|
|
|
|
|
|
by nigwil_
1611 days ago
|
|
|
"In the case of CHERI, this was to change the user-visible abstract machine exposed by hardware in a way that hasn’t been done for mainstream hardware since the PDP-11." - the authors should take the time to familiarise themselves with the Burroughs B6700 (designed in the 1960s) which provided tagged memory, and a similar mechanism to CHERI architectural capabilities through the B6700 descriptor mechanism. https://en.wikipedia.org/wiki/Burroughs_large_systems_descriptors
The PDP-11 minicomputer was a low-cost and undoubtably successful for its time system but a low bar for architectural sophistication or an exemplar for state of the art in computer architecture particularly in terms of memory design.CHERI is a welcome development in producing safer systems, but it is packaging ideas that have been around for 50+ years, long overdue of course, but finally hardware costs have commoditised such that these ideas can be baked into mass produced hardware. |
|
|
It feels like from the outside that there was a decent sized faction at Intel in the 80s to give us a hardware object capability system, but they ended up losing the political battle, and by the time of AMD designing long mode, the last remnants were swept away.
I wish the 386's 32 bit protected mode had been structured as GDT entries that had a bit to optionally point to page tables rather than just having base addresses into a global page table. It would have encouraged these techniques in commodity systems 30 years ago.
Hell, we might not even have had spectre and at least would have had better tools to address it if we had that plus rings 1 & 2 still useable. The user and kernel space would have had the ability to describe untrusted data to the MMU. It feels like we're just pretending that NetSpectre isn't a thing and somehow spectre is only an issue with untrusted code.