Skip to content

Commit

Permalink
Commented out paragraph about SinglePCC
Browse files Browse the repository at this point in the history
  • Loading branch information
@francislaus
francislaus committed May 31, 2023
1 parent 3e39ab6 commit a7d1fa8
Showing 1 changed file with 6 additions and 6 deletions.
12 changes: 6 additions & 6 deletions chap-microarchitecture.tex
View file
Original file line number Diff line number Diff line change
Expand Up @@ -291,12 +291,12 @@ \subsection{\PCC{} Bounds Forwarding (Not Prediction)}
The Morello implementation chooses to forward the bounds of \PCC{} rather than predict them, so the \PCC{} capability cannot be used in a data memory access unless it is legally sourced form another register in the pipeline.
CHERI-MIPS, Piccolo, and Flute share this design choice, though they are of less note as their simple pipelines do not allow speculative read gadgets.

\subsection{Bounding Execution to Forwarded \PCC{}}
If \PCC{} must obey \emph{SCC} before proceeding to Execute, many classes of cross-domain transient execution attacks are made impossible.
An efficient implementation may wait to execute instructions until the \PCC{} authorising their fetch is produced and forwarded in the pipeline.
The pipeline may speculate that \PCC{} does not actually change such that instructions that lie within an already-calculated \PCC{} are allowed to progress to execution, but predicted instructions that lie outside of any SCC-legal \PCC{} would wait for forwarded bounds.
This may allow some implementations to avoid storing the bounds of \PCC{} in many places in the pipeline.
A branch of CHERI Toooba has an basic example implementation, \emph{SinglePCC}, which permits a single set of \PCC{} bounds to be in flight in the pipeline at any time, gaining efficiency and safety at the expense of performance when crossing code domains.
%\subsection{Bounding Execution to Forwarded \PCC{}}
%If \PCC{} must obey \emph{SCC} before proceeding to Execute, many classes of cross-domain transient execution attacks are made impossible.
%An efficient implementation may wait to execute instructions until the \PCC{} authorising their fetch is produced and forwarded in the pipeline.
%The pipeline may speculate that \PCC{} does not actually change such that instructions that lie within an already-calculated \PCC{} are allowed to progress to execution, but predicted instructions that lie outside of any SCC-legal \PCC{} would wait for forwarded bounds.
%This may allow some implementations to avoid storing the bounds of \PCC{} in many places in the pipeline.
%A branch of CHERI Toooba has an basic example implementation, \emph{SinglePCC}, which permits a single set of \PCC{} bounds to be in flight in the pipeline at any time, gaining efficiency and safety at the expense of performance when crossing code domains.

\subsection{Speculative Forgery Prevention}
\emph{SCC} may also be violated if capabilities can be forged in speculation.
Expand Down

1 comment on commit a7d1fa8

@bsdjhb
Copy link
Collaborator

@bsdjhb bsdjhb commented on a7d1fa8 May 31, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might be better to just outright remove the text rather than commenting it out FWIW. You can always find it in history later, but we also have a fair bit of commented-out text that is stale in the spec that is accumulated and never removed.

Please sign in to comment.