So using Rust without using unsafe, is akin to using CHERI while ensuring the toolchain and hardware has support.
If we can be careful enough to use Rust minus unsafe, then you’re getting all the benefit without needing special hardware.
I guess my problem with this approach is that it’s not a drop-in replacement. Something will get missed and you’ll lose any CHERI guarantees along with that.
It would be cool to have a QEMU CPU with CHERI support to test some of these scenarios.
If we can be careful enough to use Rust minus unsafe, then you’re getting all the benefit without needing special hardware.
I guess my problem with this approach is that it’s not a drop-in replacement. Something will get missed and you’ll lose any CHERI guarantees along with that.
It would be cool to have a QEMU CPU with CHERI support to test some of these scenarios.