PuDHammer: Experimental Analysis of Read Disturbance Effects of Processing-using-DRAM in Real DRAM Chips

Paper Title: PuDHammer: Experimental Analysis of Read Disturbance Effects of Processing-using-DRAM in Real DRAM Chips
Reviewer: The Guardian

---

Summary

The authors present an experimental characterization of read disturbance vulnerabilities arising from multiple-row activation patterns, which are foundational to many Processing-using-DRAM (PuD) operations. They term this new vulnerability class "PuDHammer" and characterize two variants: Consecutive Multiple-Row Activation (CoMRA) and Simultaneous Multiple-Row Activation (SiMRA). Using a testbed of 316 commercial DDR4 chips, they claim that these PuDHammer patterns significantly reduce the hammer count required to induce a bitflip (HC_first) compared to conventional RowHammer. Furthermore, they claim PuDHammer bypasses an in-DRAM TRR mitigation mechanism. Finally, they adapt the industry-standard PRAC mitigation and evaluate its performance overhead, concluding it to be substantial.

Strengths

1. Extensive Experimental Scale: The characterization is performed on a large and diverse set of 316 real DDR4 chips from four major manufacturers. This scale lends statistical weight to the general findings regarding CoMRA.
2. Comprehensive Parameter Sweep: The authors have diligently characterized the effects of various operational parameters, including temperature, data patterns, and timing violations. This provides a valuable dataset for the community.
3. Important Core Observation: The fundamental finding that multiple-row activation patterns, particularly CoMRA, exacerbate read disturbance is well-demonstrated across all tested vendors and represents a crucial consideration for the future security and reliability of PuD-enabled systems.

Weaknesses

My primary concerns with this manuscript center on the generalizability of its most dramatic claims, a lack of deep mechanistic explanation, and the realism of the mitigation evaluation.

1. Gross Overstatement and Lack of Generalizability for SiMRA: The paper's most striking claim—a 158.58x reduction in HC_first (Abstract, pg. 1)—is derived from SiMRA. However, the authors concede that SiMRA-induced bitflips were only observed in SK Hynix chips (Section 5.3, pg. 8). To present a vendor-specific behavior as a headline result for a phenomenon named "PuDHammer" is misleading. The abstract and introduction frame the results as general, but the reality is that the most potent attack vector demonstrated is highly limited in its applicability. The footnote explanation hypothesizing that other chips "ignore" commands is conjecture and insufficient justification. This is a critical flaw that undermines the paper's headline contributions.

2. Unsubstantiated Claim of TRR Bypass: The authors claim that PuDHammer "bypasses an in-DRAM RowHammer mitigation mechanism called Target Row Refresh" (Abstract, pg. 1). However, the corresponding experiment in Section 7 (pg. 11) was conducted on a single tested SK Hynix DRAM module. A sample size of N=1 is scientifically indefensible for making such a strong and general claim. This result may be an artifact of that specific module's TRR implementation and cannot be generalized to TRR mechanisms as a whole. The claim is severely overstated.

3. Superficial Physical-Level Analysis: The paper is strong on what happens but critically weak on why. For instance, Observation 14 (pg. 9) notes that SiMRA and RowHammer have opposite bitflip directions. The authors "hypothesize that double-sided SiMRA has a different underlying silicon-level mechanism" but provide no further evidence, simulation, or rigorous analysis. This is a significant finding that demands a more thorough investigation than mere speculation. Without a plausible physical model, the observations, while interesting, lack the explanatory power expected of a top-tier publication.

4. Questionable Realism in Mitigation Evaluation: The evaluation of the adapted PRAC mechanism (Section 8.2, pg. 12-13) relies on a synthetic workload injected into a simulation. This workload consists of "back-to-back one SiMRA with 32-row activation and one CoMRA operation every N ns." It is not clear that this pattern is representative of any real-world PuD application. The reported performance overheads are therefore entirely coupled to an artificial workload whose relevance is not justified. The conclusion that PRAC incurs high overheads is only valid for this specific, potentially unrealistic, workload.

5. Conflation of Distinct Phenomena: The paper bundles CoMRA and SiMRA under the single moniker "PuDHammer." However, the data suggests they may be mechanistically distinct: CoMRA works across vendors while SiMRA appears specific to one; they exhibit different sensitivities to parameters; and SiMRA demonstrates an opposite bitflip directionality. This lumping may obscure important underlying physics and misleads the reader into viewing them as two sides of the same coin, when they may be fundamentally different vulnerabilities.

Questions to Address In Rebuttal

The authors must address the following points directly and with evidence:

1. SiMRA Generalizability: Please justify presenting the SiMRA results, particularly the 158.58x HC_first reduction, as a primary finding of the paper when it was only observed in a single manufacturer's chips. The paper should be reframed to clearly demarcate general phenomena (like CoMRA) from vendor-specific ones (like SiMRA), starting from the abstract.
2. TRR Bypass Evidence: How can the authors justify their strong and general claim about bypassing TRR based on an experiment on a single DRAM module? Please provide data on more modules from different vendors or significantly walk back this claim to reflect the extremely limited scope of the experiment.
3. Physical Mechanism: The paper offers a hypothesis for the opposite bitflip directionality of SiMRA (Observation 14, pg. 9). Can the authors provide any supporting evidence from device-level modeling, literature on charge transport, or other analysis to elevate this from conjecture to a scientifically plausible explanation?
4. Workload Realism: Please provide a clear justification for the choice of the synthetic PuD workload used in the PRAC evaluation (Section 8.2, pg. 13). How does this access pattern map to the operational behavior of known PuD applications (e.g., in-memory databases, graph processing)? Without this, the performance results are of questionable value.

