Take a sneak peek at the new NIST.gov and let us know what you think!
(Please note: some content may not be complete on the beta site.).
NIST Authors in Bold
|Author(s):||David W. Flater; William F. Guthrie;|
|Title:||A Case Study of Performance Degradation Attributable to Run-Time Bounds Checks on C++ Vector Access|
|Published:||May 22, 2013|
|Abstract:||Programmers routinely omit run-time safety checks from applications because they assume that these safety checks would degrade performance. The simplest example is the use of arrays or array-like data structures that do not enforce the constraint that indices must be within bounds. This report documents an attempt to measure the performance penalty incurred by two different implementations of bounds-checking in C and C++ using a simple benchmark and a desktop PC with a modern superscalar CPU. The benchmark consisted of a loop that wrote to array elements in sequential order. With this configuration, relative to the best performance observed for any access method in C or C++, mean degradation of only (0.881 ,± 0.009) % was measured for a standard bounds-checking access method in C++. This case study showed the need for further work to develop and refine measurement methods and to perform more comparisons of this type. Comparisons across different use cases, configurations, programming languages, and environments are needed to determine under what circumstances (if any) the performance advantage of unchecked access is actually sufficient to outweigh the negative consequences for security and software quality.|
|Citation:||Journal of Research (NIST JRES) - 118.012|
|Keywords:||C, C++, buffer overflow, bounds checking, performance, security|
|Research Areas:||Information Technology, Measurements|
|PDF version:||Click here to retrieve PDF version of paper (345KB)|