File sys/cheri/cheric/h defines programmer-friendly macros for CHERI-aware C code. These pieces of code require use of CHERI-aware Clang/LLVM, and fully capability context switching.
// file: sys/cheri/cheric.h
#define cheri_andperm(x, y) __builtin_cheri_perms_and((x), (y))cheri_seal() takes two arguments: the capability to seal, and the sealing capability. It is a macro defined to be a builtin func:
// file
// sys/cheri/cheric.h
#define cheri_seal(x, y) __builtin_cheri_seal((x), (y))
// file: sys/cheri/cheric.h
// #if __has_feature(capabilities) || defined(__CHERI__)
#define cheri_andperm(x, y) __builtin_cheri_perms_and((x), (y))
// file: lib/libc/gen/tls_malloc.c
// #ifndef __CHERI_PURE_CAPABILITY__
#define cheri_andperm(ptr, size) ((void *)(ptr))__builtin_cheri_perms_and is compiler built in function to emit ??? instruction.
// file: sys/cheri/cheric.h
static __inline void * __capability
cheri_codeptrperm(const void *ptr, size_t len, register_t perm)
{
return (cheri_andperm(cheri_codeptr(ptr, len),
perm | CHERI_PERM_GLOBAL));
}cheri_codeptr(ptr,len)
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?