I always see cheri brought up and admittedly I know very little about it, except that the ergonomics appear poor requiring twice the storage for each pointer and ground up rearchitecting of the OS, making it quite unappealing from an engineering standpoint.

FreeBSD, kernel and base, was ported to CHERI, along with PostgreSQL.

> We have adapted a complete C, C++, and assembly-language software stack, including the opensource FreeBSD OS (nearly 800 UNIX programs and more than 200 libraries including OpenSSH, OpenSSL, and bsnmpd) and PostgreSQL database, to employ ubiquitous capability-based pointer and virtual-address protection.

Most programs didn't require any changes at all. Even most pointer-integer-pointer conversions can be automatically handled by the toolchain and runtime. See https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/201904...

Sounds good for a clean slate but you couldn't seamlessly transition to it, which is why I said it was unappealing.

> making it quite unappealing from an engineering standpoint

The other option being rewriting everything under the sun from scratch.

Um, there's also Memory Tagging which is the topic of this post.

Apple's implemented it as part of the umbrella MIE and eliminates a class of bugs, at least on the surface of their own software, and allows for incremental adoption and doesn't break compatibility with older binaries.

MTE (and PAC before it) store some metadata in previously unused pointer bits, so there are potential issues if you were already using those for something else.

Oh and if your program has memory bugs then you have to fix them of course.