Skip to content

🪞 10671 - Fix platform-dependent String.getBytes() calls to use explicit UTF-8 charset#11149

Merged
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomasterfrom
community-pr-10671
Apr 17, 2026
Merged

🪞 10671 - Fix platform-dependent String.getBytes() calls to use explicit UTF-8 charset#11149
gh-worker-dd-mergequeue-cf854d[bot] merged 3 commits intomasterfrom
community-pr-10671

Conversation

@mcculls
Copy link
Copy Markdown
Contributor

@mcculls mcculls commented Apr 17, 2026

This PR mirrors the changes from the original community contribution to enable CI testing with maintainer privileges.

Original PR: #10671
Original Author: @saravadeo
Original Branch: saravadeo/dd-trace-java:fix/explicit-charset-in-getbytes-calls

Closes #10671

This is an automated mirror created to run CI checks. See tooling/mirror-community-pull-request.sh for details.

@mcculls mcculls requested review from a team as code owners April 17, 2026 14:47
@mcculls mcculls requested review from claponcet, evanchooly and manuel-alvarez-alvarez and removed request for a team April 17, 2026 14:47
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 17, 2026
edited
Loading

Hi! 👋 Thanks for your pull request! 🎉

To help us review it, please make sure to:

  • Add at least one type, and one component or instrumentation label to the pull request

If you need help, please check our contributing guidelines.

@mcculls mcculls force-pushed the community-pr-10671 branch from f2ad8aa to 157ef83 Compare April 17, 2026 14:49
@saravadeo @mcculls
Fix platform-dependent String.getBytes() calls to use explicit UTF-8 …
484cf97 
…charset

Specify StandardCharsets.UTF_8 in String.getBytes() calls used with
MessageDigest and other encoding-sensitive APIs. Without an explicit
charset, getBytes() uses the platform's default charset, which can
vary across systems and produce inconsistent results.

Files changed:
- AppSecEventTracker: user ID anonymization hash now uses UTF-8,
  ensuring consistent hashing across all platforms. Also resolved
  the TODO about MessageDigest caching with a clarifying comment
  referencing micro-benchmark data showing negligible overhead.
- Fingerprinter: exception fingerprint hashes now use UTF-8.
- JsonStreamParser: JSON byte conversion now uses UTF-8 (JSON spec).
- LLMObsSpanMapper: writeUTF8() now receives actual UTF-8 bytes.
@mcculls mcculls force-pushed the community-pr-10671 branch from 157ef83 to 484cf97 Compare April 17, 2026 14:50
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Apr 17, 2026

Debugger benchmarks

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
ci_job_date 1776438038 1776438385
end_time 2026-04-17T15:02:03 2026-04-17T15:07:50
git_branch master community-pr-10671
git_commit_sha c13e821 484cf97
start_time 2026-04-17T15:00:39 2026-04-17T15:06:26
See matching parameters
Baseline Candidate
ci_job_id 1606073715 1606073715
ci_pipeline_id 108256724 108256724
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
git_commit_date 1776437424 1776437424

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 5 unstable metrics.

See unchanged results
scenario Δ mean agg_http_req_duration_min Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p75 Δ mean agg_http_req_duration_p99 Δ mean throughput
scenario:noprobe unstable
[-37.289µs; +14.608µs] or [-12.551%; +4.917%]		 unstable
[-52.111µs; +23.754µs] or [-15.163%; +6.912%]		 unstable
[-66.523µs; +32.116µs] or [-18.398%; +8.882%]		 unstable
[-78.957µs; +155.759µs] or [-6.977%; +13.763%]		 same
scenario:basic same same same unstable
[-111.801µs; +86.867µs] or [-10.507%; +8.164%]		 same
scenario:loop unsure
[-10.302µs; -4.397µs] or [-0.116%; -0.049%]		 same same same same
Request duration reports for reports 
gantt
    title reports - request duration [CI 0.99] : candidate=None, baseline=None
    dateFormat X
    axisFormat %s
section baseline
noprobe (343.676 µs) : 297, 390
.   : milestone, 344,
basic (296.151 µs) : 288, 304
.   : milestone, 296,
loop (8.975 ms) : 8969, 8980
.   : milestone, 8975,
section candidate
noprobe (329.497 µs) : 308, 351
.   : milestone, 329,
basic (293.782 µs) : 287, 301
.   : milestone, 294,
loop (8.973 ms) : 8967, 8978
.   : milestone, 8973,
Loading
  • baseline results
Scenario Request median duration [CI 0.99]
noprobe 343.676 µs [297.261 µs, 390.091 µs]
basic 296.151 µs [288.471 µs, 303.832 µs]
loop 8.975 ms [8.969 ms, 8.98 ms]
  • candidate results
Scenario Request median duration [CI 0.99]
noprobe 329.497 µs [308.342 µs, 350.653 µs]
basic 293.782 µs [286.918 µs, 300.646 µs]
loop 8.973 ms [8.967 ms, 8.978 ms]

