CHERI

Concept

CHERI (Capability Hardware Enhanced RISC Instructions) is a hardware-capability approach to memory safety that replaces conventional pointers with hardware capabilities. The provided evidence covers CHERI software experience in CheriBSD/Morello allocator studies and VM porting, and UCAM-CL-TR-984 evidence on CHERI processor implementation topics such as bounds checks, PCC, Special Capability Registers, Sentries, Flute, Sail, and RVFI-DII.

First seen 5/29/2026

Last seen 6/8/2026

Evidence 22 chunks

Wiki v3

WIKI

Overview

CHERI stands for Capability Hardware Enhanced RISC Instructions. It is described in the provided literature as hardware designed to address memory-safety issues by replacing traditional pointers with hardware capabilities. [CHERI memory-safety design]

CHERI also appears in systems work as a hardware capability platform evaluated under CheriBSD on Arm’s experimental Morello platform. [CHERI allocators on CheriBSD and Morello]

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

21 connections

TestRIG ← evaluates 100% 13e

TestRIG is used to verify CHERI security extensions on RISC-V processors.

Randomized Testing of RISC-V CPUs using Direct Instruction Injection ← evaluates 100% 3e

The paper evaluates TestRIG on the CHERI security extension, finding and fixing multiple bugs.

Toooba ← implements 100% 3e

Toooba is extended with CHERI modifications as the first open superscalar CHERI implementation.

MIPS architecture derived from → 100% 2e

CHERI was initially designed for MIPS and the RISC-V implementation is derived from that work.

Sail RISC-V Model ← implements 90% 2e

The Sail RISC-V model has been extended to include CHERI.

RISC-V part of → 85% 2e

CHERI is described as an experimental security extension to RISC-V.

Piccolo ← implements 100% 2e

Piccolo is extended with CHERI modifications providing CHERI capability support.

Flute ← implements 100% 2e

Flute is extended with CHERI modifications providing CHERI capability support.

tag controller uses → 100% 2e

CHERI uses a tag controller for tagged memory to track capability validity.

merged register file uses → 100% 2e

CHERI implementations use a merged register file combining integer and capability registers.

Program Counter Capability uses → 100% 2e

CHERI extends the program counter to include capability metadata as PCC.

capability mode bit uses → 100% 2e

CHERI uses a capability mode bit to switch between capability and legacy modes.

RISC-V extends → 95% 2e

CHERI is a security extension to the RISC-V architecture.

bounds checking uses → 100% 1e

CHERI enforces spatial safety through capability bounds checking.

Sail ← implements 90% 1e

The Sail model includes a CHERI function that is tested via mutation-based testing.

QCVEngine ← evaluates 95% 1e

QCVEngine was used to test CHERI processor extensions and build an archive of counterexamples.

Who tests the TestRIG? Tooling for randomised tandem verification ← mentions 100% 1e

The paper discusses testing CHERI security extensions as a motivating application.

UCAM-CL-TR-984 ← uses 100% 1e

The thesis investigates the implementation of CHERI secure capabilities for RISC-V microarchitectures.

CHERI-Concentrate uses → 100% 1e

CHERI uses CHERI-Concentrate for capability compression encoding.

Sentry mechanism uses → 100% 1e

CHERI uses the Sentry mechanism for secure entry into capability-protected code.

Sail CHERI-RISC-V ← implements 100% 1e

Sail CHERI-RISC-V is a model implementation of the CHERI RISC-V architecture.

LINKED ENTITIES

13 links

UCAM-CL-TR-984 USES Extracted graph relationship

Piccolo IMPLEMENTS Extracted graph relationship

Flute IMPLEMENTS Extracted graph relationship

Toooba IMPLEMENTS Extracted graph relationship

Sail CHERI-RISC-V IMPLEMENTS Extracted graph relationship

bounds checking USES Extracted graph relationship

tag controller USES Extracted graph relationship

merged register file USES Extracted graph relationship

CHERI-Concentrate USES Extracted graph relationship

Program Counter Capability USES Extracted graph relationship

capability mode bit USES Extracted graph relationship

Sentry mechanism USES Extracted graph relationship

MIPS architecture DERIVED_FROM Extracted graph relationship

CITATIONS

12 sources

12 citations — click to expand

[1] CHERI memory-safety design Pitfalls in VM Implementation on CHERI: Lessons from Porting CRuby

[2] CHERI allocators on CheriBSD and Morello Picking a CHERI Allocator: Security and Performance Considerations

[3] PCC definition UCAM-CL-TR-984.pdf

[4] Sentry definition UCAM-CL-TR-984.pdf

[5] SCR definition UCAM-CL-TR-984.pdf

[6] CHERI implementation topics UCAM-CL-TR-984.pdf

[7] CHERI allocator security and performance Picking a CHERI Allocator: Security and Performance Considerations

[8] CHERI VM implementation pitfalls Pitfalls in VM Implementation on CHERI: Lessons from Porting CRuby

[9] CHERI processor evaluation scope UCAM-CL-TR-984.pdf

[10] Flute context in UCAM-CL-TR-984 UCAM-CL-TR-984.pdf

[11] Sail definition UCAM-CL-TR-984.pdf

[12] RVFI and RVFI-DII definitions UCAM-CL-TR-984.pdf