Home/ Questions/Q 6113057
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-23T14:48:55+00:00

I was recently surprised to note that compiling with /GS (Enable buffer security check)

  • 0

I was recently surprised to note that compiling with /GS (Enable buffer security check) in MSVC++ 2010 seems to have a non-negligible effect on run-time performance in some cases. Has anyone else had this experience??

For a large scientific-style application (a mesh generation library) it seems that compiling with /GS- can lead to almost 10% improvements in run-time for several of the large benchmarks in my test suite ("large" being >= 1 second worth of run-time). /GS is on by default at all levels of optimisation in MSVC++ 2010.

I must admit that I’d never paid too much attention to this option before, and I’m wanting a bit of clarification as to what it actually does. The online documentation seems to talk extensively about string buffers, but since I don’t use string or char[] buffers anywhere I must be missing something.

This paragraph (from the online doc) seems to indicate that the performance degradation I’m seeing is a bit unusual:

A performance tradeoff for using
security checks in an application must
be made. The Visual C++ compiler team
focused on making the performance
degradation small. In most cases, the
performance should not degrade more
than 2 percent. In fact, experience
has shown that most applications,
including high-performance server
applications, have not noticed any
performance impact.

Of course I can just turn it off, and get faster code, but I want to understand the implications before I do that.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    /GS adds code that tries to detect if a write overrun or similar stack attack has happend during a function, and to stop execution after a write overrun. The patterns that it aims to find are ones that have been seen in real-world attacks. There are a bunch of real world security bulletins that would not have happened if today’s /GS had been in use at the time.

    In this case a write overrun can happen on structures, arrays and various other entities. Changes and improvements to /GS are made in each version of VS. More /GS protection generally has cost, although in some cases newer VS may have learnt how to do the same protection cheaper.

    I’d recommend leaving /GS on unless your code doesn’t ship to others – generally the protection is worth the cost; at most you might choose to disable it for specific functions where there is no risk and high impact – just as you might hand-optimise the most critical parts of your program in other ways.

    Martyn

    • 0