https://bugs.exim.org/show_bug.cgi?id=1749
--- Comment #52 from Petr Pisar <ppi...@redhat.com> --- That could work. Maybe the counter could be incremented only in the child only. That would trigger recompilation in children only and thus affected only them. I think people usually do not do execute patterns compiled in different process. Except for heavy parallel text scanners that could do work like that (compile pattern, then fork process for each processor and commence matching on different block of data in each process). I remember that Apache httpd does it and their authors are very sensitive to speed. I think it does not make sense to ask security experts. Of course they want high performance but not at the expense of security. Therefore users are given knobs to disable/enable JIT depending on their preference (security versus performance). E.g. Red Hat's resolution on this topic was published in RHEL-7.4 release nores <https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/7.4_Release_Notes/known_issues_compiler_and_tools.html#BZ1290432>. I have no idea how much the recompilation lowers performance. I think it depends on exact use case and it cannot be generalized. -- You are receiving this mail because: You are on the CC list for the bug. -- ## List details at https://lists.exim.org/mailman/listinfo/pcre-dev
