Over a million developers have joined DZone.

How to Speed Up Apache Xalan’s XPath Processor by a Factor of 10

DZone's Guide to

How to Speed Up Apache Xalan’s XPath Processor by a Factor of 10

· Performance Zone ·
Free Resource

Sensu is an open source monitoring event pipeline. Try it today.

There has been a bit of an awkward bug in Apache Xalan for a while now, and that bug is XALANJ-2540. The effect of this bug is that an internal SPI configuration file is loaded by Xalan thousands of times per XPath expression evaluation, which can be measured easily as such:

Element e = (Element)
String result = ((Element) e).getTextContent();

Which seems to be an incredible 100 times faster than this:

// Accounts for 30%, can be cached
XPathFactory factory = XPathFactory.newInstance();
// Negligible
XPath xpath = factory.newXPath();
// Negligible
XPathExpression expression =
// Accounts for 70%
String result = (String) expression
  .evaluate(document, XPathConstants.STRING);

It can be seen that every one of the 10,000 test XPath evaluations led to the classloader trying to look up the DTMManager instance in some sort of default configuration. This configuration is not loaded into memory but accessed every time. Furthermore, this access seems to be protected by a lock on the ObjectFactory.class itself. When the access fails (by default), then the configuration is loaded from the xalan.jar file’s configuration file:


Every time!

A profiling session on Xalan

Fortunately, this behavior can be overridden by specifying a JVM parameter like this:


or this:


The above works, as this will allow bypassing the expensive work in lookUpFactoryClassName() if the factory class name is the default anyway:

// Code from c.s.o.a.xml.internal.dtm.ObjectFactory
static String lookUpFactoryClassName(
       String factoryId,
       String propertiesFilename,
       String fallbackClassName) {
  SecuritySupport ss = SecuritySupport
  try {
    String systemProp = ss
    if (systemProp != null) {
      // Return early from the method
      return systemProp;
  } catch (SecurityException se) {
  // [...] "Heavy" operations later


The above text is an extract from a Stack Overflow question and answer that I contributed to the public a while ago. I’m posting it again, here on my blog, such that the community’s awareness for this rather heavy bug can be raised. Feel free to upvote on this ticket here, as every Sun/Oracle JDK on this planet is affected:


Contributing a fix to Apache would be even better, of course …

Sensu: workflow automation for monitoring. Learn more—download the whitepaper.


Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}