Most modern processors have a very simple idea of a pointer: an integer containing an address in memory. This representation is used by all of the architectures that are officially supported by LLVM. In this talk, we'll take a look at what's needed for architecture where it isn't the case.
The CHERI processor (see Security track talk for more detail) provides a capability-oriented model for addressing memory. All virtual addresses are accessed via a memory capability, an unforgeable token of authority that can be stored in registers or memory and grants rights to a region of memory. We want to use memory capabilities as pointers and to do this have had to teach LLVM that (some) pointers are not integers.
Fortunately, LLVM IR is agnostic to pointer representation. Unfortunately, various parts of the code make this assumption. In this talk, we'll take a look at some of the changes that were required in the target-agnostic parts of LLVM to allow us to write a hardware-enforced memory-safe C compiler.
Speakers: David Chisnall