dougqh
dougqh approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@dougqh dougqh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should add String.getBytes(no args) to the forbidden APIs list.
Although, I'd be fine with doing that in a separate PR.

mcculls added 2 commits April 17, 2026 16:33
@mcculls
Found a few more places using 'String.getBytes()' - all are working w…
19a6b30 
…ith UTF-8 strings
@mcculls
Add String.getBytes() to list of forbidden APIs: this uses the platfo…
31256a0 
…rm's default charset, which may not be UTF-8, and can lead to inconsistent results across systems
@pr-commenter
Copy link
Copy Markdown

pr-commenter Bot commented Apr 17, 2026
edited
Loading

Benchmarks

Startup

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master community-pr-10671
git_commit_date 1776432673 1776440287
git_commit_sha c13e821 31256a0
release_version 1.62.0-SNAPSHOT~c13e82148e 1.62.0-SNAPSHOT~31256a0f08
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776442742 1776442742
ci_job_id 1606373931 1606373931
ci_pipeline_id 108274271 108274271
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-i3q0lijs 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-i3q0lijs 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux
module Agent Agent
parent None None

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 61 metrics, 10 unstable metrics.

Startup time reports for insecure-bank 
gantt
    title insecure-bank - global startup overhead: candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.058 s) : 0, 1057782
Total [baseline] (8.82 s) : 0, 8819676
Agent [candidate] (1.055 s) : 0, 1055495
Total [candidate] (8.834 s) : 0, 8834347
section iast
Agent [baseline] (1.229 s) : 0, 1228724
Total [baseline] (9.598 s) : 0, 9597629
Agent [candidate] (1.222 s) : 0, 1222489
Total [candidate] (9.554 s) : 0, 9553559
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.058 s -
Agent iast 1.229 s 170.943 ms (16.2%)
Total tracing 8.82 s -
Total iast 9.598 s 777.953 ms (8.8%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.055 s -
Agent iast 1.222 s 166.994 ms (15.8%)
Total tracing 8.834 s -
Total iast 9.554 s 719.212 ms (8.1%) 
gantt
    title insecure-bank - break down per module: candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.23 ms) : 0, 1230
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (632.804 ms) : 0, 632804
BytebuddyAgent [candidate] (631.536 ms) : 0, 631536
AgentMeter [baseline] (29.681 ms) : 0, 29681
AgentMeter [candidate] (29.539 ms) : 0, 29539
GlobalTracer [baseline] (249.145 ms) : 0, 249145
GlobalTracer [candidate] (247.927 ms) : 0, 247927
AppSec [baseline] (32.582 ms) : 0, 32582
AppSec [candidate] (32.467 ms) : 0, 32467
Debugger [baseline] (59.432 ms) : 0, 59432
Debugger [candidate] (59.078 ms) : 0, 59078
Remote Config [baseline] (601.695 µs) : 0, 602
Remote Config [candidate] (587.459 µs) : 0, 587
Telemetry [baseline] (8.008 ms) : 0, 8008
Telemetry [candidate] (8.764 ms) : 0, 8764
Flare Poller [baseline] (8.151 ms) : 0, 8151
Flare Poller [candidate] (8.292 ms) : 0, 8292
section iast
crashtracking [baseline] (1.256 ms) : 0, 1256
crashtracking [candidate] (1.238 ms) : 0, 1238
BytebuddyAgent [baseline] (804.495 ms) : 0, 804495
BytebuddyAgent [candidate] (800.021 ms) : 0, 800021
AgentMeter [baseline] (11.683 ms) : 0, 11683
AgentMeter [candidate] (11.583 ms) : 0, 11583
GlobalTracer [baseline] (239.736 ms) : 0, 239736
GlobalTracer [candidate] (238.933 ms) : 0, 238933
AppSec [baseline] (32.905 ms) : 0, 32905
AppSec [candidate] (31.928 ms) : 0, 31928
Debugger [baseline] (63.084 ms) : 0, 63084
Debugger [candidate] (63.52 ms) : 0, 63520
Remote Config [baseline] (534.007 µs) : 0, 534
Remote Config [candidate] (538.811 µs) : 0, 539
Telemetry [baseline] (9.362 ms) : 0, 9362
Telemetry [candidate] (9.248 ms) : 0, 9248
Flare Poller [baseline] (3.574 ms) : 0, 3574
Flare Poller [candidate] (3.548 ms) : 0, 3548
IAST [baseline] (25.914 ms) : 0, 25914
IAST [candidate] (25.888 ms) : 0, 25888
Loading
Startup time reports for petclinic 
gantt
    title petclinic - global startup overhead: candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e

