Re: Turning on stack protection by default

[Matthias Scheler <tron%zhadum.org.uk@localhost>]

On Fri, Oct 23, 2009 at 01:47:54AM +0100, Mindaugas Rasiukevicius wrote:
> > Considering that this feature helps finding bugs and increases system
> > security I would like to suggest to turn in on by default on these
> > two NetBSD ports.
> 
> Can you provide some numbers how it affects performance?

I've attached a little test program which is very recursive.(*)
Where are the results on my NetBSD/amd64 5.0_STABLE system
which is driven by a ÌXen 3040 CP running at 1.83GHz:

tron@colwyn:~>gcc fib.c -Wall -O2 -o fib  
tron@colwyn:~>time ./fib 42
42 -> 267914296
./fib 42  14.07s user 0.00s system 99% cpu 14.119 total
tron@colwyn:~>gcc fib.c -fstack-protector-all -Wstack-protector -Wall -O2 -o 
fib 
tron@colwyn:~>time ./fib 42
42 -> 267914296
./fib 42  15.07s user 0.00s system 98% cpu 15.261 total

That is 8% overhead in a program which I believe gets affected particular
bad by enabling stack protection.

        Kind regards

(*) Yes, this can be done much more efficient. The program is written
    to defeat some of GCC's optimisations and to enforce stack protection.

-- 
Matthias Scheler                                  http://zhadum.org.uk/

#include <stdio.h>
#include <stdlib.h>

static int
Fibonacci(int n)
{
        if (n > 1) {
                int f[2], i;

                n--;
                for (i = 0; i < 2; i++)
                        f[i] = Fibonacci(n - i);

                return f[0] + f[1];
        } else {
                return n;
        }
}

int
main(int argc, char **argv)
{
        int i;

        for (i = 1; i < argc; i++) {
                int n;

                if (sscanf(argv[i], "%d", &n) == 1)
                        (void)printf("%d -> %d\n", n, Fibonacci(n));
        }

        return EXIT_SUCCESS;
}