Department of Computer Science and Technology

CHERI

CHERI Clang/LLVM and LLD

CHERI Clang/LLVM and LLD are adaptations of the open-source Clang/LLVM compiler and LLD linker to support the CHERI-MIPS, CHERI-RISC-V, and Arm Morello ISAs. They collectively implement the CHERI C/C++ programming language, described in the CHERI C/C++ Programming Guide, as well as CHERI Hybrid C/C++. This includes support for strong referential and spatial memory protection, as well as providing foundations for temporal memory protection. In addition, CHERI C/C++ is a critical foundation for CHERI software compartmentalization.

Obtaining CHERI Clang/LLVM and LLD

The best way to get started with CHERI Clang/LLVM and LLD for CHERI-MIPS, CHERI-RISC-V, or Morello is using our cheribuild tool. cheribuild will download any necessary source code, build our cross-development environment, the CheriBSD OS, and any necessary emulators, create disk images, and run the emulation tool. For CHERI-MIPS and CHERI-RISC-V, that's QEMU-CHERI. For Morello, it's Arm's Morello FVP model, which cheribuild will download automatically.

Get started with CHERI Clang/LLVM and LLD for CHERI-MIPS or CHERI-RISC-V in one command line:

./cheribuild.py --include-dependencies llvm

Get started with CHERI Clang/LLVM and LLD for Morello in one command line:

./cheribuild.py --include-dependencies morello-llvm

In practice, however, the CHERI compiler suite is most useful if you also have an OS image and emulator. The following command line builds CheriBSD/RISC-V, QEMU-CHERI, and the complete toolchain including tools such as CHERI GDB, and runs the resulting image in QEMU:

./cheribuild.py --include-dependencies run-riscv64-purecap

The CHERI Clang/LLVM and LLD source code can be found in the CHERI Clang/LLVM GitHub repository. We also use a GitHub issue tracker to track bugs and feature requests for CheriBSD.

Papers and documentation

CHERI Clang/LLVM was used as the foundation toolchain for our various publications at ISCA 2014, ASPLOS 2015, IEEE S&P 2015, ASPLOS 2019, and Oakland 2020 papers on CHERI memory protection, which can be found on the CHERI publications list.

Our paper on CheriABI explains CheriBSD's memory-safe process environment, which is the principal target execution environment for CHERI C/C++ code. The CHERI C/C++ Programming Guide documents CHERI C and C++.