perf: avoid stack allocation and make use of switch to select behavior on rule matching strategy

Signed-off-by: Lorenzo Susini <susinilorenzo1@gmail.com>
2025-08-05 16:25:51 +00:00 · 2023-08-08 10:52:11 +00:00 · 2023-08-08 10:52:11 +00:00 · 6acd924c50
commit 6acd924c50
parent 1705c0dab3
2 changed files with 15 additions and 11 deletions
--- a/userspace/engine/falco_engine.cpp
+++ b/userspace/engine/falco_engine.cpp
@ -388,21 +388,28 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
 		return nullptr;
 	}
-	if (m_rule_matching == falco_common::rule_matching::ALL)
+	switch (m_rule_matching)
 	{
 	case falco_common::rule_matching::ALL:
 		if (source->m_rules.size() > 0)
 		{
 			source->m_rules.clear();
 		}
 		if (!source->ruleset->run(ev, source->m_rules, ruleset_id))
 		{
 			return nullptr;
 		}
-	}
+		break;
-	else if (m_rule_matching == falco_common::rule_matching::FIRST)
+	case falco_common::rule_matching::FIRST:
 		if (source->m_rules.size() != 1)
 		{
-		falco_rule rule;
+			source->m_rules.resize(1);
-		if (!source->ruleset->run(ev, rule, ruleset_id))
+		}
 		if (!source->ruleset->run(ev, source->m_rules[0], ruleset_id))
 		{
 			return nullptr;
 		}
-		source->m_rules.push_back(rule);
+		break;
 	}
 	auto res = std::make_unique<std::vector<falco_engine::rule_result>>();
@ -420,10 +427,6 @@ std::unique_ptr<std::vector<falco_engine::rule_result>> falco_engine::process_ev
 		res->push_back(rule_result);
 	}
 	if (source->m_rules.size() > 0)
 	{
 		source->m_rules.clear();
 	}
 	return res;
 }
--- a/userspace/falco/configuration.cpp
+++ b/userspace/falco/configuration.cpp
@ -38,6 +38,7 @@ falco_configuration::falco_configuration():
 	m_notifications_rate(0),
 	m_notifications_max_burst(1000),
 	m_watch_config_files(true),
 	m_rule_matching(falco_common::rule_matching::FIRST),
 	m_buffered_outputs(false),
 	m_time_format_iso_8601(false),
 	m_output_timeout(2000),