    dateFormat X
    axisFormat %s
section tracing
Agent [baseline] (1.066 s) : 0, 1065515
Total [baseline] (11.109 s) : 0, 11108864
Agent [candidate] (1.067 s) : 0, 1067098
Total [candidate] (11.023 s) : 0, 11022855
section appsec
Agent [baseline] (1.248 s) : 0, 1247608
Total [baseline] (11.112 s) : 0, 11111945
Agent [candidate] (1.246 s) : 0, 1246146
Total [candidate] (11.02 s) : 0, 11020023
section iast
Agent [baseline] (1.223 s) : 0, 1223082
Total [baseline] (11.362 s) : 0, 11362446
Agent [candidate] (1.224 s) : 0, 1224392
Total [candidate] (11.279 s) : 0, 11279317
section profiling
Agent [baseline] (1.194 s) : 0, 1194288
Total [baseline] (11.008 s) : 0, 11008014
Agent [candidate] (1.183 s) : 0, 1183468
Total [candidate] (11.086 s) : 0, 11085908
Loading
  • baseline results
Module Variant Duration Δ tracing
Agent tracing 1.066 s -
Agent appsec 1.248 s 182.094 ms (17.1%)
Agent iast 1.223 s 157.568 ms (14.8%)
Agent profiling 1.194 s 128.773 ms (12.1%)
Total tracing 11.109 s -
Total appsec 11.112 s 3.081 ms (0.0%)
Total iast 11.362 s 253.582 ms (2.3%)
Total profiling 11.008 s -100.85 ms (-0.9%)
  • candidate results
Module Variant Duration Δ tracing
Agent tracing 1.067 s -
Agent appsec 1.246 s 179.048 ms (16.8%)
Agent iast 1.224 s 157.294 ms (14.7%)
Agent profiling 1.183 s 116.37 ms (10.9%)
Total tracing 11.023 s -
Total appsec 11.02 s -2.832 ms (-0.0%)
Total iast 11.279 s 256.462 ms (2.3%)
Total profiling 11.086 s 63.053 ms (0.6%) 
gantt
    title petclinic - break down per module: candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e

