Re: Stopping buffer-overflow security exploits using page protect

From: Florian Weimer (Florian.Weimer@RUS.Uni-Stuttgart.DE)
Date: Mon Jul 31 2000 - 11:02:03 EST


Crispin Cowan <crispin@wirex.com> writes:

> > What is the level of performance hit, using bounds-checking?
>
> Highly variable. The best example of a full bounds-checking C compiler
> is the GCC enhancement here http://web.inter.nl.net/hcc/Haj.Ten.Brugge/
>
> Based on the compiler's documentation, it imposes between 3X and 30X
> slowdowns, depending on the application.

If you use a language which includes a proper array type, the overhead
isn't that huge. (With full checking, the Ada version of Dhrystone
2.1 runs approximately at 60% of the speed of the C version. This
includes full range checking on integer variables.)

> the developers) this bounds checking compiler imposes a 12X slowdown
> (1200% overhead) on SSH throughput.

Isn't that 1100% overhead? ;-)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Jul 31 2000 - 21:00:33 EST