Department of Computer Science and Technology



CHERI-WebKit is a port of the WebKit browser engine, developed in collaboration with Arm, to the CHERI protection model, and in particular to Arm's Morello architecture. It will serve as a platform for measuring CHERI's impact on performance and security in complex applications like language runtimes.

Note: This is experimental software, and is only partially adapted to use the CHERI protection model. While the initial aim has been to support performance analysis, to understand the implications of CHERI's larger pointer size and impact on the JSC JIT, we are now exploring deploying CHERI memory safety to harden the browser engine and language runtime.


Work to date has focused on JavaScriptCore (JSC), WebKit's JavaScript runtime. Our port supports multiple tiers of optimization, including the C-loop interpreter, low-level interpreter, and baseline JIT compiler. To facilitate the evaluation of performance and security tradeoffs, JSC can be built with pure-capability compilation, which implements all pointers as CHERI capabilities; hybrid compilation, which leaves most pointers as integers; and a third option that implements all pointers as CHERI capabilites except for the JavaScript virtual machine's pointers to the JavaScript heap, which remain integers. In this third model, the use of integer pointers is restricted to the JavaScript heap by Morello's default data capability. CHERI-WebKit relies on the CheriBSD operating system, and its memory-safe CheriABI process environment.

Building and running CHERI-Webkit

The CHERI-Webkit source is available in the CHERI-WebKit GitHub repository. It can be easily built and run on Arm's Morello FVP software model using our cheribuild tool. To build it, run the following command line, which will build the Morello toolchain and CheriBSD as well as JavaScriptCore and its dependencies:

./ --include-dependencies morello-webkit-morello-purecap

To enable support for baseline JIT compilation, append the following switch to the above command:

--morello-webkit-morello-purecap/backend tier2asm

The following command line will then download the Arm FVP model, create a disk image that includes JSC, and run the model:

./ --include-dependencies run-fvp-morello-purecap

You can then run JSC on the FVP model as follows:

env LD_LIBRARY_PATH=/opt/morello-purecap/webkit/lib:/usr/local/morello-purecap/lib /opt/morello-purecap/webkit/bin/jsc

To run JavaScript files (e.g. the SunSpider benchmark suite), create and add them to cheribuild's extra files directory, (default ~/cheri/extra-files), rebuild the disk image, and re-run the model:

mkdir -p ~/cheri/extra-files/js
cp [js files] ~/cheri/extra-files/js
cheribuild disk-image-morello-purecap
cheribuild run-fvp-morello-purecap

You can then run the files on the model as follows:

env LD_LIBRARY_PATH=/opt/morello-purecap/webkit/lib:/usr/local/morello-purecap/lib /opt/morello-purecap/webkit/bin/jsc /js/[js file]

You can also use cheribuild to run the SunSpider benchmark suite directly on the QEMU model:

cheribuild morello-webkit-morello-purecap --test