    dateFormat X
    axisFormat %s
section tracing
crashtracking [baseline] (1.236 ms) : 0, 1236
crashtracking [candidate] (1.226 ms) : 0, 1226
BytebuddyAgent [baseline] (637.301 ms) : 0, 637301
BytebuddyAgent [candidate] (639.09 ms) : 0, 639090
AgentMeter [baseline] (29.777 ms) : 0, 29777
AgentMeter [candidate] (30.015 ms) : 0, 30015
GlobalTracer [baseline] (250.153 ms) : 0, 250153
GlobalTracer [candidate] (250.842 ms) : 0, 250842
AppSec [baseline] (32.627 ms) : 0, 32627
AppSec [candidate] (32.767 ms) : 0, 32767
Debugger [baseline] (60.309 ms) : 0, 60309
Debugger [candidate] (60.549 ms) : 0, 60549
Remote Config [baseline] (598.193 µs) : 0, 598
Remote Config [candidate] (596.049 µs) : 0, 596
Telemetry [baseline] (9.596 ms) : 0, 9596
Telemetry [candidate] (8.182 ms) : 0, 8182
Flare Poller [baseline] (7.65 ms) : 0, 7650
Flare Poller [candidate] (7.504 ms) : 0, 7504
section appsec
crashtracking [baseline] (1.22 ms) : 0, 1220
crashtracking [candidate] (1.211 ms) : 0, 1211
BytebuddyAgent [baseline] (662.227 ms) : 0, 662227
BytebuddyAgent [candidate] (660.55 ms) : 0, 660550
AgentMeter [baseline] (12.268 ms) : 0, 12268
AgentMeter [candidate] (12.175 ms) : 0, 12175
GlobalTracer [baseline] (248.255 ms) : 0, 248255
GlobalTracer [candidate] (247.757 ms) : 0, 247757
AppSec [baseline] (184.857 ms) : 0, 184857
AppSec [candidate] (185.022 ms) : 0, 185022
Debugger [baseline] (65.513 ms) : 0, 65513
Debugger [candidate] (66.123 ms) : 0, 66123
Remote Config [baseline] (600.81 µs) : 0, 601
Remote Config [candidate] (612.105 µs) : 0, 612
Telemetry [baseline] (8.359 ms) : 0, 8359
Telemetry [candidate] (8.42 ms) : 0, 8420
Flare Poller [baseline] (3.509 ms) : 0, 3509
Flare Poller [candidate] (3.505 ms) : 0, 3505
IAST [baseline] (24.448 ms) : 0, 24448
IAST [candidate] (24.537 ms) : 0, 24537
section iast
crashtracking [baseline] (1.238 ms) : 0, 1238
crashtracking [candidate] (1.227 ms) : 0, 1227
BytebuddyAgent [baseline] (799.868 ms) : 0, 799868
BytebuddyAgent [candidate] (800.871 ms) : 0, 800871
AgentMeter [baseline] (11.578 ms) : 0, 11578
AgentMeter [candidate] (11.583 ms) : 0, 11583
GlobalTracer [baseline] (238.684 ms) : 0, 238684
GlobalTracer [candidate] (238.739 ms) : 0, 238739
AppSec [baseline] (31.092 ms) : 0, 31092
AppSec [candidate] (30.381 ms) : 0, 30381
Debugger [baseline] (63.715 ms) : 0, 63715
Debugger [candidate] (66.14 ms) : 0, 66140
Remote Config [baseline] (539.72 µs) : 0, 540
Remote Config [candidate] (533.384 µs) : 0, 533
Telemetry [baseline] (9.368 ms) : 0, 9368
Telemetry [candidate] (9.409 ms) : 0, 9409
Flare Poller [baseline] (3.569 ms) : 0, 3569
Flare Poller [candidate] (3.593 ms) : 0, 3593
IAST [baseline] (27.362 ms) : 0, 27362
IAST [candidate] (25.773 ms) : 0, 25773
section profiling
crashtracking [baseline] (1.186 ms) : 0, 1186
crashtracking [candidate] (1.183 ms) : 0, 1183
BytebuddyAgent [baseline] (697.279 ms) : 0, 697279
BytebuddyAgent [candidate] (690.447 ms) : 0, 690447
AgentMeter [baseline] (9.315 ms) : 0, 9315
AgentMeter [candidate] (9.194 ms) : 0, 9194
GlobalTracer [baseline] (208.513 ms) : 0, 208513
GlobalTracer [candidate] (206.729 ms) : 0, 206729
AppSec [baseline] (33.043 ms) : 0, 33043
AppSec [candidate] (32.904 ms) : 0, 32904
Debugger [baseline] (66.442 ms) : 0, 66442
Debugger [candidate] (65.899 ms) : 0, 65899
Remote Config [baseline] (599.197 µs) : 0, 599
Remote Config [candidate] (591.727 µs) : 0, 592
Telemetry [baseline] (7.851 ms) : 0, 7851
Telemetry [candidate] (7.735 ms) : 0, 7735
Flare Poller [baseline] (3.568 ms) : 0, 3568
Flare Poller [candidate] (3.524 ms) : 0, 3524
ProfilingAgent [baseline] (94.675 ms) : 0, 94675
ProfilingAgent [candidate] (94.125 ms) : 0, 94125
Profiling [baseline] (95.238 ms) : 0, 95238
Profiling [candidate] (94.697 ms) : 0, 94697
Loading

