On Tue, Dec 6, 2022 at 12:56 PM Andrii Nakryiko <andrii.nakry...@gmail.com> wrote: > > On Tue, Dec 6, 2022 at 10:06 AM Gary Buhrmaster > > <gary.buhrmaster(a)gmail.com> wrote: > > > > My full comment in that blog post is: > > > > "We need a proper study of performance and code size to understand the > > magnitude of the impact created by _FORTIFY_SOURCE=3 additional > > runtime code generation. However the performance and code size > > overhead may well be worth it due to the magnitude of improvement in > > security coverage." > > > > To elaborate, I think the performance and code size study is an > > interesting academic concern, but the magnitude of improvement > > justifies whatever little performance impact this may introduce and it > > should not be a blocker for the improvement. > > It's interesting how now it's just an academic concern. Please hold yourself > to at least the standards set for https://pagure.io/fesco/issue/2817 in terms > of benchmarking and persuading everyone that performance degradation across > entire ecosystem is not a concern. >
I don't think the two are comparable at all, neither in terms of potential performance impact (register pressure across an entire program vs at specific API call points in some unique cases) nor in terms of the benefits it provides. Thanks, Sid _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue