__builtin_cheri_cap_build is not polymorphic on the return type

[kevin-brodsky-arm]

Unlike other similar CHERI builtins, __builtin_cheri_cap_build always returns void * __capability, even if passed uintcap_t: https://cheri-compiler-explorer.cl.cam.ac.uk/z/x5s45M

[arichardson]

I believe my initial implementation of overloading the intrinsics had that feature, but after discussing with @jrtc27 we decided to have __builtin_cheri_cap_build always return a void *, but TBH I can't remember exactly why. I believe the rationale was that you should only be using buildcap to add a tag to some raw bit pattern (which cannot be a valid pointer by definition).

Things get a little bit ambiguous when using buildcap is used for unsealing, in which case you could have a tagged input argument.

[jrtc27]

The point is the input is a raw bag of bits that shouldn't be a valid pointer and certainly shouldn't be a valid typed pointer, so is always a uintcap_t. The type of the authorising capability is also not meaningful when it comes to the output. So there's no input type to propagate to the output, which means you get a void * __capability.

[kevin-brodsky-arm]

Ah fair enough, I agree that the input should always be uintcap_t, so indeed type propagation doesn't really work there.