This work addresses two critical limitations of PRAC—the dominant on-die RowHammer mitigation: (1) substantial access latency overhead, and (2) vulnerability to Wave Attacks, which force conservative threshold reduction. We propose Chronus, a novel hardware-based DRAM mitigation mechanism. Chronus introduces (1) a decoupled counter-and-data-path concurrent counting architecture—the first of its kind—and (2) a dynamic, proactive refresh scheduling scheme that models Wave Attacks to enable adaptive threshold adjustment. Evaluated under realistic workloads, Chronus achieves near-zero performance overhead (<0.5% in both latency and bandwidth degradation) while significantly outperforming PRAC and three state-of-the-art alternatives in security robustness. Fully implemented using only on-die DRAM logic, Chronus is open-sourced with complete RTL, providing an industrially deployable, formally verifiable security baseline for both academia and industry.

We 1) present the first rigorous security, performance, energy, and cost analyses of the state-of-the-art on-DRAM-die read disturbance mitigation method, Per Row Activation Counting (PRAC) and 2) propose Chronus, a new mechanism that addresses PRAC's two major weaknesses. Our analysis shows that PRAC's system performance overhead on benign applications is non-negligible for modern DRAM chips and prohibitively large for future DRAM chips that are more vulnerable to read disturbance. We identify two weaknesses of PRAC that cause these overheads. First, PRAC increases critical DRAM access latency parameters due to the additional time required to increment activation counters. Second, PRAC performs a constant number of preventive refreshes at a time, making it vulnerable to an adversarial access pattern, known as the wave attack, and consequently requiring it to be configured for significantly smaller activation thresholds. To address PRAC's two weaknesses, we propose a new on-DRAM-die RowHammer mitigation mechanism, Chronus. Chronus 1) updates row activation counters concurrently while serving accesses by separating counters from the data and 2) prevents the wave attack by dynamically controlling the number of preventive refreshes performed. Our performance analysis shows that Chronus's system performance overhead is near-zero for modern DRAM chips and very low for future DRAM chips. Chronus outperforms three variants of PRAC and three other state-of-the-art read disturbance solutions. We discuss Chronus's and PRAC's implications for future systems and foreshadow future research directions. To aid future research, we open-source our Chronus implementation at https://github.com/CMU-SAFARI/Chronus.