Capability Hardware Enhanced RISC Instructions

CHERI can be added to many different instruction set architectures including MIPS, AArch64, and RISC-V, making it usable across a wide range of platforms.

[6] Early capability architectures, such as the CAP computer and Intel iAPX 432, demonstrated secure memory management but were hindered by performance overheads and complexity.

This metadata is stored inline, alongside the address, in the computer's memory and protected by a tag bit, which is cleared if the capability is tampered with.

[9][10][11] Depending on the context, CHERI systems can be used to enhance compiler-level checks, build secure enclaves,[12] or even be used to augment existing instruction architectures.

A study performed by University of Cambridge researchers found that porting six million lines of C and C++ code to CHERI required changes to 0.026% of the Lines-of-Code (LoC).

The difficulty often stems from programming practices used during the software's original development, such as implementing custom memory management, where identifying pointers from integers can be particularly problematic.

These systems relied on indirection tables to manage capabilities, introducing performance bottlenecks as memory access required multiple lookups.

SRI International and University of Cambridge team revisited capability architectures, seeking to address memory safety challenges inherent in conventional designs.

This feedback led to the development of CHERI Concentrate,[14] a compressed encoding model that reduced capability size to 128 bits by eliminating redundancy between the base, address, and top.

In 2019 CheriABI[29] demonstrated a fully memory-safe implementation of POSIX, allowing existing desktop software to become memory safe with a single recompile.

UK Research and Innovation (UKRI) launched the Digital Security by Design (DSbD) programme[30] to address adoption barriers for CHERI.

[30] This initiative funded Arm's Morello chip, a superset architecture designed to evaluate experimental CHERI features for potential production use based on AArch64.

The follow-up project, Cornucopia Reloaded,[9] showcased efficient temporal safety using page-table features in Morello, in particular, near-negligible pause times for the application making use of revocation.

As part of the UKRI-funded Sunburst project, lowRISC launched the Sonata platform to advance RISC-V-based CHERI development and support standardisation efforts.

Pointers lowered to CHERI capabilities or addresses.
Memory access with and without CHERI.