Ledum
founder:	Yokotashi
depends on:
interested:	abyssal bluebear ccx hexo joe prilezitostnypetr RAINBOF sachy santiago tma
software license:
hardware license:

This project aims to design and develop a new central processing unit (CPU) with a primary focus on correctness and object capabilities. The design will prioritize formal verification techniques, ensuring the CPU’s functional correctness while introducing innovative approaches to resource management using object capabilities for improved security, efficiency, and modularity.

1. Achieve High Correctness in Design:
   • Use formal methods, simulation, and rigorous testing to verify that the CPU’s architecture is functionally correct.
   • Ensure that the CPU meets or exceeds industry standards for reliability and precision.
2. Implement Object Capabilities Model:
   • Integrate an object capabilities model into the CPU’s architecture to allow fine-grained, secure management of memory and I/O resources.
   • Ensure that resource access control is embedded at the hardware level to improve security by default.
3. Enable Scalable Security Mechanisms:
   • Design the CPU with scalable security features, leveraging capabilities to prevent unauthorized access and misuse of system resources.
   • Provide users with the flexibility to define and manage their own access control policies through object capabilities.
4. Optimize Performance:
   • Ensure that the CPU achieves optimal performance in terms of throughput, latency, and power consumption, without compromising correctness or security.
   • Ensure, that the CPU architecture can be parallelized to achieve IPC>1 including OoO execution, although to do so isn't primary objective.
   • Balance hardware features for high-performance tasks with robust security measures for sensitive operations.
5. Establish Robust Ecosystem Support:
   • Develop comprehensive software toolchains and drivers to support the object capability model.
   • Collaborate with industry partners to ensure broad compatibility with existing operating systems and applications.

• CPU Architecture Design: Define instruction sets, pipeline architecture, memory hierarchy, and integration of object capabilities.
• Formal Verification: Apply formal methods to mathematically prove the correctness of critical parts of the architecture.
• Security & Resource Management: Implement object capabilities as a mechanism to control access to system resources.
• Prototyping and Simulation: Build prototypes and simulate the architecture to validate design decisions.
• Performance Evaluation: Benchmark the new CPU's performance across several applications to assess trade-offs between correctness, performance, and security.
• Software Toolchain Development: Develop and release supporting software tools, such as compilers, debuggers, and simulators, that work with the new object capability model.

• Development of end-user software applications or operating systems.
• Manufacturing of physical CPU chips (to be handled post-design phase).
• Integration into mass-market consumer devices (focus will be on specialized, high-assurance markets initially).

As a part of our efforts, we have realized that different members of the team have different experience with various scientific and engineering fields and it would be very helpful to ensure that everyone has some basic understanding of all required topics. The workshops typically take place during the working group's regular meetings on Thursdays (see Events).

If there is enough interest, we are streaming the workshops online using https://meet.jit.si/ledum-wg-meetup. We are also trying to get our A/V streaming and editing skills to a level that allows for publishing the recordings of the workshops. Any help with such endeavor would be more than welcome.

The public laptop available in the social room, clearly labeled “Brmlab”, has some rudimentary setup for online streaming of Ledum Working Group Meetings. The online session can be setup as follows:

1. Locate the aforementioned laptop.
2. Find its power supply adapter.
3. Put the laptop on a table near the pack of cables hanging down from the ceiling roughly in the middle of the room.
4. Connect the power supply adapter to 230V socket and to the laptop.
5. Power up the laptop by pressing the power button located just left of the delete key which is in the top right corner of the keyboard and double-check it is not running only on the battery.
6. Connect a mouse to the laptop - it is really needed for any actual directing of the session.
7. Go to the audio mixing table - by the time of this writing, it is located by the 3rd window pair counting from the entrance
8. At the table, search for and pick up:
   • red/black USB device for capturing HDMI output
   • blue USB-A to USB-A USB 3.0 cable
   • (probably black) HDMI cable of sufficient length (2m should be OK)
9. Get back to the laptop and connect the HDMI capture device to the remaining USB-A port of the laptop.
10. Start the Chromium browser and load the meeting URL (see above).
11. Grab the HDMI cable going from the projector just under the ceiling and connect it to the integrated HDMI port on the right hand side of the laptop (next to the power supply connector).
12. Power up the projector using the “Optoma” remote clipped to the pack of cables slightly above the table. You need to press the red power button in the top left corner twice and the red light on the projector should change to blue.
13. Ensure the system is configured to use the external projector as secondary / separate screen.
14. Move the Chromium browser window to the secondary screen and put it in the full-screen mode. Beware - without Fn-Lock, the F11 key puts the laptop in the Airplane Mode.
15. Start OBS Studio (it is installed).
16. If it asks for the permission to share a screen window, check it is the Chromium browser window you have just opened and allow sharing.
17. In the “Scene Collections” menu at the top of OBS Studio's window, check whether “LedumMeeting” is selected and select it if it is not.
18. Select the “Default” scene in the lower left corner of the window.
19. Ensure the laptop's internal camera located just above its display has its cap open.
20. In the sources list right to the scene selection of the previous step, check and ensure:
    • The “JitsiWindow” source shares the Chromium browser window opened earlier.
    • The “SpeakerCamera” displays the image from the front camera facing the director of the session (that is typically you).
    • The “HDMICapture” properly sees whatever you connect to it (typically use another laptop to double-check).
21. Now that everything is ready, click the “Start Virtual Camera” button in the lower right corner (fourth from the bottom). You may need to enter the password “brmbrm”.
22. Go back to Chromium browser window and select the newly created “OBS Camera” as the primary video source for the Jitsi meeting.
23. Go back to OBS Studio and select the “Intro” scene and you are ready to go.

