Performance & Size Impact¶
Overhead varies by pass and function complexity. Measurements below are from a representative mobile game module (~200 functions, Cortex-A55).
| Pass | Code size delta | Runtime overhead | Notes |
|---|---|---|---|
str |
+5 – 15% | <1% | Decrypt on first access, zero after; hot strings cached |
str-aes |
+8 – 20% | <1% | AES-128-CTR; same caching behavior |
fla |
+40 – 120% / fn | 5 – 15% on tight loops | Worst case on functions with many small BBs |
bcf |
+20 – 50% BBs | <2% | Dead code — never executed |
sub |
+10 – 30% / fn | 3 – 8% on arithmetic-heavy code | Use --kagura-sub-iter=1 (default) |
mvo |
+15 – 40% / fn | 5 – 12% on alloca-heavy code | Pairs with pe for maximum coverage |
vm |
−30 to +200% | 10 – 50× slowdown | Reserve for small, rarely-called functions (license check, crypto init) |
anti-debug |
+<1% | Negligible (startup only) | One-time check at init |
bbcheck |
+10 – 20% | 2 – 5% | Per-BB overhead; use on security-critical functions only |
Recommendation¶
Apply the BALANCED strength profile globally, then
annotate the 10–20 most sensitive functions with STRONG or kagura_vm.
This keeps median overhead under 5% while maximizing protection on critical
paths.