On Tue, Dec 6, 2022 at 12:56 PM Andrii Nakryiko
<andrii.nakryiko(a)gmail.com> wrote:
> On Tue, Dec 6, 2022 at 10:06 AM Gary Buhrmaster
> <gary.buhrmaster(a)gmail.com> wrote:
>
> My full comment in that blog post is:
>
> "We need a proper study of performance and code size to understand the
> magnitude of the impact created by _FORTIFY_SOURCE=3 additional
> runtime code generation. However the performance and code size
> overhead may well be worth it due to the magnitude of improvement in
> security coverage."
>
> To elaborate, I think the performance and code size study is an
> interesting academic concern, but the magnitude of improvement
> justifies whatever little performance impact this may introduce and it
> should not be a blocker for the improvement.
It's interesting how now it's just an academic concern. Please hold yourself to
at least the standards set for
https://pagure.io/fesco/issue/2817 in terms of benchmarking
and persuading everyone that performance degradation across entire ecosystem is not a
concern.
I don't think the two are comparable at all, neither in terms of
potential performance impact (register pressure across an entire
program vs at specific API call points in some unique cases) nor in
terms of the benefits it provides.
Thanks,
Sid