> Recently, I've been trying to improve the sorry state of PHP's heap implementation, [...]. Anyway, one of the low-hanging fruits is to makes parts of the _zend_mm_heap read-only, since it contains function pointers that are often overwritten in public exploits to transform a (limited) read/write primitive into an arbitrary code execution.

> [...]

> Unfortunately, it was rejected on the basis of lowering performances by 0.6% on my local benchmark.