Benchmark
Because Suhosin adds additional security hardening checks all over the PHP code tree there have been questions about their speed impact.
Testsystem
- CPU: Intel(R) Pentium(R) 4 CPU 2.80GHz
- RAM: 512 MB
- PHP 5.1.5
- Suhosin-Patch 0.9.0 - BETA in default configuration
- Suhosin-Extension 0.9.0 - BETA in default configuration
Benchmark: bench.php
The Zend engine comes with a little benchmark script called bench.php that was used to retrieve the following numbers. When looking at the numbers, keep in mind, that this kind of benchmark does not show the real speed impact on PHP web-applications.
| Test | Plain | Plain + EXT | Patched | Patched + EXT |
|---|---|---|---|---|
| simple | 0.385 | 0.387 | 0.392 | 0.380 |
| simplecall | 0.581 | 0.623 | 0.589 | 0.700 |
| simpleucall | 0.861 | 0.863 | 0.874 | 1.012 |
| simpleudcall | 1.007 | 0.995 | 1.035 | 1.230 |
| mandel | 1.228 | 1.175 | 1.223 | 1.109 |
| mandel2 | 1.464 | 1.471 | 1.543 | 1.501 |
| ackermann(7) | 1.110 | 1.157 | 1.195 | 1.268 |
| ary(50000) | 0.097 | 0.097 | 0.104 | 0.103 |
| ary2(50000) | 0.087 | 0.087 | 0.107 | 0.106 |
| ary3(2000) | 0.715 | 0.728 | 1.037 | 0.788 |
| fibo(30) | 2.463 | 2.571 | 2.518 | 2.846 |
| hash1(50000) | 0.154 | 0.161 | 0.146 | 0.162 |
| hash2(500) | 0.132 | 0.130 | 0.127 | 0.129 |
| heapsort(20000) | 0.396 | 0.391 | 0.402 | 0.398 |
| matrix(20) | 0.323 | 0.322 | 0.329 | 0.332 |
| nestedloop(12) | 0.652 | 0.659 | 0.646 | 0.650 |
| sieve(30) | 0.489 | 0.495 | 0.539 | 0.531 |
| strcat(200000) | 0.096 | 0.080 | 0.077 | 0.075 |
| Total | 12.239 | 12.391 | 12.882 | 13.322 |
The resulttable means, that PHP with Suhosin-Patch and the Extension is 8.84% slower in the overall benchmark. However this test shows that the greates speed impact of the protection is in the tests that use alot of recursive function calls. In real world web applications it is unlikely that you have several million of function calls, therefore the speed impact will be lower than 8.84%.