Load

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master community-pr-10671
git_commit_date 1776432673 1776440287
git_commit_sha c13e821 31256a0
release_version 1.62.0-SNAPSHOT~c13e82148e 1.62.0-SNAPSHOT~31256a0f08
See matching parameters
Baseline Candidate
application insecure-bank insecure-bank
ci_job_date 1776443236 1776443236
ci_job_id 1606373934 1606373934
ci_pipeline_id 108274271 108274271
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-0-cjz3bwiz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-0-cjz3bwiz 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 2 performance improvements and 5 performance regressions! Performance is the same for 13 metrics, 16 unstable metrics.

scenario Δ mean agg_http_req_duration_p50 Δ mean agg_http_req_duration_p95 Δ mean throughput candidate mean agg_http_req_duration_p50 candidate mean agg_http_req_duration_p95 candidate mean throughput baseline mean agg_http_req_duration_p50 baseline mean agg_http_req_duration_p95 baseline mean throughput
scenario:load:insecure-bank:iast_GLOBAL:high_load worse
[+108.475µs; +246.050µs] or [+3.822%; +8.670%]		 worse
[+303.612µs; +740.825µs] or [+3.779%; +9.222%]		 unstable
[-196.035op/s; +50.910op/s] or [-15.420%; +4.004%]		 3.015ms 8.556ms 1198.781op/s 2.838ms 8.033ms 1271.344op/s
scenario:load:insecure-bank:iast:high_load worse
[+199.306µs; +305.643µs] or [+8.127%; +12.463%]		 worse
[+175.418µs; +757.114µs] or [+2.373%; +10.244%]		 unstable
[-242.043op/s; +35.605op/s] or [-16.914%; +2.488%]		 2.705ms 7.857ms 1327.781op/s 2.452ms 7.391ms 1431.000op/s
scenario:load:insecure-bank:profiling:high_load better
[-282.877µs; -143.622µs] or [-14.618%; -7.422%]		 unstable
[-1.661ms; -0.875ms] or [-27.188%; -14.320%]		 unstable
[+165.021op/s; +613.479op/s] or [+9.276%; +34.483%]		 1.722ms 4.842ms 2168.344op/s 1.935ms 6.110ms 1779.094op/s
scenario:load:insecure-bank:no_agent:high_load better
[-84.303µs; -27.802µs] or [-7.852%; -2.590%]		 unstable
[-689.798µs; +22.891µs] or [-21.872%; +0.726%]		 unstable
[-167.468op/s; +592.530op/s] or [-4.988%; +17.650%]		 1.018ms 2.820ms 3569.625op/s 1.074ms 3.154ms 3357.094op/s
scenario:load:petclinic:no_agent:high_load worse
[+1.727ms; +3.108ms] or [+10.473%; +18.849%]		 unstable
[+1.808ms; +4.719ms] or [+6.495%; +16.950%]		 unstable
[-57.201op/s; -3.486op/s] or [-20.922%; -1.275%]		 18.908ms 31.106ms 243.062op/s 16.491ms 27.842ms 273.406op/s
Request duration reports for petclinic 
gantt
    title petclinic - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e
    dateFormat X
    axisFormat %s
section baseline
no_agent (17.064 ms) : 16895, 17233
.   : milestone, 17064,
appsec (18.379 ms) : 18192, 18566
.   : milestone, 18379,
code_origins (18.088 ms) : 17904, 18271
.   : milestone, 18088,
iast (18.182 ms) : 17999, 18366
.   : milestone, 18182,
profiling (18.06 ms) : 17884, 18236
