CHERI extends conventional ISAs with hardware-enforced capabilities to provide fine-grained memory protection and its integration in RISC-V is gaining momentum with RVY. As adoption grows, implementations must be evaluated to ensure working CHERI protection mechanisms. We show that existing memory-corruption exploit implementations do not directly carry over to CHERI-enabled architectures, and that observed exploit failures (i.e., unsuccessful exploits) do not necessarily imply effective protection. To resolve this ambiguity, we propose a methodology that temporarily disables CHERI enforcement within a RISC-V VP. Comparing exploit behavior with and without CHERI enforcement under otherwise identical conditions makes it possible to distinguish exploit failure from effective CHERI protection.

In recent years, the executable specification generated from Sail-RISC-V has increasingly been considered as a successor to the widely used Spike ISA Simulator as golden reference for RISC-V, including the complex and highly configurable RISC-V Vector Extension (RVV). In this paper, we compare the RVV behavior of Sail-RISC-V against Spike using the automated testing framework RVVTS. While Sail-RISC-V largely matches Spike under positive testing (0.23% deviations), negative testing reveals substantially more deviations (3.73%), highlighting remaining issues in Sail-RISC-V’s RVV instruction validity checking under dynamic configurations.