Reviewer: The Synthesizer (Contextual Analyst)

---

Summary

This paper presents the first systematic, experimental characterization of a new and severe form of DRAM read disturbance, which the authors aptly name "PuDHammer." The core contribution is the discovery that multiple-row activation—the fundamental mechanism enabling many Processing-using-DRAM (PuD) operations like in-DRAM copy and bitwise logic—dramatically exacerbates DRAM's vulnerability to read disturbance, far more so than conventional RowHammer attacks.

Through an extensive study on 316 commercial DDR4 chips, the authors demonstrate that PuDHammer can induce bitflips with up to a 158.58x lower activation count (HC_first) compared to the most effective RowHammer patterns. They show this vulnerability is sensitive to various operational parameters, can bypass existing in-DRAM mitigations like TRR, and that adapting the current industry standard mitigation (PRAC) results in prohibitively high performance overheads. This work effectively establishes a critical new bridge between the fields of Processing-in-Memory (PIM) and hardware security/reliability, revealing a potentially fundamental challenge to the safe and secure deployment of PuD systems.

---

Strengths

1. Fundamental and Timely Contribution: This paper sits at the crucial intersection of two highly active research areas. The PIM community has been largely focused on demonstrating functionality and performance, often with the implicit assumption of a reliable substrate. The hardware security community has studied RowHammer extensively but has not considered the unique access patterns of PIM. This work is the first to connect these domains, identifying a problem that is not merely incremental but represents a step-function increase in vulnerability severity. The discovery is foundational for any future work on secure PIM.

2. Impressive Experimental Rigor: The scale and thoroughness of the experimental study are a major strength. Characterizing the effect across 316 chips from four major manufacturers (as detailed in Table 1, page 4) provides strong evidence that PuDHammer is a universal phenomenon in modern DRAM, not an artifact of a specific device. The systematic exploration of a wide parameter space (temperature, data patterns, timing, spatial location) gives the results significant depth and credibility.

3. Clear Real-World Implications: By demonstrating that PuDHammer bypasses an existing mitigation (TRR, Section 7) and that adapting the industry standard PRAC incurs crippling overheads (48.26% average, Section 8.2), the paper immediately grounds its findings in practical reality. This is not a theoretical vulnerability; it is a clear and present danger to the security and isolation properties of future systems that might deploy PuD. This analysis effectively issues a challenge to the community: existing solutions are not sufficient.

4. Opening New Research Avenues: This is precisely the kind of paper that seeds an entire subfield. It raises more questions than it answers, which is a hallmark of significant research. Future work can now explore the underlying device physics, design PIM-aware mitigation strategies, develop new attack methodologies based on PuDHammer, and create secure compilers or runtimes for PIM systems. The paper provides a solid empirical foundation upon which this future work can be built.

---

Weaknesses

While the paper is strong, its focus as a "first characterization" study leaves some areas less developed, which is understandable but worth noting.

1. Limited Exploration of Root Cause: The paper does an excellent job characterizing what happens but is naturally speculative about why PuDHammer is so much more effective than RowHammer. The authors hypothesize about enhanced "trap-assisted electron migration" (Observation 2, page 6) but, as a systems paper, do not provide device-level analysis. While they rightly call for future work here, the paper would be even more impactful with a more detailed theoretical model or preliminary simulation to support their hypothesis.

2. Mitigation Proposals are Preliminary: The analysis of PRAC is excellent for showing the scale of the problem. However, the proposed new countermeasures in Section 8.1 are largely conceptual sketches. This is not a significant flaw, as a full mitigation design is likely beyond the scope of a single characterization paper. Still, the transition from problem identification to solution feels more like a pointer to future work than a complete contribution in its own right.

---

Questions to Address In Rebuttal

1. On the Physics of PuDHammer: The 158.58x reduction in HC_first is a staggering figure. Beyond the general hypothesis of enhanced electron migration, could you elaborate on the potential physical mechanisms? For example, with simultaneous multiple-row activation (SiMRA), is it possible that the massive, concurrent current draw on the power delivery network is causing voltage droops that are the primary driver of vulnerability, as opposed to purely cell-to-cell coupling effects? How does this differ from the mechanism in consecutive activation (CoMRA)?

2. On the Future of PIM Architecture: Your findings paint a challenging picture for the PIM paradigm. Do you view PuDHammer as a fundamental roadblock that might render certain PuD techniques (especially those based on SiMRA) impractical for secure systems, or do you see it as a new set of engineering constraints that can be designed around? In other words, is this an architectural "deal-breaker" or a "call to arms" for more robust PIM designs?

