the Chromium logo

The Chromium Projects
For Developers > Testing and infrastructure > Control Flow Integrity >

Overhead

Code Size

As of June 23 2016, code size overhead for official Chrome is about 5% for calls and 7.5% for calls and casts. The following is the binary size of official Chrome built in various configurations:

Performance

Measured performance overhead for various benchmark suites in the CFI for virtual calls only configuration:

Reproducing

The above figures were derived from official builds of r401651 of Chromium by following these instructions.

  1. Build r273760 of LLVM

  2. Fetch r401651 of Chromium and apply https://codereview.chromium.org/2099003002 to it

  3. Build three Chromium GN trees as shown below:

    $ gn args out_gn/ra_official

    $ gn args out_gn/ra_official_cfi_callonly**

    $ gn args out_gn/ra_official_cfi**

    $ cat out_gn/ra_official/args.gn**

    is_official_build = true**

    is_chrome_branded = true**

    is_debug = false**

    clang_use_chrome_plugins = false**

    clang_base_path = "/path/to/llvm/build"**

    $ cat out_gn/ra_official_cfi_callonly/args.gn**

    is_official_build = true**

    is_chrome_branded = true**

    is_debug = false**

    clang_use_chrome_plugins = false**

    clang_base_path = "/path/to/llvm/build"**

    is_cfi = true**

    use_cfi_cast = false**

    $ cat out_gn/ra_official_cfi/args.gn**

    is_official_build = true**

    is_chrome_branded = true**

    is_debug = false**

    clang_use_chrome_plugins = false**

    clang_base_path = "/path/to/llvm/build"**

    is_cfi = true**

    $ ninja -C out_gn/ra_official chrome**

    $ ninja -C out_gn/ra_official_cfi_callonly chrome**

    $ ninja -C out_gn/ra_official_cfi chrome**

    $ strip -o /tmp/chrome1

    out_gn/ra_official/chrome****

    $ stri**

    p -o /tmp/chrome2 out_gn/ra_official_cfi_callonly/chrome**

    $ strip -o /tmp/chrome3 out_gn/ra_official_cfi/chrome**

    $ ls -l /tmp/chrome[123]**

  4. Run the following shell script from the chromium/src directory to obtain performance numbers:

#!/bin/bash

for i in smoothness.top_25_smooth blink_perf.layout blink_perf.svg blink_perf.css blink_perf.dom blink_perf.paint blink_perf.canvas blink_perf.events blink_perf.parser blink_perf.bindings blink_perf.mutation blink_perf.animation blink_perf.shadow_dom blink_perf.interactive blink_perf.pywebsocket blink_perf.xml_http_request blink_perf.mutation.reference blink_perf.interactive.reference speedometer dromaeo.domcoreattr dromaeo.domcorequery dromaeo.domcoremodify dromaeo.cssqueryjquery dromaeo.jslibattrjquery dromaeo.domcoretraverse dromaeo.jslibeventjquery dromaeo.jslibstylejquery dromaeo.jslibmodifyjquery dromaeo.jslibattrprototype dromaeo.jslibeventprototype dromaeo.jslibstyleprototype dromaeo.jslibtraversejquery dromaeo.jslibmodifyprototype dromaeo.jslibtraverseprototype browsermark octane ; do

xvfb-run -s "-screen 0 1024x768x24" ./tools/perf/run_benchmark --browser=exact --browser-executable=out_gn/ra_official/chrome --results-label=lto --pageset-repeat=50 $i

xvfb-run -s "-screen 0 1024x768x24" ./tools/perf/run_benchmark --browser=exact --browser-executable=out_gn/ra_official_cfi_callonly/chrome --results-label=ltocficall --pageset-repeat=50 $i

xvfb-run -s "-screen 0 1024x768x24" ./tools/perf/run_benchmark --browser=exact --browser-executable=out_gn/ra_official_cfi/chrome --results-label=ltocfi --pageset-repeat=50 $i

mv tools/perf/results.html bm-devirt6/$i.html

done