Consider disabling hardening by default
All the apps and programs compiled by nix, by default are built with some hardening flags (even if they are not present in the cmdline of the compiler). While these flags help identify potential bugs and may introduce some security features wanted in a "normal" distribution of software, I'm not sure if we should keep them in the apps or libraries of the Garlic benchmark.
The first case of a large impact introduced by one of these flags has been observed in the issue #109 (closed) where the execution time has increased ~4X in the saiph app. This is likely to be related to a problem with the SIMD vectorizer while using the stack protector flag.
So the question is, should we disable all the hardening flags by default? If so, we will require all experiments to be re-run again.
Here is the complete list of flags enabled by default:
format: -Wformat -Wformat-security -Werror=format-security
stackprotector: -fstack-protector-strong --param ssp-buffer-size=4
fortify: -O2 -D_FORTIFY_SOURCE=2
pic: -fPIC
strictoverflow: -fno-strict-overflow
relro: -z relro
bindnow: -z bindnowIn the case of some packages (such as nanos6) we manually disable some (for example bindnow).