On Sun, May 24, 2020 at 10:14:49PM +0200, Stefan Weil wrote:
> Adrian, I am afraid that there is a misunderstanding.
>
> The code part which is compiled with -march=native is never executed by
> default.
I get that point.
> There is a command line option which allows users to select the code
> which is used for certain time critical calculations (dot product). A
> wrong choice is not a security problem
You misunderstand the part about the security update,
security updates are just the most common reason why
a package gets updated (and therefore rebuilt) in a
stable distribution.
Example:
Debian 11 will be released in summer 2021.
In autumn 2021 a user sets up a new system and selects "native"
for an important production setup with an Intel CPU.
In spring 2022 a (security or other) update for Tesseract happens
in Debian 11, built on a buildd with the latest AMD CPU.
The working production setup suddenly always crashes.
> That's quite common for other packages including the standard C
> library and scientific libraries, too. They all contain optimized
> functions which require certain hardware and which crash otherwise.
With proper runtime autodetection of the hardware, if you manage to get
a crash it is a bug in these packages. It is quite rare that packages
offer manual selection in addition to autodetection.
> but simply will crash the
> application, no matter whether the user selected "native", "avx" or
> "neon".
Even when built on the same computer I would have doubts whether
automatic vectorization[1] of the trivial C code really beats the
hand-written AVX2 code, but when the code is not even built for
the computer in question what's the point?
A "native" option meaning "some random buildd somewhere" is just
confusing, it doesn't make sense for distributions.
> Regards
>
> Stefan
cu
Adrian
[1] if it happens at all, the Debian package build currently overwrites
the -O3 with a subsequent -O2
