Windows 10 security feature causes 'huge' Chromium performance issues: Fix coming

Tests run on Windows 10 are three to four times slower than on Windows 7, with a security feature being blamed.

Google's changes to Chrome have users and experts up in arms Browser maker faces backlash for failing to inform users about Chrome Sync behavioral change. Read more: https://zd.net/2xym3FL

Microsoft is working on a fix for what browser maker Vivaldi and a Google researcher say are major performance issues caused to Chromium. 

It's not yet clear whether end users of Chromium-based browsers are affected by the Windows 10 security feature issue. However, the problem has caused enough headaches for developers of Chromium-based browser Vivaldi to appeal to Microsoft via Google for a fix. Microsoft has built a fix that should be delivered in the next Patch Tuesday update.   

Chromium programmer Bruce Dawson of Google has traced the performance issues to the Windows 10 security feature Control Flow Guard (CFG), one of Microsoft's built-in OS hardening features.

SEE: 20 pro tips to make Windows 10 work the way you want (free PDF)    

Yngve Pettersen, a developer at Vivaldi, noticed the performance issues after adding Windows 10 to his organization's Windows 10 unit test cluster, which until then had been using Windows 7 Pro. 

"We immediately noticed performance problems. A test suite that previously took about 100 minutes to run, now took 300 or even 360 minutes," wrote Pettersen in a blogpost detailing the "huge Windows 10 performance issue to Chromium" that he reported to Microsoft in April. 

"We tried fixing the problem by tweaking the OS configuration, replacing drivers, and adjusting the virtual machine's configuration. Nothing helped, and we went back to the old Windows 7 Pro instance."

Pettersen then replicated the issue on his home system and compared tests with Windows 10 and then Windows 7 Pro installed. 

"One of the tests that took 100 minutes when run on Windows 10 on this machine, took 20 minutes on Windows 7," he noted. 

Pettersen didn't know at this stage that Control Flow Guard figured in the problem. However, he did pinpoint the CreateProcess call, which Windows uses to start new processes, as the source of the dramatic performance slowdowns. 

Pettersen filed a bug report about the issue with the Chromium team, at which point Dawson began investigating the issue and connected the problem to CFG. 

Dawson found that the CreateProcess on Windows 10 quadruples every time the number of CFG functions doubles. In other words, the time for creating processes is the square of the number of functions in an executable. 

Dawson found that disabling CFG, which isn't strictly necessary in a test environment and shouldn't be performed in the real world, resolved the issue. 

"I landed a change that turns off CFG for our test binaries, and suddenly unit_tests.exe was running about five times faster, with CreateProcess itself now running about 20 times faster," wrote Dawson. Vivaldi, he noted, measured CreateProcess as 200 times faster after his mitigation.     

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

The first piece of good news is that Microsoft has been quick to respond to the CFG issues and will roll out a fix soon. 

Mehmet Iyigun, a development manager on the Windows and Azure kernel team, confirmed in late April that Microsoft had investigated the root cause and built a fix that would roll out "in a couple of weeks". 

The second bit of good news is that its end users probably wouldn't experience the same performance issues that a test environment reveals, according to Pettersen. 

"It could be that this issue affects normal browser usage, too, since both Chrome and Vivaldi start new processes for each tab, but as much of the actual code is located in DLLs shared among the processes, and the Windows CFG configuration is reused for DLLs, it might not be as noticeable in normal use," wrote Pettersen. 

Nonetheless, he says issues like this do affect the product performance and development turnaround time of Chromium. Meanwhile, Dawson notes that Microsoft still hasn't weeded out all the bugs in CFG that cause inefficiencies. 

More about Microsoft, Windows, and Chromium