Compatibility of CHERI RISC-V versions in a single system

[andresag01]

Implementations of different CHERI RISC-V ISA versions are not strictly compatible with each other. For example, an RV64 CPU implementing Zcheripurecap only would be a little confused if it got a capability with Mode=Legacy from another implementation that implements Zcheripurecap+Zcherilegacy -- at the very least, it would break the invariant that valid caps have all reserved bits set to zero.

Although unlikely, this situation would arise if someone decided to create a multi-core system where the cores do not all implement the same CHERI ISA.

The CHERI RISC-V spec needs to have normative text to cover these cases. I think the spec's position should be that all the CPUs in the system must implement the same version (and options) of the CHERI RISC-V ISA.

[PRugg-Cap]

Worth mentioning that with https://github.com/riscv/riscv-cheri/pull/285, we're pretty close to being able to support this kind of thing.

For example, an RV64 CPU implementing Zcheripurecap only would be a little confused if it got a capability with Mode=Legacy from another implementation that implements Zcheripurecap+Zcherilegacy

These cores will happily be able to interact, even copy each other's capabilities, but still have the guarantee that code with only a PureCap sentry to it can only ever be run PureCap, since the other core would refuse to jump to the capability.

I'm not saying we want to support this, but worth keeping it in the back of our minds...