We present the studies leading up to the temporal safety support included in the RV64Y “CHERI” capability RISC-V extension. Memory safety enforcement is increasingly important for new programs, languages, and architectures. RV64Y enforces spatial memory safety natively, and provides the necessary invariants to enforce temporal safety in software.
To ensure that RV64Y systems can enforce temporal safety with reasonable performance and memory overhead, we have reproduced experiments from previous CHERI research, optimised CheriBSD revocation support, and explored simplified state machines for virtual memory pages encoded in Page Table Entry (PTE) bits. We managed to optimize revocation in CheriBSD to reduce overhead in Spec2006 by 12%. We then explored the simplest PTE encoding with generational capability read support, and found that they incurred an overhead of about 33% over the optimised baseline, justifying the inclusion of generational capability dirty states in the frozen RV64Y specification. Finally, we discuss ongoing work that has the potential to further optimize temporal safety for RV64Y with vendor-specific or future ratified extensions.