Department of Computer Science and Technology



CHERI-WebKit is a port of the WebKit browser engine, developed in collaboration with Arm, to the CHERI protection model, and in particular to Arm's Morello architecture. It will serve as a platform for measuring CHERI's impact on performance and security in complex applications like language runtimes.

Note: This is experimental software, and is only partially adapted to use the CHERI protection model. While the initial aim has been to support performance analysis, to understand the implications of CHERI's larger pointer size and impact on the JSC JIT, we are now exploring deploying CHERI memory safety to harden the browser engine and language runtime.


Work to date has focused on JavaScriptCore (JSC), WebKit's JavaScript runtime. Our port supports multiple tiers of optimization, including the C-loop interpreter, low-level interpreter, and baseline JIT compiler. To facilitate the evaluation of performance and security tradeoffs, JSC can be built with pure-capability compilation, which implements all pointers as CHERI capabilities; hybrid compilation, which leaves most pointers as integers; and a third option that implements all pointers as CHERI capabilites except for the JavaScript virtual machine's pointers to the JavaScript heap, which remain integers. In this third model, the use of integer pointers is restricted to the JavaScript heap by Morello's default data capability. CHERI-WebKit relies on the CheriBSD operating system, and its memory-safe CheriABI process environment.

Building and running CHERI-Webkit

The CHERI-Webkit source is available in the CHERI-WebKit GitHub repository. It can be easily built and run on Arm's Morello FVP software model using our cheribuild tool. To build it, run the following command line, which will build the Morello toolchain and CheriBSD as well as JavaScriptCore and its dependencies:

./ --include-dependencies webkit-morello-purecap

The following command line will download the Arm FVP model, create a disk image that includes JSC, and run the model:

./ --include-dependencies run-fvp-morello-purecap

You can then run JSC on the FVP model as follows:

env LD_LIBRARY_PATH=/opt/morello-purecap/webkit/lib /opt/morello-purecap/webkit/bin/jsc