The merge request is for
cheriseed branch which is currently work in progress.
At this stage it is meant to be a request for comments: any feedback (on idea, implementation, documentation) is very welcome and greatly appreciated.
CHERIseed is a software-only implementation of CHERI semantics.
The aim of CHERIseed is to facilitate the porting effort of existing code to CHERI hardware platforms, by providing some of the functionality while running on a host machine that is not capability aware. This functionality includes:
- 128-bit pointers for a 64-bit address space (64 bits of "metadata").
- Bounds checking on pointer dereferences.
- Permissions checking for pointers where permissions are restricted.
By compiling and running code with CHERIseed a user can experiment with CHERI programming (see the CHERI C/C++ Programming Guide), and identify potentially unsafe code that would fault on real CHERI hardware. CHERIseed does not provide the same security guarantees as CHERI hardware, and should not be used as a security-enforcing tool.