Recent work has demonstrated that CHERI-based capability machines provide good support for low-overhead enforcement of spatial memory safety and compartment isolation. However, enforcing temporal memory safety, particularly for the stack, well-bracketed control flow and fine-grained stack frame encapsulation remains more difficult. Rigorous theoretical work has proposed approaches based on further architectural extensions, but this work does not support practical concerns like capability compression, and has not been implemented or evaluated in practice.

In this paper, we bring theoretically validated secure calling conventions closer to practical application. We propose a design (based on a \emph{reserve stack}) that reconciles fine-grained stack boundaries with capability compression and we contribute an LLVM implementation of selected secure calling conventions for CHERI-RISC-V. Based on this implementation, we evaluate the secure calling convention’s impact on performance, memory usage, code size and compatibility as well as data about how different security measures contribute to the calling conventions’ performance overhead. Currently, the above results are work-in-progress and in the paper, we discuss the results’ different stages of completion.