OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: Buffer Overflows
From: Douglas Ostling (quasiquasisoft.com)
Date: Thu Apr 27 2000 - 16:16:04 CDT

On Thu, 27 Apr 2000, Crispin Cowan wrote:

> The performance costs are substantial: a pointer-intensive program (ijk
> matrix multiply) experienced 30X slowdown, Since slowdown is
> proportionate to pointer usage, which is quite common in privileged
> programs, this performance penalty is particularly unfortunate. The

You failed to read the updated web page. The section I am referring to
is the following, from http://www-ala.doc.ic.ac.uk/~phjk/BoundsChecking.html:

Performance

     * nfib (dumb doubly-recursive Fibonacci): no slowdown.
          + Execution time: same.
          + Compile-time: slowdown of 3 (very small)
          + Executable size: much larger due to inclusion of library.

> compiler did not appear to be mature; complex programs such as elm failed
> to execute when compiled with this compiler. However, an updated version
> of the compiler is being maintained [39], and it can compile and run at
> least portions of the SSH software encryption package. Throughput
> experiments with the updated compiler and software encryption using SSH
> showed a 12X slowdown [32] (see Section 3.4.2 for comparison).

There is also a patch for the latest version of the compiler at
http://web.inter.nl.net/hcc/Haj.Ten.Brugge with improvements, which I
don't think you have tested on SSH software yet.

With regards,

Douglas Ostling, Internet Entrepreneur
   ----> quasiquasisoft.com <----