build: add -Wa,-mbranches-within-32B-boundaries compiler flag #5267
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lrstewart
reviewed
Apr 23, 2025
goatgoose
reviewed
Apr 23, 2025
goatgoose
reviewed
Apr 23, 2025
johubertj
requested review from
goatgoose and
lrstewart
and removed request for
dougch
goatgoose
approved these changes
Apr 25, 2025
goatgoose
reviewed
Apr 25, 2025
lrstewart
approved these changes
Apr 25, 2025
goatgoose
approved these changes
Apr 28, 2025
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of changes:
Add support for the
-Wa,-mbranches-within-32B-boundariescompiler flag to reduce conditional branch alignment penalties on modern x86 microarchitectures. This flag was recommended to be added to s2n-tls by researchers (Annika Wilde, Samira Briongos, Claudio Soriente, and Ghassan Karame) from Ruhr University Bochum.This PR introduces:
S2N_BRANCH_ALIGNto detect whether the current compiler supports the flag.Call-outs:
This change aligns with Intel's guidance to mitigate conditional branch alignment issues on modern x86 microarchitectures. See: Intel Mitigations for Jump Conditional Code Erratum (INTEL-841076)
Testing:
Benchmarks were run locally on an x86_64 machine using:
cargo bench --bench handshakeTested 5 handshake types, running each 3 times. First, I commented out the line that adds the compiler flag and recompiled. Then, I re-enabled the flag, recompiled, and ran the benchmarks again for comparison.
Result: No performance regression (based on execution time) was observed with the flag enabled vs disabled. Performance remained within normal variance range.
To safely apply this flag:
To confirm that the
-Wa,-mbranches-within-32B-boundariesflag was applied on the Rust side (build.rs), I addedCC_ENABLE_DEBUG_OUTPUT=1and-vvto the asan-unit-tests CI job. This exposed the final compiler command in the logs.Link to CI output showing flag
To confirm the flag is applied on the CMake side, I updated the build command in buildspec_mem.yml to use verbose mode (--verbose --clean-first).
-Wa,-mbranches-within-32B-boundariesis on line 1326 of the following CodeBuild job:s2nGeneralBatch:8a50d464-55dd-46b4-ab16-6a9ca1f8346c (line 1326)