If you want the details, there's Arm's full specification at https://developer.arm.com/documentation/ddi0606/latest, as well as our CHERI specification at https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-951.pdf; Arm's spec describes everything about the architecture but leaves out a lot of the design rationale that is present in the CHERI spec, instead choosing to reference our spec. https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-916.pdf is a few years old now but has ideas for how CHERI can help lessen the effects of speculative execution attacks; the high-level observation is you can avoid speculatively accessing out of bounds, so if you have accurate bounds for your language-level objects then you can avoid the `if (x < len) return a[x];`-style Spectre gadgets being abused as arbitrary read gadgets, only for reads within bounds (some of which may still not be permitted by the language-level checks, but it's at least a start). There's still a lot of nuance though.
Biting the hand that feeds IT
