CHERI (Capability Hardware Enhanced RISC Instructions) is a novel hardware designed to address memory safety issues. By replacing traditional pointers with hardware capabilities, it enhances security in modern software systems. A Virtual Machine (VM) is one such system that can benefit from CHERI's protection, as it may contain latent memory vulnerabilities. However, developing and porting VMs to CHERI is a non-trivial task. There are many subtle pitfalls from the assumptions on the undefined behaviors of the C language made based on conventional architectures. Those assumptions conflict with CHERI's stricter memory safety model, causing unexpected failures. Although several prior works have discussed the process of porting VMs, they focus on the overall porting process instead of the pitfalls for VM implementation on CHERI. The guide for programming in CHERI exists, but it is for general programming, not addressing VM-specific issues. We have ported CRuby to CHERI as a case study and surveyed previous works on porting VMs to CHERI. We categorized and discussed the issues found based on their causes. In this paper, we illustrate the VM-specific pitfalls for each category. Most of the pitfalls arise from the undefined behaviors in the C language; in particular, implementation techniques and idioms of VMs often assume behaviors of traditional architectures that are invalid on CHERI. We also discuss workarounds for them and the impacts of those workarounds. We verified the validity of the workarounds by applying them to our CRuby port and by surveying the codebases of prior case studies. This work contributes to the body of knowledge on developing and porting VMs to CHERI and will help guide efforts toward constructing safer VMs.

翻译：CHERI（能力硬件增强型RISC指令集）是一种旨在解决内存安全问题的新型硬件架构。它通过用硬件能力取代传统指针，增强了现代软件系统的安全性。虚拟机作为可能包含潜在内存漏洞的系统，能够受益于CHERI的保护机制。然而，将虚拟机开发和移植到CHERI平台是一项复杂的任务。基于传统架构对C语言未定义行为所做的诸多隐晦假设，与CHERI更严格的内存安全模型相冲突，从而导致意外故障。尽管已有若干先前工作讨论了虚拟机移植流程，但它们主要关注整体移植过程，而非CHERI平台上虚拟机实现的具体陷阱。虽然存在CHERI编程指南，但其面向通用编程场景，并未涉及虚拟机特有的问题。本研究通过将CRuby移植至CHERI的案例实践，并系统梳理了现有虚拟机移植相关研究，根据问题根源对发现的问题进行了分类探讨。本文针对每个类别详细阐述了虚拟机特有的实现陷阱。多数陷阱源于C语言的未定义行为，特别是虚拟机的实现技术和惯用法往往基于传统架构的行为假设，而这些假设在CHERI架构中并不成立。我们同时探讨了相应的解决方案及其影响，并通过在CRuby移植项目中的应用以及对既有案例代码库的审查验证了这些解决方案的有效性。本研究成果丰富了在CHERI平台上开发和移植虚拟机的知识体系，将为构建更安全的虚拟机提供实践指导。