@inproceedings{filardo2024cornucopia,
author = {Filardo, Nathaniel and Gutstein, Brett F. and Woodruff, Jonathan and Clarke, Jessica and Rugg, Peter and Davis, Brooks and Johnston, Mark and Norton-Wright, Robert and Chisnall, David and Moore, Simon W. and Neumann, Peter G. and Watson, Robert N. M.},
title = {Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety},
booktitle = {ASPLOS ’24},
year = {2024},
month = {April},
abstract = {Violations of temporal memory safety (“use after free”, “UAF”) continue to pose a significant threat to software security.  The CHERI capability architecture has shown promise as a technology for C and C++ language reference integrity and spatial memory safety. Building atop CHERI, prior works – CHERIvoke and Cornucopia – have explored adding heap temporal safety. The most pressing limitation of Cornucopia was its impractical “stop-the-world” pause times.

We present Cornucopia Reloaded, a re-designed drop-in replacement implementation of CHERI temporal safety, using a novel architectural feature – a per-page capability load barrier, added in Arm’s Morello prototype CPU and CHERI RISC-V – to nearly eliminate application pauses. We analyze the performance of Reloaded as well as Cornucopia and CHERIvoke on Morello, using the CHERI-compatible SPEC CPU2006 INT workloads to assess its impact on batch workloads and using pgbench and gRPC QPS as surrogate interactive workloads. Under Reloaded, applications no longer experience significant revocation-induced stop-the-world periods, without additional wall- or CPU-time cost over Cornucopia and with median 87% of Cornucopia’s DRAM traffic overheads across SPEC CPU2006 and < 50% for pgbench.},
url = {http://approjects.co.za/?big=en-us/research/publication/cornucopia-reloaded-load-barriers-cheri-heap-temporal-safety/},
}