microsoft/MSRC-Security-Research

Some prose is MIPS-specific without saying so

jrtc27 opened this issue · 0 comments

In "Security analysis of CHERI ISA.pdf" under "Executable Capability Bounds", $pcc and $cgp are mentioned several times. Whilst PCC is called that on CHERI-MIPS, CHERI-RISC-V and Morello, the $-prefix is MIPS-specific, and our sketch of CHERI-x86-64 uses CIP instead of PCC given x86 calls it EIP/RIP rather than PC. As for CGP, that's even more MIPS-specific; CHERI-RISC-V directly accesses the captable with an AUIPCC/CLC sequence like normal RISC-V even though CGP exists as a register name (but will be used in other ABIs), Morello does something similar with an ADRP/LR sequence like normal AArch64 and CHERI-x86-64 would use a single CIP-relative MOV.

Please therefore either generalise this to talk more abstractly about being PCC-relative (even though x86 uses RIP-relative addressing, calling it PC-relative is acceptable, so I think PCC-relative is fine as a term for x86, so long as the register isn't actually stated to be called PCC) or specify that this is specifically for CHERI-MIPS and that whilst the model is similar there are differences in nomenclature and implementation.