3. On PIM-Aware Mitigations: Given that a generic, low-level mitigation like PRAC imposes such high overheads, what is your vision for a more intelligent, PIM-aware mitigation? For instance, could the memory controller be aware of PuD "sessions" and apply targeted, aggressive refreshing only to neighboring regions of active PuD subarrays, rather than treating every activation as a potential hammer? Could such a semantic approach significantly reduce the observed performance penalty?

Reviewer: The Innovator (Novelty Specialist)

Summary

The authors present an experimental characterization study on the read disturbance effects that arise from multiple-row activation patterns, a core operational primitive of many Processing-using-DRAM (PuD) techniques. The paper identifies and names this phenomenon "PuDHammer," demonstrating that PuD access patterns—specifically consecutive (COMRA) and simultaneous (SiMRA) multiple-row activations—can induce bitflips far more effectively than traditional single-aggressor RowHammer attacks. The core of the work is an extensive empirical analysis across 316 real DDR4 chips, exploring the impact of various parameters on this vulnerability. The authors conclude by evaluating the effectiveness of adapting an existing industry mitigation (PRAC) for this new threat vector.

Strengths

The primary strength of this paper lies in its novel claim: the identification and first-ever systematic characterization of a new class of read disturbance vulnerability. While the constituent concepts are not new—Processing-using-DRAM and RowHammer are both well-established fields—their interaction has been, until now, an unexplored area. My analysis confirms the authors' claim that prior work has not investigated the security and reliability implications of the multiple-row activation patterns inherent to PuD.

The novelty can be broken down as follows:

1. Identification of a New Phenomenon: The core contribution is the empirical proof that the access patterns required for PuD operations create a potent read disturbance vector. Prior PuD literature (e.g., Ambit [29], RowClone [40], ComputeDRAM [73]) focused on demonstrating the functionality and performance benefits of multiple-row activation, overlooking the potential for malicious exploitation or reliability degradation. This paper bridges that critical gap. The "delta" over prior art is therefore the entire investigation itself; it moves from "PuD can be done" to "here are the unintended, severe consequences of doing PuD."

2. Novel Experimental Insights: The paper provides a wealth of new data. For example, Observation 14 (Page 9), which finds that SiMRA and RowHammer have opposite dominant bitflip directions, is a genuinely new and surprising finding. This suggests a fundamentally different underlying physical mechanism, a significant contribution to the community's understanding of DRAM reliability that did not exist previously. The discovery that PuDHammer patterns can reduce the hammer count to the first flip (HC_first) by up to 158.58x (Abstract, Page 1) is not a marginal improvement; it represents a phase change in the severity of read disturbance threats.

3. Systematic Categorization: The distinction between COMRA and SiMRA as separate classes of PuDHammer, each with unique characteristics, is a novel and useful categorization that will inform future work in this area.

Weaknesses

While the central discovery is novel, some of the surrounding elements rely heavily on established methods and concepts, which dilutes the overall novelty of the work.

1. Methodology: The experimental infrastructure (DRAM Bender [75] built on SoftMC [197]) and characterization methodology are standard practice, directly following the path laid by numerous prior RowHammer analysis papers (e.g., [125, 144, 145]). The novelty is in the access patterns tested, not in the methodology used to test them.

2. Countermeasures: The novelty in the countermeasures section (Section 8, Page 12) is limited.

   • The three proposals in Section 8.1 (separating arrays, refreshing post-operation, weighted counting) are logical, high-level extensions of existing security principles like isolation and proactive defense. They lack a novel underlying mechanism and are presented conceptually without implementation.
   • The adaptation and evaluation of Per-Row Activation Counting (PRAC) is an application of an existing, industry-standardized technique to a new problem. While the performance analysis provides new and valuable data points, the core mechanism is not new. The "weighted counting" optimization is a straightforward tuning of this existing counter-based approach rather than a fundamentally new idea. The novelty here is in the application and evaluation, not the invention.

Questions to Address In Rebuttal

1. The core novelty of this work is the experimental characterization of a previously unexplored phenomenon. However, the proposed countermeasures in Section 8.1 appear to be high-level, conceptual extensions of existing principles (e.g., isolation, proactive refresh). Can the authors elaborate on what is fundamentally novel about these proposed countermeasures beyond applying known concepts to this new problem context?

2. The evaluation of an adapted Per-Row Activation Counting (PRAC) mechanism in Section 8.2 is a valuable contribution. However, the mechanism itself is an existing industry standard. Is the novelty here purely in the evaluation, or is there a non-obvious, novel aspect to the adaptation of PRAC to handle multiple simultaneous activations that the paper does not fully elaborate on? The "weighted counting" optimization, for instance, seems like a logical tuning of an existing counter-based approach.

3. Prior works such as ComputeDRAM [73] and others [78, 79] have successfully demonstrated multiple-row activation on COTS DRAM. While their stated goal was not to study read disturbance, did they observe any anomalous behavior or reliability issues that might have hinted at the PuDHammer effect, even if not characterized as such? A more direct positioning against observations from this functionally-closest prior art would strengthen the claim of being the "first."