We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

A Rusty CHERI - The path to hardware capabilities in Rust

Formal Metadata

Title
A Rusty CHERI - The path to hardware capabilities in Rust
Subtitle
A status report on ongoing efforts to support CHERI architectures in Rust
Title of Series
Number of Parts
542
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
CHERI defines hardware extensions to encode access constraints on pointers, enabling hardware enforcement of such restructions based on metadata stored alongside pointers. There is an ongoing drive to support compiling Rust code in a way that can make use of these extensions. Doing this provides another layer of protection. We can encode knowledge about provenance validity, bounds and other access restrictions that the compiler (and OS/etc.) knows about in a way the hardware can enforce at runtime. The Rust memory model is famous for being able to enforce these types of restrictions at compile time, but not for unsafe Rust code. Unsafe Rust code needs to be written sometimes, which presents situations which can only be verified at run time. Some other nice benefits could come from this work. For example, runtime bounds checking can now be done by hardware rather than software, and since provenance information is necessary for operations on capabilities, closing gaps where it is not currently preserved forms a part of this work. This talk is a discussion on what is required for this support, and gives an overview of the state of the various attempts to implement this support.