Expanding the list of "Hardened Packages"

Dhiru Kholia dhiru.kholia at gmail.com
Mon Apr 15 07:41:57 UTC 2013 

On 04/05/13 at 04:16pm, Jakub Jelinek wrote:
> On Fri, Apr 05, 2013 at 07:31:55PM +0530, Dhiru Kholia wrote:
> > I repeated the benchmarks (mentioned in the above bug report) for
> > Firefox 20.0 running on Fedora 18 64-bit.
>
> Firefox as benchmark doesn't look like a good idea (and I'm really surprised
> that we don't compile it as PIE, I thought we've been doing that for years).
> The special thing on firefox is that it is really tiny binary (< 64K of
> .text) with almost no libraries linked directly (just -lc, -ldl, -lstdc++,
> -lpthread and their dependencies (-lm, -lgcc_s)), so indeed the relocation
> processing isn't very expensive (only ~ 130 relocations) before reaching
> main and prelink can't make it significantly faster. ...

I see the problem with using Firefox as a benchmark now.

So I started looking for more suitable applications to benchmark and
came across Gimp.

$ ldd /usr/bin/gimp-2.8 | wc -l
77

$ du -hs /usr/bin/gimp-2.8
5.8M    /usr/bin/gimp-2.8

Looks good to use as a benchmark?

I ran some benchmarks on various builds of Gimp. Please note that the
F18 upstream build has PIE enabled.

The benchmarking steps are described at https://github.com/kholia/gimp-bench

My Results
==========

~ 39.160s ==> upstream my build
~ 39.750s ==> upstream stock build
~ 40.850s ==> "non-PIE" my build

The PIE version turns out to be a bit faster. This seems weird and I
can't explain it.

Grant repeated the tests independently and his results are below,

Grant's Results
===============

(No PIE)

[gm at localhost gimp-bench]$ time ./launch.sh
batch command executed successfully

real    2m13.267s
user    1m25.577s
sys     0m46.474s

(PIE)

[gm at localhost gimp-bench]$ time ./launch.sh
batch command executed successfully

real    2m4.328s
user    1m22.506s
sys     0m44.958s

PIE build is faster than the non-PIE build (again!) it seems.

...

These results are weird and I can't explain them. Do you have any
insights on why the PIE build of Gimp is faster than the non-PIE build?

--
Dhiru

More information about the devel mailing list