), whichinitializes TLS from scratch every time. On Linux this means loading and
parsing the system certificate store from disk on every exporter creation
— an expensive operation that was identified as a performance regression
when upgrading libdatadog from v25 to v27.
Additional Notes
TlsConfigisClone(cheap — innerArc), and exposed viaArcHandle<TlsConfig>in FFI for shared, ref-counted ownership.ProfileExporter::new()now delegates toTlsConfig::new()+new_with_tls()internally.Note that in v25, this config caching was done implicitly. I'm not a big fan of statics hidden away in libraries, though, so I'm seeing how a new API goes.
How to test the change?
Linux performance: Create a
TlsConfigonce, then create multipleexporters with
new_with_tls. Verify that only the firstTlsConfig::new()call incurs the certificate loading cost.Backwards compatibility: The old
ddog_prof_Exporter_newcontinuesto work (it creates a
TlsConfiginternally). Callers see adeprecation warning guiding them to the new API.