Performance Benchmarks
Sentinel Stack Overhead Analysis
Section titled “Sentinel Stack Overhead Analysis”Benchmarked under 10 Million operations across 100 concurrent threads on native Linux.
Syscall Hook Overhead
Section titled “Syscall Hook Overhead”| Syscall Hook | Native Baseline | Sentinel Guarded | Overhead |
|---|---|---|---|
file_open (IO) | 26.51 μs | 28.79 μs | +2.27 μs (+8.5%) |
bprm_check_security (Exec) | 6,431 μs | 6,625 μs | +193 μs (+3.0%) |
socket_connect (Network) | 195.57 μs | 199.46 μs | +3.89 μs (+1.9%) |
Key Performance Characteristics
Section titled “Key Performance Characteristics”- Map Lookups: Sub-microsecond O(1) hash table lookups
- Telemetry: Zero-copy ringbuf — no syscall overhead for event export
- LLM Path: AI evaluation is never in the kernel hot path
- All decisions: Purely deterministic O(1) lookups in eBPF maps
XDP Performance
Section titled “XDP Performance”Hyperion XDP operates at wire-speed with:
- Packet filtering: Before
sk_buffallocation - Lookup latency: O(1) deterministic hash table
- Flow tracking: Atomic counter updates via
__sync_fetch_and_add - Eviction: Automatic LRU purging at map capacity limits
- Telemetry export: 40-byte events via zero-copy ring buffer
Benchmark Methodology
Section titled “Benchmark Methodology”# Run the 10M-operation stress testcd telos-runtime/benchmarkspython3 lsm_bench.py
# Run Hyperion integration testscd hyperion-xdp./test_integration.sh
# Run full stack verificationcd tests/integrationgo test -v -run TestGuillotineAll benchmarks are deterministic and reproducible. The LLM is never in the hot path — all enforcement decisions are pure O(1) map lookups.