CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based hardware/software research platform from Cambridge University and SRI. CHERI is designed as an architectural mix-in and has been specified in combination with MIPS, RISC-V, and, most recently, ARMv8-A, with Arm’s Morello prototype architecture. Emulators and FPGA realizations are available, with Morello silicon expected late 2021. Capability-aware forks of FreeRTOS, FreeBSD, LLVM, gdb, PostgreSQL, and QT WebKit are available and under active development; further porting efforts, of Linux and gcc especially, are underway. CHERI’s architecture is formally specified and key properties have been proven. Using CHERI’s mechanisms, software can efficiently implement fine-grained, reliable, spatial and temporal memory protection and scalable compartmentalization. Though folklore holds that capability hardware architectures are impractical, CHERI achieves its goals with low overheads and limited disruption to processor (micro)architecture while retaining broad compatibility with C and modern features such as dynamic linkage and thread-local storage. This talk will give an overview of CHERI and the software stacks developed atop it before deep-diving in to the speaker’s ongoing work on providing heap temporal memory safety atop CHERI’s architectural mechanisms.

Please email for a
Zoom link