But maybe we can run sanitizers during testing and catch most of the issues CHERI will find without building it into hardware. OTOH that doesn't do anything to protect against malicious code, but that should be properly sandboxed anyway.
You should indeed run sanitisers during testing and catch most of the issues; we encourage this! What CHERI provides is twofold:
1. Memory safety issues not found in testing do not lurk as exploitable vulnerabilities; testing is never perfect, often far from it when it comes to edge/unexpected cases where vulnerabilities lurk (though fuzzing can help somewhat)
2. Sandboxing still needs some kind of isolation primitive, which CHERI can provide in place of the heavyweight MMU-based techniques that exist today
Plus let's not kid ourselves that all software is being tested with sanitisers. The vast majority of software running on your system probably is not.