.   : milestone, 18060,
tracing (18.031 ms) : 17848, 18213
.   : milestone, 18031,
section candidate
no_agent (19.207 ms) : 19015, 19398
.   : milestone, 19207,
appsec (18.566 ms) : 18377, 18756
.   : milestone, 18566,
code_origins (18.286 ms) : 18104, 18469
.   : milestone, 18286,
iast (18.04 ms) : 17863, 18218
.   : milestone, 18040,
profiling (18.453 ms) : 18268, 18638
.   : milestone, 18453,
tracing (17.913 ms) : 17737, 18088
.   : milestone, 17913,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 17.064 ms [16.895 ms, 17.233 ms] -
appsec 18.379 ms [18.192 ms, 18.566 ms] 1.315 ms (7.7%)
code_origins 18.088 ms [17.904 ms, 18.271 ms] 1.023 ms (6.0%)
iast 18.182 ms [17.999 ms, 18.366 ms] 1.118 ms (6.6%)
profiling 18.06 ms [17.884 ms, 18.236 ms] 996.038 µs (5.8%)
tracing 18.031 ms [17.848 ms, 18.213 ms] 966.713 µs (5.7%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 19.207 ms [19.015 ms, 19.398 ms] -
appsec 18.566 ms [18.377 ms, 18.756 ms] -640.567 µs (-3.3%)
code_origins 18.286 ms [18.104 ms, 18.469 ms] -920.34 µs (-4.8%)
iast 18.04 ms [17.863 ms, 18.218 ms] -1.166 ms (-6.1%)
profiling 18.453 ms [18.268 ms, 18.638 ms] -753.725 µs (-3.9%)
tracing 17.913 ms [17.737 ms, 18.088 ms] -1.294 ms (-6.7%)
Request duration reports for insecure-bank 
gantt
    title insecure-bank - request duration [CI 0.99] : candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.32 ms) : 1307, 1333
.   : milestone, 1320,
iast (3.196 ms) : 3152, 3240
.   : milestone, 3196,
iast_FULL (5.967 ms) : 5904, 6029
.   : milestone, 5967,
iast_GLOBAL (3.607 ms) : 3551, 3662
.   : milestone, 3607,
profiling (2.556 ms) : 2531, 2582
.   : milestone, 2556,
tracing (1.903 ms) : 1887, 1919
.   : milestone, 1903,
section candidate
no_agent (1.236 ms) : 1224, 1248
.   : milestone, 1236,
iast (3.45 ms) : 3405, 3495
.   : milestone, 3450,
iast_FULL (6.156 ms) : 6093, 6219
.   : milestone, 6156,
iast_GLOBAL (3.829 ms) : 3763, 3895
.   : milestone, 3829,
profiling (2.083 ms) : 2065, 2101
.   : milestone, 2083,
tracing (1.924 ms) : 1907, 1941
.   : milestone, 1924,
Loading
  • baseline results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.32 ms [1.307 ms, 1.333 ms] -
iast 3.196 ms [3.152 ms, 3.24 ms] 1.876 ms (142.2%)
iast_FULL 5.967 ms [5.904 ms, 6.029 ms] 4.647 ms (352.1%)
iast_GLOBAL 3.607 ms [3.551 ms, 3.662 ms] 2.287 ms (173.3%)
profiling 2.556 ms [2.531 ms, 2.582 ms] 1.237 ms (93.7%)
tracing 1.903 ms [1.887 ms, 1.919 ms] 583.386 µs (44.2%)
  • candidate results
Variant Request duration [CI 0.99] Δ no_agent
no_agent 1.236 ms [1.224 ms, 1.248 ms] -
iast 3.45 ms [3.405 ms, 3.495 ms] 2.214 ms (179.1%)
iast_FULL 6.156 ms [6.093 ms, 6.219 ms] 4.92 ms (398.1%)
iast_GLOBAL 3.829 ms [3.763 ms, 3.895 ms] 2.593 ms (209.8%)
profiling 2.083 ms [2.065 ms, 2.101 ms] 846.693 µs (68.5%)
tracing 1.924 ms [1.907 ms, 1.941 ms] 687.812 µs (55.7%)

