Charly
@charlycst.bsky.social
Computer system researcher, working on OS, virtualization, and confidential computing.
To be fair, Zurich does have mountain view too.
November 17, 2025 at 12:16 AM
To be fair, Zurich does have mountain view too.
The bug is that bit 0 of `mepc` is hardwired to 0, so when temporarily storing x5 in `mepc` we lose that bit.
Because of that I don't think it is possible to increment `mepc` without modifying the other registers in only 3 instructions on RISC-V, is it?
Because of that I don't think it is possible to increment `mepc` without modifying the other registers in only 3 instructions on RISC-V, is it?
September 4, 2025 at 3:32 AM
The bug is that bit 0 of `mepc` is hardwired to 0, so when temporarily storing x5 in `mepc` we lose that bit.
Because of that I don't think it is possible to increment `mepc` without modifying the other registers in only 3 instructions on RISC-V, is it?
Because of that I don't think it is possible to increment `mepc` without modifying the other registers in only 3 instructions on RISC-V, is it?
Another way to think about the VMware hypervisor is that it works around the non-virtualizability of x86_32 by re-writing the problematic instructions on the fly, so we could also say that VMware is an hypervisor for a subset of x86_32 which patches all programs using forbidden instructions.
August 20, 2025 at 9:11 PM
Another way to think about the VMware hypervisor is that it works around the non-virtualizability of x86_32 by re-writing the problematic instructions on the fly, so we could also say that VMware is an hypervisor for a subset of x86_32 which patches all programs using forbidden instructions.
The problem is that running the kernel in an emulator is too slow. The way VMware fixed the problem is by running the kernel in a fast emulator, using dynamic binary translation, the same idea behind the QEMU emulator.
They achieved almost native performance on kernel code.
They achieved almost native performance on kernel code.
August 20, 2025 at 9:08 PM
The problem is that running the kernel in an emulator is too slow. The way VMware fixed the problem is by running the kernel in a fast emulator, using dynamic binary translation, the same idea behind the QEMU emulator.
They achieved almost native performance on kernel code.
They achieved almost native performance on kernel code.
As noted in the virtualization requirements paper, very few architectures were virtualizable at the time, but the paper (from the 70s) also predicts the solution: "hybrid virtual machines".
The idea is simple, virtualize only the user space programs, and run the kernel in an emulator.
The idea is simple, virtualize only the user space programs, and run the kernel in an emulator.
August 20, 2025 at 9:04 PM
As noted in the virtualization requirements paper, very few architectures were virtualizable at the time, but the paper (from the 70s) also predicts the solution: "hybrid virtual machines".
The idea is simple, virtualize only the user space programs, and run the kernel in an emulator.
The idea is simple, virtualize only the user space programs, and run the kernel in an emulator.
The history of virtualization is fascinating, a few more foundational papers for the curious:
- The design of the original VMware hypervisor: infoscience.epfl.ch/server/api/c...
- The virtualization requirements: dl.acm.org/doi/pdf/10.1...
- The design of the original VMware hypervisor: infoscience.epfl.ch/server/api/c...
- The virtualization requirements: dl.acm.org/doi/pdf/10.1...
August 20, 2025 at 8:57 PM
The history of virtualization is fascinating, a few more foundational papers for the curious:
- The design of the original VMware hypervisor: infoscience.epfl.ch/server/api/c...
- The virtualization requirements: dl.acm.org/doi/pdf/10.1...
- The design of the original VMware hypervisor: infoscience.epfl.ch/server/api/c...
- The virtualization requirements: dl.acm.org/doi/pdf/10.1...
Super cool work!
I started looking into information flow control for agents recently, and I was thinking about your work on static analysis of shell scripts. Would be interested to chat if you're thinking about going deeper in that direction.
I started looking into information flow control for agents recently, and I was thinking about your work on static analysis of shell scripts. Would be interested to chat if you're thinking about going deeper in that direction.
July 1, 2025 at 5:55 PM
Super cool work!
I started looking into information flow control for agents recently, and I was thinking about your work on static analysis of shell scripts. Would be interested to chat if you're thinking about going deeper in that direction.
I started looking into information flow control for agents recently, and I was thinking about your work on static analysis of shell scripts. Would be interested to chat if you're thinking about going deeper in that direction.
The next step is to add support for virtual memory, but that requires a bit more work as I need to add support for monomorphization to the compiler to work around some const generic expr limitations.
June 17, 2025 at 8:36 AM
The next step is to add support for virtual memory, but that requires a bit more work as I need to add support for monomorphization to the compiler to work around some const generic expr limitations.
To me, this is super cool because now we can query the hardware from a Rust unit test running on the host! That will make it trivial to test basic operations such as TLB flush, memory protection, trap vector configuration, and so on, all directly from unit tests.
June 17, 2025 at 8:36 AM
To me, this is super cool because now we can query the hardware from a Rust unit test running on the host! That will make it trivial to test basic operations such as TLB flush, memory protection, trap vector configuration, and so on, all directly from unit tests.
Of course, the same technique can be applied to other (non-Rust) hypervisors. The details and theory behind are in the paper: charlycst.github.io/papers/light...
See you in Banff!
See you in Banff!
charlycst.github.io
May 11, 2025 at 9:49 PM
Of course, the same technique can be applied to other (non-Rust) hypervisors. The details and theory behind are in the paper: charlycst.github.io/papers/light...
See you in Banff!
See you in Banff!
We will try to run Miralis on it, which is an M-mode software-based hypervisor. The H extension adds hardware support for S-mode virtualization. In theory both are orthogonal, which means that we should be able to run an H-mode hypervisor on top of a virtual M-mode.
January 10, 2025 at 10:17 AM
We will try to run Miralis on it, which is an M-mode software-based hypervisor. The H extension adds hardware support for S-mode virtualization. In theory both are orthogonal, which means that we should be able to run an H-mode hypervisor on top of a virtual M-mode.
Ho cool! I plan to make the website repo public after some cleanup and writing some doc, but I can add you if you want to take a look at the code for plotting.
December 18, 2024 at 11:29 AM
Ho cool! I plan to make the website repo public after some cleanup and writing some doc, but I can add you if you want to take a look at the code for plotting.
OSFC has been a great experience, lot and friendly people and very interesting talks and discussions.
September 27, 2024 at 9:45 PM
OSFC has been a great experience, lot and friendly people and very interesting talks and discussions.