Abstract

The version of the Capability Hardware Enhanced RISC Instructions (CHERI) architecture presented at ISCA this year was the second major revision of the CHERI ISA , adding a capability oriented memory protection model to a conventional RISC (MIPS R4K -compatible) base instruction set. CHERI was always intended to provide hardware-enforced security for software that forms part of trusted computing base, which is typically written in C or C++. These languages have an abstract model that allows implementations that provide strict memory protection but also have large bodies of legacy code (crucially, the code that could most benefit from improved security) that were not written with language-enforced memory safety in mind.

The CHERI ISA underwent significant refinements as we added capability support to the Clang front end for LLVM and CHERI ISA support to the back end. It is now undergoing further refinement, leading to a third iteration of the instruction set, as we try to compile large bodies of software targeting CHERI . This talk will discuss the lessons learned at each step and the importance of evaluating computer architecture research with real-world software.