Dacapo

Parameters

Baseline Candidate
baseline_or_candidate baseline candidate
git_branch master community-pr-10671
git_commit_date 1776432673 1776440287
git_commit_sha c13e821 31256a0
release_version 1.62.0-SNAPSHOT~c13e82148e 1.62.0-SNAPSHOT~31256a0f08
See matching parameters
Baseline Candidate
application biojava biojava
ci_job_date 1776442952 1776442952
ci_job_id 1606373936 1606373936
ci_pipeline_id 108274271 108274271
cpu_model Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz
kernel_version Linux runner-zfyrx7zua-project-304-concurrent-1-5rma4vug 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux Linux runner-zfyrx7zua-project-304-concurrent-1-5rma4vug 6.8.0-1031-aws #33~22.04.1-Ubuntu SMP Thu Jun 26 14:22:30 UTC 2025 x86_64 x86_64 x86_64 GNU/Linux

Summary

Found 0 performance improvements and 0 performance regressions! Performance is the same for 10 metrics, 2 unstable metrics.

Execution time for tomcat 
gantt
    title tomcat - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e
    dateFormat X
    axisFormat %s
section baseline
no_agent (1.486 ms) : 1474, 1498
.   : milestone, 1486,
appsec (3.82 ms) : 3597, 4043
.   : milestone, 3820,
iast (2.263 ms) : 2193, 2332
.   : milestone, 2263,
iast_GLOBAL (2.305 ms) : 2235, 2374
.   : milestone, 2305,
profiling (2.104 ms) : 2049, 2159
.   : milestone, 2104,
tracing (2.071 ms) : 2018, 2125
.   : milestone, 2071,
section candidate
no_agent (1.486 ms) : 1474, 1497
.   : milestone, 1486,
appsec (3.833 ms) : 3609, 4056
.   : milestone, 3833,
iast (2.265 ms) : 2195, 2334
.   : milestone, 2265,
iast_GLOBAL (2.314 ms) : 2244, 2384
.   : milestone, 2314,
profiling (2.51 ms) : 2298, 2722
.   : milestone, 2510,
tracing (2.078 ms) : 2024, 2131
.   : milestone, 2078,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.486 ms [1.474 ms, 1.498 ms] -
appsec 3.82 ms [3.597 ms, 4.043 ms] 2.334 ms (157.1%)
iast 2.263 ms [2.193 ms, 2.332 ms] 776.394 µs (52.2%)
iast_GLOBAL 2.305 ms [2.235 ms, 2.374 ms] 818.395 µs (55.1%)
profiling 2.104 ms [2.049 ms, 2.159 ms] 617.667 µs (41.6%)
tracing 2.071 ms [2.018 ms, 2.125 ms] 585.282 µs (39.4%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 1.486 ms [1.474 ms, 1.497 ms] -
appsec 3.833 ms [3.609 ms, 4.056 ms] 2.347 ms (158.0%)
iast 2.265 ms [2.195 ms, 2.334 ms] 779.036 µs (52.4%)
iast_GLOBAL 2.314 ms [2.244 ms, 2.384 ms] 828.9 µs (55.8%)
profiling 2.51 ms [2.298 ms, 2.722 ms] 1.024 ms (68.9%)
tracing 2.078 ms [2.024 ms, 2.131 ms] 592.072 µs (39.9%)
Execution time for biojava 
gantt
    title biojava - execution time [CI 0.99] : candidate=1.62.0-SNAPSHOT~31256a0f08, baseline=1.62.0-SNAPSHOT~c13e82148e
    dateFormat X
    axisFormat %s
section baseline
no_agent (14.889 s) : 14889000, 14889000
.   : milestone, 14889000,
appsec (14.881 s) : 14881000, 14881000
.   : milestone, 14881000,
iast (18.001 s) : 18001000, 18001000
.   : milestone, 18001000,
iast_GLOBAL (18.222 s) : 18222000, 18222000
.   : milestone, 18222000,
profiling (14.928 s) : 14928000, 14928000
.   : milestone, 14928000,
tracing (15.32 s) : 15320000, 15320000
.   : milestone, 15320000,
section candidate
no_agent (15.735 s) : 15735000, 15735000
.   : milestone, 15735000,
appsec (14.637 s) : 14637000, 14637000
.   : milestone, 14637000,
iast (18.441 s) : 18441000, 18441000
.   : milestone, 18441000,
iast_GLOBAL (18.064 s) : 18064000, 18064000
.   : milestone, 18064000,
profiling (15.084 s) : 15084000, 15084000
.   : milestone, 15084000,
tracing (14.86 s) : 14860000, 14860000
.   : milestone, 14860000,
Loading
  • baseline results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 14.889 s [14.889 s, 14.889 s] -
appsec 14.881 s [14.881 s, 14.881 s] -8.0 ms (-0.1%)
iast 18.001 s [18.001 s, 18.001 s] 3.112 s (20.9%)
iast_GLOBAL 18.222 s [18.222 s, 18.222 s] 3.333 s (22.4%)
profiling 14.928 s [14.928 s, 14.928 s] 39.0 ms (0.3%)
tracing 15.32 s [15.32 s, 15.32 s] 431.0 ms (2.9%)
  • candidate results
Variant Execution Time [CI 0.99] Δ no_agent
no_agent 15.735 s [15.735 s, 15.735 s] -
appsec 14.637 s [14.637 s, 14.637 s] -1.098 s (-7.0%)
iast 18.441 s [18.441 s, 18.441 s] 2.706 s (17.2%)
iast_GLOBAL 18.064 s [18.064 s, 18.064 s] 2.329 s (14.8%)
profiling 15.084 s [15.084 s, 15.084 s] -651.0 ms (-4.1%)
tracing 14.86 s [14.86 s, 14.86 s] -875.0 ms (-5.6%)

