GCC 4.8.3+ Does anybody aware of Stack Smashing Protection ?

Laurent Bourgès bourges.laurent at gmail.com
Tue Jun 9 17:28:47 UTC 2015


I wonder if it affects the release builds too on my laptop ?

I have Ubuntu 14.4 with gcc 4.8.4. I ran gcc -Q -help=common but it said
fstack-protector is disabled.

I am running map rendering benchmarks comparing ductus, pisces and Marlin,
a new fast renderer (I am contributing to OpenJDK 9).

I am experiencing my openjdk9 build is a bit slower than oracle jdk8 ~ 5% !

I will try adding f-no-stack-protection to my custom CFLAGS to check any

Le 5 juin 2015 21:34, "Dmitry Samersoff" <dmitry.samersoff at oracle.com> a
écrit :

> Hi Everybody,
> I'm not sure it affects hotspot but should we care about it?
> FYI:
> Beginning with GCC 4.8.3, Stack Smashing Protection (SSP) will be
> enabled by default.  The 4.8 series will enable -fstack-protector
> while 4.9 and later enable -fstack-protector-strong.
> SSP is a security feature that attempts to mitigate stack-based buffer
> overflows by placing a canary value on the stack after the function
> return pointer and checking for that value before the function returns.
> If a buffer overflow occurs and the canary value is overwritten, the
> program aborts.
> There is a small performance cost to these features.  They can be
> disabled with -fno-stack-protector.
> For more information these options, refer to the GCC Manual, or the
> following articles.
> http://en.wikipedia.org/wiki/Buffer_overflow_protection
> http://en.wikipedia.org/wiki/Stack_buffer_overflow
> https://securityblog.redhat.com/tag/stack-protector
> http://www.outflux.net/blog/archives/2014/01/27/fstack-protector-strong
> -Dmitry
> --
> Dmitry Samersoff
> Oracle Java development team, Saint Petersburg, Russia
> * I would love to change the world, but they won't give me the sources.

More information about the hotspot-dev mailing list