| |||||||||||||
|
| |||||||||||||
Security-improving technologies which could be deployed nowSecurity-improving technologies which could be deployed nowPosted Oct 21, 2004 19:51 UTC (Thu) by bluefoxicy (guest, #25366)In reply to: Security-improving technologies which could be deployed now by garloff Parent article: Security-improving technologies which could be deployed now
"Unfortunately, this happens on compute intensive tasks where you really
icebox ~ # file /lib/libz.so.1.2.1
This isn't PIE; these are shared libraries, which on all systems are PIC. Notice that much if not most or almost all heavy lifting--compression, multimedia encoding/decoding, networking operations, X graphics card drivers, X extensions such as composite and glx and even MESA SW GL, window drawing toolkits such as GTK or QT--are all libraries. Libraries are all shared objects, which are PIC.
PIE (Position Independent Executables) are just PIC executables, i.e. things in */bin.
icebox ~ # file /bin/bzip2
So unfortunately the overhead happens in the most critical places anyway.
As for eating 1%-20%, microbenchmarks are cute but useless. They're theoretical maximums; but as illustrated here, the heavy lifting is done where you can't avoid them.
I got closer to 5% when testing with -fomit-frame-pointer; however, the difference between '-fomit-framepointer -fPIC' and neither is still 1%. It appears that the gains of -fomit-frame-pointer are lost completely with -fPIC, *and* the normal overhead of -fPIC is added, creating an illusionary 5-6% overhead.
(Log in to post comments)
|
|
||||||||||||