Benchmark

Because the Hardening-Patch adds additional security hardening checks all over the PHP code tree there have been questions about their speed impact.

Testsystem

  • CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
  • RAM: 512 MB
  • PHP 5.1.4
  • Hardening-Patch 0.4.11 and 0.4.12-dev in default configuration

Benchmark: bench.php

The Zend engine comes with a little benchmark script called bench.php that was used to retrieve the following numbers. When looking at the numbers, keep in mind, that this kind of benchmark does not show the real speed impact on PHP web-applications.

Test Plain 0.4.11 0.4.12
simple 0.385 0.425 0.425
simplecall 0.581 0.599 0.608
simpleucall 0.861 0.912 0.899
simpleudcall 1.007 1.020 1.004
mandel 1.228 2.045 1.232
mandel2 1.464 1.541 1.542
ackermann(7) 1.110 1.207 1.173
ary(50000) 0.097 0.104 0.104
ary2(50000) 0.087 0.104 0.103
ary3(2000) 0.715 0.885 0.794
fibo(30) 2.463 2.559 2.553
hash1(50000) 0.154 0.167 0.161
hash2(500) 0.132 0.134 0.127
heapsort(20000) 0.396 0.636 0.404
matrix(20) 0.323 0.340 0.335
nestedloop(12) 0.652 0.728 0.701
sieve(30) 0.489 0.549 0.528
strcat(200000) 0.096 0.075 0.078
Total 12.239 14.031 12.771

The resulttable means, that PHP with Hardening-Patch 0.4.11 was 14.64% slower than plain PHP in the test. However in this table you can see, that this difference was mainly caused by the 2 tests mandel and heapsort. If you leave both tests out of the evaluation 0.4.11 is only 3.08% slower. This observation resulted in a code change in zend_hash.c which improved Zend Hashtable Canary performance a lot. Hardening-Patch 0.4.12-dev is now only 4.37% slower than a plain PHP in the overall benchmark.


© Hardened PHP Project