Department of Computer Science and Technology

CHERI

CHERI compartmentalization figure

CHERI Software Stack

February 2021: We have open sourced a CHERI adaptation of the WebKit browser framework and JavaScript interpreter, which has been developed in close collaboration with Arm. This is the first open-source JIT available for CHERI, and runs on Arm's Morello architecture.
April 2019: We are pleased to announce that our ASPLOS 2019 paper on CHERI and OS design, CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, on the general-purpose OS design implications of CHERI when used for ubiquitous memory safety, has won an ASPLOS Best Paper award.

This page describes our CHERI software-stack prototypes, including the CHERI Clang/LLVM/LLD compiler suite and linker, CheriBSD operating system, and QEMU-CHERI ISA-level simulator. We have also performed CHERI adaptations of the GDB debugger, FreeRTOS embedded operating system, and Spike RISC-V simulator, as well as applications such as WebKit. Entirely new software is released under a BSD license; extensions to existing software packages are released under the license used by that package.

Our recent ASPLOS 2019 paper on CheriABI provides the best current general introduction to CHERI memory safety for operating systems and applications. There is also an extended CheriABI technical report that contains additional implementation information on this work.

CHERI Clang/LLVM compiler suite, LLD linker, and GDB debugger

CHERI Clang/LLVM and LLD are a complete compiler suite and compile-time linker for use with the CHERI architecture as instantiated for 64-bit MIPS and 32/64-bit RISC-V. We have also adapted the GDB debugger to use CHERI. The suite targets two C interpretations and ABIs:

Hybrid-capability C and binary code
Hybrid-capability C/C++ starts with the conventional integer implementation of C/C++ pointers, but allows types to be optionally qualified in order to trigger implementation using CHERI capabilities. This model could also transparently introduce capability use where it does not interfere with existing ABIs. This model is typically used in low-level OS components and compatibility layers, such as in allowing the pure-capability CheriABI process environment to be implemented over a hybrid-capability kernel.
Pure-capability C and binary code
Pure-capability C/C++ implements all C/C++ pointers using CHERI capabilities. This includes explicit pointers (such as explicitly declared pointers to functions, global variables, local variables, and heap allocations), and also implicit pointers (such as return addresses, and GOT pointers). This model is suitable for a broad variety of uses, including in providing strong memory safety for operating-system kernels and user applications. CHERI C is documented in our CHERI C/C++ Programming Guide.

CheriBSD operating system

CheriBSD is an adaptation of the open-source FreeBSD operating system to utilize the CHERI Architecture's capability-system model. CheriBSD provides strong CHERI-based memory protection for the kernel and userspace, as well as support for scalable single-address-space software compartmentalization. By default, the kernel is compiled as a hybrid-capability binary, but we have experimental extensions that allow it to run as a pure-capability binary. Both kernels support running existing off-the-shelf userspace MIPS and RISC-V binaries, as well as pure-capability binaries running in the CheriABI process environment. CheriBSD runs on 64-bit CHERI-MIPS and 64-bit CHERI-RISC-V.

QEMU-CHERI

We have also developed a QEMU CHERI-MIPS and CHERI-RISC-V implementation, which provides an ISA-level emulation of our CHERI extensions to the 64-bit MIPS and RISC-V ISAs. While not micro-architecturally realistic, this emulation can be useful for software development, especially in the absence of an FPGA or access to Bluespec. It is faster than the Sail-generated C emulator, but less directly based on the Sail CHERI-MIPS and CHERI-RISC-V ISA specifications.

Other ported software

In addition to software packages such as OpenSSL and OpenSSH that are included in CheriBSD, we have ported a number of other applications to CHERI. These include:

nginx
Webserver
newlib
Embedded/baremetal C standard library.
PostgreSQL
Enterprise relational database.
Qt
Cross-platform GUI framework.
SQLite
Embedded relational database.
WebKit
The WebKit browser platform and JavaScript Core (JSC) language runtime. This includes a CHERI-adapted JIT for Morello