Jessica Clarke wrote: > > The answer is in [3], page 4, table III: CHERI does not detect > > use-after-free > > and stack-use-after-return bugs ("temporal memory safety"). > ... > clarifies how things were at the time of writing a bit: > > e) Double-free: This is an example of a temporal mem- ory safety > vulnerability that the Cornucopia [33] extension of PureCap could > detect, but the stable version does not. > > For many years heap temporal safety was in a separate branch
In other words: heap temporal safety was work in progress. This coincides with what I read in [1]: Userspace temporal safety — Experimental > but our > upcoming 23.11 release (i.e. later this month, all being well) will have > heap temporal safety available (it's already in our development > snapshots) and enabled by default for all CHERI processes, and at some > point when I get the chance after that I will upgrade cfarm240 to that > release. Nice! I had been under the impression that temporal pointer safety was not included in the CHERI architecture. Glad to hear that it is. > ASan has > the advantage of being instrumentation that you can inject for your > native architecture, but CHERI can catch more things And I'm reading [2][3] that CHERI instrumentation is also coming to Linux/x86_64 and Linux/arm64. This would also be cool :-) Bruno [1] https://www.morello-project.org/cheri-feature-matrix/ [2] https://www.morello-project.org/resources/cheriseed-port-effortlessly-to-cheri/ [3] https://git.morello-project.org/morello/llvm-project/-/blob/cheriseed/clang/docs/CHERIseed.rst