Cryptographic computing using encrypted base addresses and used in multi-tenant environments

What is claimed is: 1. A processor, comprising: a core including circuitry to execute a first encryption instruction to: generate a first cryptographically encoded pointer to a memory location in memory for storing a first object, including: computing an encrypted slice of a base address of the memory location based, at least in part, on first context information associated with the first object and a first key; storing the encrypted slice of the base address in first bits of the first cryptographically encoded pointer; and based on determining the first object is to be stored in a memory region that is statically addressable, indicating in the first cryptographically encoded pointer that the first context information to be used for decoding the first cryptographically encoded pointer is to be obtained from a first instruction operand in a memory access instruction. 2. The processor of claim 1 , wherein upper address bits adjacent to a plaintext slice of the base address are stored in a register, wherein the computing includes encrypting the plaintext slice of the base address based on the first key and a tweak including at least the first context information. 3. The processor of claim 1 , wherein the circuitry is to execute the first encryption instruction further to: calculate that the first object is to be stored entirely within the memory region delimited by a first address of the memory region and a second address of the memory region. 4. The processor of claim 3 , wherein the second address of the memory region is equal to the first address of the memory region plus a memory region size, and wherein the memory region size is based, at least in part, on a bitwidth of the encrypted slice of the base address of the memory location. 5. The processor of claim 1 , wherein first metadata is stored in second bits of the first cryptographically encoded pointer and an offset is stored in third bits of the first cryptographically encoded pointer. 6. The processor of claim 1 , wherein the encrypted slice of the base address is computed based, in part, on first metadata stored in second bits of the first cryptographically encoded pointer, wherein the first metadata represents a randomly generated value or a deterministically different value. 7. The processor of claim 1 , wherein the first context information includes size metadata specifying a size of the first object and first permissions metadata specifying one or more access permissions for the first cryptographically encoded pointer to access the memory location. 8. The processor of claim 1 , wherein the circuitry is to execute the first encryption instruction further to: responsive to determining that a second instruction operand in the first encryption instruction indicates the first context information is to be stored in the memory, store the first context information in a table entry of a table in the memory, wherein the table entry is mapped to the first cryptographically encoded pointer. 9. The processor of claim 1 , wherein the circuitry is to execute a second encryption instruction to: generate a second cryptographically encoded pointer to a second memory location in the memory for a second object, including: computing a second encrypted slice of a second base address of the second memory location based, at least in part, on second context information associated with the second object; storing the encrypted slice of the second base address of the second memory location in the second cryptographically encoded pointer; and based on determining the second object is to be stored in a second memory region that is not statically addressable, indicating in the second cryptographically encoded pointer that the second context information to be used for decoding the second cryptographically encoded pointer is to be dynamically obtained from memory. 10. The processor of claim 9 , wherein a table in the memory contains a plurality of table entries, wherein a new table entry containing the second context information is to be indexed by at least a portion of the second cryptographically encoded pointer. 11. The processor of claim 10 , wherein the circuitry is to execute the second encryption instruction further to: attempt to store the new table entry containing the second context information in the table using the encrypted slice of the second base address as an index. 12. The processor of claim 10 , wherein the circuitry to execute the second encryption instruction is further to, in response to determining that an existing table entry in the table is indexed by the at least the portion of the second cryptographically encoded pointer and contains other context information: copy the other context information from the existing table entry in the table to a storage structure containing colliding table entries; and store the second context information in the existing table entry in the table. 13. The processor of claim 1 , wherein the circuitry is to execute a third instruction, the third instruction including: a first operand containing the first cryptographically encoded pointer; a second operand containing the first context information; and a third operand containing new context information, wherein the third instruction is to generate a third cryptographically encoded pointer to the memory location, including: computing a new base address from the first cryptographically encoded pointer obtained from the first operand of the third instruction, wherein the new base address is computed based, at least in part, on the first context information obtained from the second operand of the third instruction and the first key; and computing a new encrypted slice of the new base address of the memory location based, at least in part, on the new context information obtained from the third operand of the third instruction. 14. The processor of claim 13 , wherein the third cryptographically encoded pointer is to be generated in response to: determining that the new context information indicates new memory bounds that are less than or equal to first memory bounds associated with the first cryptographically encoded pointer; and determining that the new context information includes new permissions metadata that grants the same or fewer access permissions to the memory location than first permissions metadata in the first context information grants to the memory location. 15. The processor of claim 13 , wherein the new context information includes new size metadata specifying a size of a target object, new permissions metadata specifying one or more access permissions for the third cryptographically encoded pointer to access the memory location, and new type metadata specifying a class of the target object. 16. A method, comprising: executing a first encryption instruction to generate a first cryptographically encoded pointer to a memory location in memory for storing a first object, including: computing an encrypted slice of a base address of the memory location based, at least in part, on first context information associated with the first object and a first key; storing the encrypted slice of the base address in first bits of the first cryptographically encoded pointer; and based on determining the first object is to be stored in a memory region that is statically addressable, indicating in the first cryptographically encoded pointer that the first context information to be used for decoding the first cryptographically encoded pointer is to be obtained from a first instruction operand in a memory access instruction. 1