riscv · tariqkurd-repo · Jul 1, 2024 · Jun 17, 2024 · Jun 21, 2024 · Jun 24, 2024
diff --git a/src/cap-description.adoc b/src/cap-description.adoc
@@ -280,15 +280,13 @@ it via a superset capability with <<CBLD>>. {cheri_base_ext_name} does not offer
 an unseal instruction.
 
 For code capabilities, the sealing bit is used to implement immutable
-capabilities that describe function entry points. Such capabilities can be leveraged
-to establish a form of control-flow integrity between mutually distrusting code. These
-capabilities are known as sealed entry (sentry) capabilities. A program may jump to a
-sentry capability to begin executing the instructions it references. The jump
-instruction automatically unseals the capability and installs it to the
+capabilities that describe function entry points, known as sealed entry (sentry) capabilities. Such capabilities can be leveraged
+to establish a form of control-flow integrity between mutually distrusting code. A program may jump to a
+sentry capability to begin executing the instructions it references. A <<JALR>>
+instruction with zero offset automatically unseals a sentry target capability and installs it in the
 program counter capability (see
-xref:section_riscv_programmers_model[xrefstyle=short]). The <<JALR>> instruction
-also seals the return address capability (if any) since it is the entry point
-to the caller function.
+xref:section_riscv_programmers_model[xrefstyle=short]). The jump-and-link instructions
+also seal the return address capability which serves as an entry point the callee can return to but cannot use to authorize memory loads or stores.
 
 [#section_cap_bounds]
 ==== Bounds (EF, T, TE, B, BE)

diff --git a/src/riscv-integration.adoc b/src/riscv-integration.adoc
@@ -242,13 +242,13 @@ to the base behaviour as described below.
 <<JAL>> sign-extends the offset and adds it to the address of
 the jump instruction to form the target address. The target address is
 installed in the address field of <<pcc>>. The capability with the address of the
-instruction following the jump (<<pcc>> + 4) is written to a *c* register.
+instruction following the jump (<<pcc>> + 4) is sealed and written to a *c* register.
 
 <<JALR>>
-allows unconditional jumps to a target capability. The target capability is
+allows unconditional, indirect jumps to a target capability. The target capability is
 obtained by incrementing the capability in the *c* register operand by the
-sign-extended 12-bit immediate if the immediate is not zero, then setting the
-least significant bit of the result to zero, then unsealing. The capability
+sign-extended 12-bit offset, then setting the
+least significant bit of the result to zero. The target capability is unsealed if it is a sentry with zero offset. The capability
 with the address of the instruction following the jump (<<pcc>> + 4) is sealed
 and written to a *c* register.