Description
Bug report
I am expanding BinSkim to check for some performance options when analyzing Windows binaries. I am using Python as part of the test matrix and discovered that two of the binaries that ship with Python do not have ideal linker flags. This is still a work in progress, so it requires a work-in-progress build of BinSkim.
The output that I am seeing is as follows:
v:\T\binskim\bld\bin\x64_Debug\netcoreapp3.1\BinSkim.exe analyze V:\OSS-Perf\Python\python-3.10.4\DLLs\libcrypto-1_1.dll --verbose
V:\OSS-Perf\Python\python-3.10.4\DLLs\libcrypto-1_1.dll: warning BA6001: 'libcrypto-1_1.dll' appears to be compiled as release but enables incremental linking, increasing binary size and further compromising runtime performance by preventing enabling maximal code optimization.
V:\OSS-Perf\Python\python-3.10.4\DLLs\libcrypto-1_1.dll: warning BA6004: 'libcrypto-1_1.dll' was compiled with COMDAT folding (/OPT:ICF) disabled, increasing binary size.
v:\T\binskim\bld\bin\x64_Debug\netcoreapp3.1\BinSkim.exe analyze V:\OSS-Perf\Python\python-3.10.4\DLLs\libssl-1_1.dll --verbose
V:\OSS-Perf\Python\python-3.10.4\DLLs\libssl-1_1.dll: warning BA6001: 'libssl-1_1.dll' appears to be compiled as release but enables incremental linking, increasing binary size and further compromising runtime performance by preventing enabling maximal code optimization.
V:\OSS-Perf\Python\python-3.10.4\DLLs\libssl-1_1.dll: warning BA6004: 'libssl-1_1.dll' was compiled with COMDAT folding (/OPT:ICF) disabled, increasing binary size.
See also:
https://docs.microsoft.com/en-us/cpp/build/reference/opt-optimizations?view=msvc-170#arguments
https://docs.microsoft.com/en-us/cpp/build/reference/incremental-link-incrementally?view=msvc-170
Your environment
This analysis was performed on a download of Python 3.10.4. That was the current release the last time I downloaded it.
The relevant rule additions for BinSkim are:
BA6004.EnableCOMDATFolding
BA6001.DisableIncrementalLinkingInReleaseBuilds