Presented at New Jersey Programmimg Languages and Systems (NJPLS) Seminar, November 2013.
SAFE is a clean-slate effort to build a highly secure computer system, via simultaneous co-design of a new computer architecture, systems software, application software, and programming languages. The SAFE architecture has several peculiarities—pointer bounds checking, fine-grained programmable tags, linear pointers, closures, and no user-accessible stack—that make a conventional low-level language such as C unsuitable for writing the SAFE systems software. We have designed Tempest, a new language with several features intended to work well on SAFE, including flexible user-defined calling conventions, pointer arithmetic compatible with tags and bounds checking, robust support for inline assembly, a linear pointer type, and garbage collector integration. While Tempest’s type system prioritizes simplicity over soundness, the underlying machine provides memory safety. In this talk I introduce the design of Tempest, discuss the motivation for its novel features, and consider which aspects of Tempest’s design may be applicable beyond the SAFE project.