Mitigating (?) ~70 kB increase - trading off against spatial safety

22 views
Skip to first unread message

Kalvin Lee

unread,
Jun 4, 2025, 4:28:34 AMJun 4
to binar...@chromium.org
Hi folks,

We're trying to land a CL that turns on -fsanitize=array-bounds in Chromium. Predictably, this added instrumentation on every C-style array causes a big regression in binary size (see the CL or the SuperSize dashboard - n.b. only patchset 1 is relevant).

We wrote a brief about this, including a note on how to slap on a "opt this out" for perf / binary size savings.

We looked briefly at mitigating this in Skia, but didn't turn up anything wide-ranging. Unfortunately, the top regressor in Skia (<1 kB on its own) exemplifies the worst of both worlds, where temporary C-style arrays are passed around by pointer (plus size) a fair bit, granting them no protection while still taking the binary size hit.

Any thoughts on what we could do? We don't want to just slap "opt this out" on everything under third_party/, but if we had a better idea of what to target, we could hold back some of the bloat.

Thanks,
Kalvin

Daniel Cheng

unread,
Jun 4, 2025, 4:59:44 AMJun 4
to Kalvin Lee, binar...@chromium.org
70KB across the entire product doesn't seem like a lot. libc++ hardening cost ~200KB.

However, we did find that while libc++ hardening didn't really have a perf effect on most components, the places where it did have a noticeable effect had a correlation with the places that saw the size increases: see https://docs.google.com/document/d/188YmDEFq8K8Js12fGd4X4bS-ZpFt-GzCqTo6lOeLYhQ/edit?usp=sharing (sorry this doc is internal).

It's probably worth spending a bit of time checking Skia-specific and other media decoding-specific benchmarks if these exist.

Daniel



--
You received this message because you are subscribed to the Google Groups "binary-size" group.
To unsubscribe from this group and stop receiving emails from it, send an email to binary-size...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/binary-size/CAOP0%2BRhCOyuoqZsn%3DFZuS-tHq8ze5k_ZTW_QsozWNFQzhEjVbQ%40mail.gmail.com.

Nico Weber

unread,
Jun 4, 2025, 9:14:55 AMJun 4
to Daniel Cheng, Kalvin Lee, binar...@chromium.org
I agree that 70 KB for this feature isn't worth spending much time on for -fsanitize=array-bounds. If other things don't regress (your doc looks like they don't), I'd say just turn it on and add a CL footer that we deem the 70 KB size cost acceptable.

To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/binary-size/CAF3XrKqzy4V58aQE7sn%3DJ-4n1DQUsq5U-9nt-Ehyik_jtqaeOw%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages