Performance Impact in AOT Scenarios
Shield optimizes all protections to work with the best structure for AOT and native assemblies, ensuring minimal performance impact while maintaining strong security.
Performance Characteristics of AOT Applications
AOT-compiled applications have different performance characteristics compared to JIT-compiled applications:
- Faster startup time: No JIT compilation at runtime
- More predictable execution: Less runtime overhead and garbage collection
- Memory efficiency: Smaller working set in many scenarios
- Static analysis optimization: Compiler can perform more advanced optimizations
Shield's protection strategies are designed to preserve these benefits while adding robust security.
Performance Impact of Different Protections
Each protection technique has different performance implications in AOT scenarios:
| Protection | Impact | Notes |
|---|---|---|
| Renamer | None | No runtime overhead |
| Control Flow | Minimal | Can be excluded from specific methods if needed |
| Invalid Code | None | No runtime overhead |
| Call Hiding | Minimal | Small overhead on method calls |
| Events | Minimal | Small overhead on event handling |
| Virtualization | Minimal | Small overhead on protected methods |
| Constants Encryption | Minimal | Small overhead on string decryption |
| Disintegration | Minimal | Small overhead on protected code |
| Resources Protection | None | No runtime overhead |
| Anti-Debugger | None | No runtime overhead |
| Anti-Dump | None | No runtime overhead |
| Anti-DisDump | None | No runtime overhead |
| Anti-Jailbreak | None | No runtime overhead |
| Invalid Metadata | Not Compatible | Should not be used with AOT |
Measuring Performance Impact
Benchmark Metrics to Monitor
When evaluating the performance impact of Shield protection on your AOT application, measure these key metrics:
- Startup time: Time from process start to first user interaction
- Memory usage: Working set size during operation
- Throughput: Operations per second for key workflows
- Response time: Latency for critical operations
Testing Methodology
Follow this approach to accurately assess performance impact:
- Create baseline measurements with unprotected AOT application
- Apply Shield protection with default settings
- Measure performance metrics
- Adjust protection configuration based on results
- Repeat measurements until optimal balance is achieved
Method-Level Exclusions
You can exclude specific methods from certain protections using the [Obfuscation] attribute:
[Obfuscation(Exclude = false, Feature = "-control_flow_advance")]
public void PerformanceCriticalMethod()
{
// Method will be protected by other techniques but not control flow
}
Best Practices
- Start with standard protections: Apply the basic protections before adding more intensive ones
- Test incrementally: Add protections gradually and test after each step
- Focus on what matters: Apply stronger protection to critical IP, lighter to performance-sensitive areas
- Test on target hardware: Performance impact may vary significantly between development and production environments
- Real-world testing: Synthetic benchmarks may not reflect actual user experience
Shield is designed to work optimally with AOT-compiled applications, automatically adjusting its protection techniques to minimize performance impact while maintaining strong security.
For more information on Native AOT support, see Native AOT Support.
Performance Benchmarks
We conducted extensive performance testing on a .NET 8 Native AOT application with the following specifications:
- CPU: Intel Core i7-12700K
- RAM: 32GB DDR4
- OS: Windows 11 Pro
Startup Time Impact
| Scenario | Time | Overhead |
|---|---|---|
| Unprotected | 45.2ms | Baseline |
| With All Protections | 45.8ms | +0.6ms (1.3%) |
Runtime Performance Impact
| Operation | Unprotected | Protected | Overhead |
|---|---|---|---|
| Method Call (100k iterations) | 0.8ms | 0.82ms | +0.02ms |
| String Decryption (1k strings) | 1.2ms | 1.25ms | +0.05ms |
| Event Handling (10k events) | 15.3ms | 15.5ms | +0.2ms |
| Resource Loading (100 resources) | 45.1ms | 45.3ms | +0.2ms |
Memory Impact
| Metric | Unprotected | Protected | Difference |
|---|---|---|---|
| Working Set | 45.2MB | 45.8MB | +0.6MB |
| Peak Memory | 52.1MB | 52.7MB | +0.6MB |
These benchmarks demonstrate that Shield's protections add minimal overhead to your AOT-compiled applications. The performance impact is typically measured in microseconds or even nanoseconds for most operations.