Benchmark
Because the Hardening-Patch adds additional security hardening checks all over the PHP code tree there have been questions about their speed impact.
Testsystem
- CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
- RAM: 512 MB
- PHP 5.1.4
- Hardening-Patch 0.4.11 and 0.4.12-dev in default configuration
Benchmark: bench.php
The Zend engine comes with a little benchmark script called bench.php that was used to retrieve the following numbers. When looking at the numbers, keep in mind, that this kind of benchmark does not show the real speed impact on PHP web-applications.
| Test | Plain | 0.4.11 | 0.4.12 |
|---|---|---|---|
| simple | 0.385 | 0.425 | 0.425 |
| simplecall | 0.581 | 0.599 | 0.608 |
| simpleucall | 0.861 | 0.912 | 0.899 |
| simpleudcall | 1.007 | 1.020 | 1.004 |
| mandel | 1.228 | 2.045 | 1.232 |
| mandel2 | 1.464 | 1.541 | 1.542 |
| ackermann(7) | 1.110 | 1.207 | 1.173 |
| ary(50000) | 0.097 | 0.104 | 0.104 |
| ary2(50000) | 0.087 | 0.104 | 0.103 |
| ary3(2000) | 0.715 | 0.885 | 0.794 |
| fibo(30) | 2.463 | 2.559 | 2.553 |
| hash1(50000) | 0.154 | 0.167 | 0.161 |
| hash2(500) | 0.132 | 0.134 | 0.127 |
| heapsort(20000) | 0.396 | 0.636 | 0.404 |
| matrix(20) | 0.323 | 0.340 | 0.335 |
| nestedloop(12) | 0.652 | 0.728 | 0.701 |
| sieve(30) | 0.489 | 0.549 | 0.528 |
| strcat(200000) | 0.096 | 0.075 | 0.078 |
| Total | 12.239 | 14.031 | 12.771 |
The resulttable means, that PHP with Hardening-Patch 0.4.11 was 14.64% slower than plain PHP in the test. However in this table you can see, that this difference was mainly caused by the 2 tests mandel and heapsort. If you leave both tests out of the evaluation 0.4.11 is only 3.08% slower. This observation resulted in a code change in zend_hash.c which improved Zend Hashtable Canary performance a lot. Hardening-Patch 0.4.12-dev is now only 4.37% slower than a plain PHP in the overall benchmark.
