<div dir="ltr"><div dir="ltr"><div dir="ltr"><div><span style="font-family:Aptos,sans-serif"><a href="https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffreebsdfoundation.org%2Four-work%2Fjournal%2Fbrowser-based-edition%2Fembedded-2%2F27494%2F&data=05%7C02%7Cshall%40gilero.com%7C4899815f9e9744cc1b1808de0553c4d3%7C74762914b36b4d208b7a5969c28e9289%7C0%7C0%7C638954054517954735%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=26jUez7hvf8LZfRA5eSzvHrp7wlocLgQ66NdMtbzZKI%3D&reserved=0"><font size="4">https://freebsdfoundation.org/our-work/journal/browser-based-edition/embedded-2/27494/</font></a></span></div><div><br></div><div><p class="MsoNormal"><span style="font-size:11pt">Subject matter relates
heavily to embedded systems, middleware library use and retrofitting,
serializing data structures for IPC, and translation look-aside buffers. From the top of the webpage:<span></span></span></p>
<p class="MsoNormal"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><b><span style="font-size:11pt">Journal
> Browser Based Edition > <a href="https://freebsdfoundation.org/our-work/journal/browser-based-edition/embedded-2/">Embedded</a> >
CHERIoT<span></span></span></b></p>
<p class="MsoNormal" style="margin-left:0.5in"><b><span style="font-size:11pt"> </span></b></p>
<p class="MsoNormal" style="margin-left:0.5in"><b><span style="font-size:11pt">CHERIoT<span></span></span></b></p>
<p class="MsoNormal" style="margin-left:0.5in"><b><span style="font-size:11pt">By
David Chisnall<span></span></span></b></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"><a href="https://cheri-cpu.org/"><b>CHERI</b></a> is a set of architectural
extensions that provide fine-grained memory safety for everything from assembly
code on up. CHERI, like Capsicum, is a capability system. In a capability
system, every action must be accompanied by a capability, an unforgeable token
of authority, that authorizes the action.<span></span></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt">The <a href="https://cheri-cpu.org/"><b>CHERI</b></a> project has always had a
close relationship with FreeBSD. It began from observing that Capsicum-based
compartmentalization was great for new code but retrofitting it to existing
libraries (with one process per library instance) was difficult for two
reasons:<span></span></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt">First,
libraries want to share complex data structures, which imposes a lot of
serialization overhead when turning the interfaces into messages sent over some
inter-procedural communication (IPC) channel. A function call in a normal
library would simply share a data structure by passing a pointer to an object.
A privilege-separated library would need to authorize everything moved between
the caller and callee. Libraries also often want long-term sharing, which
imposes additional synchronization overhead.<span></span></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt">Second,
processes are isolated using a memory management unit (MMU), which provides a
virtual-memory abstraction with mappings from addresses in a virtual address
space to the underlying physical memory. Modern MMUs are fast because they have
a translation look-aside buffer (TLB), a fast cache of translations. The TLB
caches virtual to physical address translations. If a single page is shared
between ten processes, it will take ten TLB entries. MMUs are great for
isolation but poor for sharing.<span></span></span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt"> </span></p>
<p class="MsoNormal" style="margin-left:0.5in"><span style="font-size:11pt">These
two problems led to the general observation: Isolation is easy, sharing is
hard.<span></span></span></p></div><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr"><div>Scott G. Hall<br>Raleigh, NC, USA<br><a href="mailto:scottghall1@gmail.com" target="_blank">scottghall1@gmail.com</a></div><i>Although kindness is rarely a job, no matter what you do it's always an option.</i><br></div></div></div></div></div></div></div></div></div>