Open Review: CHERI-D — Clarifications Regarding PICASSO

I am pleased to see follow-up work building on PICASSO. However, several points in this paper a little bit undermining the PICASSO’s design, which I feel compelled to address publicly.

1. Selective benchmark reporting

The paper highlights cases where PICASSO performs poorly — specifically omnetpp — but omits benchmarks where PICASSO performs well. In particular, SQLite and gRPC are workloads where PICASSO never enters revocation at all in contrast CHERI-D does 242 revocation. Omitting these results presents an incomplete picture of the performance tradeoff space.

2. Allocation size coverage

The paper’s stated goal is deterministic use-after-free protection. However, the paper explicitly states that the design optimises for allocations that fit within a 4KB page. Use-after-free vulnerabilities are not restricted to small allocations — they occur for allocations of any size, including those larger than a page. PICASSO supports temporal safety regardless of allocation size, in contrast, CHERI-D cannot protect large allocations. It is unclear whether “deterministic use-after-free protection” is a fair characterisation of its guarantees. Furthermore, comparing performance results with PICASSO, which provides full temporal safety regardless of allocation size, without acknowledging this asymmetry in coverage is misleading.

3. Goal versus implementation gap on quarantine

The paper states “immediate reuse of freed memory” as a core design goal. However, the implementation section explicitly states: “In our prototype, we quarantine the allocation for simplicity of implementation.” These two statements are in direct tension. PICASSO achieves immediate memory reuse without quarantine as a default behavior. The paper does not explain what makes eliminating quarantine difficult in CHERI-D, nor does it compare the memory overhead PICASSO’s quarantine-free design. It seems CHERI-D still hits %90 memory overhead on QEMU side.

4. ID exhaustion and quarantine fallback

The paper states that with an 8-bit ID, an allocation slot can be safely reallocated up to 254 times before the ID space is exhausted, at which point the slot is quarantined. PICASSO similarly documents a fallback to quarantine after 2 million live allocations. These are comparable engineering trade-offs — both systems have a fallback boundary. So it does not mean that PICASSO cannot run omnetpp ref mode. It can run with quarantined memory as a similar guarantee of CHERI-D.

Thoughts

CHERI-D may well be better suited for specific application profiles, particularly small-allocation-intensive workloads, and I am genuinely glad to see continued work in this space. My concern is not with the contribution itself but with the framing — a rigorous comparison requires presenting complete benchmark results showing with PICASSO (I believe).