On Tue, Dec 6, 2022 at 12:56 PM Andrii Nakryiko <andrii.nakryiko@xxxxxxxxx> wrote: > > On Tue, Dec 6, 2022 at 10:06 AM Gary Buhrmaster > > <gary.buhrmaster(a)gmail.com> wrote: > > > > My full comment in that blog post is: > > > > "We need a proper study of performance and code size to understand the > > magnitude of the impact created by _FORTIFY_SOURCE=3 additional > > runtime code generation. However the performance and code size > > overhead may well be worth it due to the magnitude of improvement in > > security coverage." > > > > To elaborate, I think the performance and code size study is an > > interesting academic concern, but the magnitude of improvement > > justifies whatever little performance impact this may introduce and it > > should not be a blocker for the improvement. > > It's interesting how now it's just an academic concern. Please hold yourself to at least the standards set for https://pagure.io/fesco/issue/2817 in terms of benchmarking and persuading everyone that performance degradation across entire ecosystem is not a concern. > I don't think the two are comparable at all, neither in terms of potential performance impact (register pressure across an entire program vs at specific API call points in some unique cases) nor in terms of the benefits it provides. Thanks, Sid _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