• 2024-10-10 16:00 tma - Verilog I: Introduction to Verilog (CZ)
• 2024-10-24 16:00 tma - Verilog II: Register Bank in Verliog (CZ)
• 2024-10-31 16:00 joe - Lambda Calculus I: Introduction to Lambda Calculus (CZ)
• 2024-11-07 18:00 tma - Verilog III: Advanced Verilog (CZ)
• 2024-11-14 16:00 sachy - Assembler on Mainframes (CZ)
• 2024-11-21 18:00 Yokotashi - Introduction to Electronics (CZ)
• 2024-11-28 16:00 tma - Verilog IV: Testbenches (CZ)
• 2024-12-05 16:00 joe - Lambda Calculus II: Lexical Scoping and Evaluator Implementation (CZ)
• 2024-12-12 16:00 ccx – History of Capability Systems I (CZ)
• 2025-01-09 17:00 hexo – Adders and Multipliers (CZ/SK)

Warning: This part may change wildly at this stage.

• 64 GPR
• upto 64 PTR (Pointer registers)
• special registers (CS:IP and several configuration registers probably)
• No flag register (flags are going either to another GPR or to a special 4-bits adjacent to every GPR), this should help future with parallelization

• Fat Pointers supported and tested by HW
• Ultra Fat Pointers supported and tested by HW, can't be dereferenced outside the CS stored inside them

• All RAM and registers is tagged, so ALU knows which type it's operating on and pointer cannot be created freely
• Types: int, uint, float in 4, 8 … 64 bit lengths fit in vector 64-bit long; Fat pointer, Ultra fat pointer

• scheduler
• memory allocator
• IO allocator
• message broker
• garbage collector
• process creator

Note: Any fiber can provide those services to others using it's resources. But the initial providers have all available resources and ability ru run privileged instructions if it's needed for their jobs.

Terminology

• thread - X has asked scheduler to create it. X is it's parent and can see it's whole memory.
• process - X has asked process creator to create it. Process creator is it' parent and can see it's whole memory. X is it's parent process in process creator's data structures only. X doesn't have access to it's memory.
• fiber - any thread or process
• There may be more process creators. Therefore the same fiber may be viewed as thread (from it's process creator and it's parent threads) and as process (from another process under the same process creator).
• Channel - some way of communicate which is using a tagged handle normal fiber can't create from integer (similar restriction like a FP has)

• has HW capability to change settings of the HW scheduler in the CPU
• shouldn't be GCed probably (although it's data structures may utilize weak pointers)
• works on fibers (doesn't distinguish between process and thread)
• must know CS:IP and time-quota of every fiber
• contains fiber hierarchy
• fiber can push to it (via message containing FP) what childs it wants and how to divide it's time between them. Those information must be converted to absolute values by the scheduler, therefore they can't be used directly from fiber's memory, because that would trigger descent through tree and recalculation for every rescheduling.

• starts with FP to almost all memory (except memory given to other SW services)
• has information about what memory is empty and used
• has information about memory quotas
• when asked through some channel if can either allocate memory and return a FP or “create”#1 a new channel with some part of quota of the calling channel and return the new channel. It can shuffle the quota between already created channels to.
• it manages similar hierarchic structure as scheduler or process creator, but there are channels and their associated quotas in the tree

#1 message handler will do the creation itself, but the channel will be between allocator and anyone who has the complementary handler given to the original caller

• it has capabilities to communicate with the IO somehow (via messages and DMA to FP?)
• it has information about which channel has rights to use what part of IO space
• any channel owner can ask for creating another channel with less rights → therefore the structure is hierarchic
• any channel owner can ask for destruction of channel under it in the hierarchy
• any channel owner can ask it to do some IO and if it has enough rights, that IO will be done
• there may be more fibers behaving as IO allocator - it enables virtualization (lower allocator asks the higher one) and having non-HW IO capabilities (like to send a piece of memory to IP:port via TCP or UDP)

• creates channels and tags their handles. It may create 4 handles at once differing in the lowest 2 bits. Each pair of them is for one way of communication. The lowest bit may specify if the handle is sender or reciever. These handles are tagged, therefore no one else can create them.
• destroys channels after being asked to do so.
• it operates the mesasging HW.
• TODO: specify how the hw and messages itself will work
• TODO: How to ask a message broker for new handles with no handles? Handle 0 may be for communincation with mesage broker and working even without the proper tag? Another instruction?

• collect unused memory
• ignores the FP to the whole RAM in memory allocator
• collects unused handles to communincation channels too (TODO: somehow)

Weak pointers will be needed probably.

- Compressed pointers: https://shipilev.net/jvm/anatomy-quarks/23-compressed-references/

- Read barriers pro concurent scavenger: https://blog.openj9.org/2019/03/25/concurrent-scavenge-garbage-collection-policy/ + HW support https://www.ibm.com/support/pages/pause-less-garbage-collection-java-ibm-z https://www.ibm.com/docs/en/zos/3.1.0?topic=ixg-ieagsf-guarded-storage-facility-services

- Chinual: https://tumbleweed.nu/r/lm-3/uv/chinual.html

- https://pqnelson.github.io/org-notes/comp-sci/lisp/machine/i/architecture.html

As a proof-of-concept an assembly language compiler and IDE support was implemented for a very simple Harvard architecture 8-bit CPU. A graphical emulator for the same simple CPU was created as well. The aim of these tooling efforts is to provide a unified framework for creating custom instruction sets including their assemblers and emulators.

A simple GUI was developed for simulating a SOC written in Verilog.

~~META: status = active &relation firstimage = :project:ledum:320px-ledum_palustre_bluehend.jpg ~~