@mcculls mcculls requested review from a team as code owners April 17, 2026 15:46
@mcculls mcculls added comp: core Tracer core comp: debugger Dynamic Instrumentation comp: asm iast Application Security Management (IAST) comp: crash tracking Crash Tracking type: bug Bug report and fix tag: community Community contribution labels Apr 17, 2026
bric3
bric3 approved these changes Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@bric3 bric3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for looking into that PR :)

@mcculls
Copy link
Copy Markdown
Contributor Author

mcculls commented Apr 17, 2026
edited
Loading

I think we should add String.getBytes(no args) to the forbidden APIs list.

agree: 31256a0

@mcculls mcculls added this pull request to the merge queue Apr 17, 2026
@dd-octo-sts
Copy link
Copy Markdown
Contributor

dd-octo-sts Bot commented Apr 17, 2026

/merge

@gh-worker-devflow-routing-ef8351
Copy link
Copy Markdown

gh-worker-devflow-routing-ef8351 Bot commented Apr 17, 2026
edited
Loading

View all feedbacks in Devflow UI.

2026-04-17 17:10:47 UTC ℹ️ Start processing command /merge

2026-04-17 17:10:52 UTC ℹ️ MergeQueue: pull request added to the queue

The expected merge time in master is approximately 2h (p90).

2026-04-17 18:25:10 UTC ℹ️ MergeQueue: This merge request was merged

@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Apr 17, 2026
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot merged commit d149028 into master Apr 17, 2026
586 of 592 checks passed
@gh-worker-dd-mergequeue-cf854d gh-worker-dd-mergequeue-cf854d Bot deleted the community-pr-10671 branch April 17, 2026 18:25
@github-actions github-actions Bot added this to the 1.62.0 milestone Apr 17, 2026
@mcculls mcculls mentioned this pull request Apr 17, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dougqh dougqh dougqh approved these changes

@bric3 bric3 bric3 approved these changes

@evanchooly evanchooly Awaiting requested review from evanchooly evanchooly is a code owner automatically assigned from DataDog/debugger-java

@manuel-alvarez-alvarez manuel-alvarez-alvarez Awaiting requested review from manuel-alvarez-alvarez manuel-alvarez-alvarez is a code owner automatically assigned from DataDog/asm-java

@claponcet claponcet Awaiting requested review from claponcet claponcet is a code owner automatically assigned from DataDog/asm-java

Assignees

No one assigned

Labels

comp: asm iast Application Security Management (IAST) comp: core Tracer core comp: crash tracking Crash Tracking comp: debugger Dynamic Instrumentation tag: community Community contribution type: bug Bug report and fix

Projects

None yet

Milestone

1.62.0

Development

Successfully merging this pull request may close these issues.

4 participants

@mcculls @dougqh @bric3 @saravadeo