freakazoid12345 has quit [Ping timeout: 256 seconds]
mahmutov has joined #riscv
freakazoid12345 has joined #riscv
freakazoid343 has quit [Ping timeout: 256 seconds]
kaph has quit [Ping timeout: 260 seconds]
jtm has joined #riscv
winterflaw has quit [Ping timeout: 240 seconds]
<muurkha>
gordonDrogon: nice! I think yosys is enough to support simple CPUs
pecastro has quit [Ping timeout: 260 seconds]
kaph has joined #riscv
<muurkha>
dh`: SIGSEGV is a Unix thing, my plan is to implement this on microcontrollers that can't run Unix because they don't have MMUs. the virtual machine providing software transactional memory is the same thing providing memory safety, for which my plan is to fault in objects from SPI Flash when translating their OOPs into physical memory addresses, which I'll do when I load the OOP into a VM register or stack
sobkas has quit [Remote host closed the connection]
<muurkha>
subsequently indexing into the object will sometimes require a dynamic bounds check, but I'm optimistic that I can elide bounds checks for load-time-known indexes like those of struct fields. but at first I'll just check those dynamicallytoo
<jrtc27>
what if the struct pointer isn't to an actual struct of that type?
<muurkha>
well, to some extent I think it's not the transaction system's problem if the program contains type errors, as long as those don't allow it to forge capabilities
<muurkha>
I think I need to segregate OOPs (capabilities to objects) from "transparent" data like byte strings, though just tagging every word of memory like the B5000 or Smalltalk-80 is a possible alternative
<muurkha>
eliding the bounds checks will require statically knowing that the pointed-to memory segment is at least as big as the one the program was expecting and against which the statically-known indices were checked
<muurkha>
but that's a very weak static type system
<muurkha>
VM vector instructions similar to the V extension might be a viable alternative to that sort of proof-carrying code, though
Molnija has joined #riscv
<dh`>
muurkha: SIGSEGV has an equivalent in every operating environment, except 8-bit CPUs with the address space fully populated (like a C64) in which case you just get UB
<dh`>
I suppose you can have a 32-bit machine with a fully-populated address space as well, but I don't know why you would
<dh`>
anyway the problem is: if you read uncommitted data and that includes pointers, you either need to maintain invariants where every pointer value is always valid (which is likely expensive) or you might read an intermediate state in which the pointer value isn't valid, e.g. uninitialized trash
<dh`>
and if you then go dereference it you end up in trouble
<dh`>
not to mention you might follow a valid pointer that then gets freed/reused while you're looking at the memory it points to
mahmutov has quit [Ping timeout: 272 seconds]
<dh`>
when I did something like this years back I ended up using optimistic timestamp ordering but pessimistic check and abort on conflict
<dh`>
because anything else is just too wobbly
<dh`>
it's not like databases where it doesn't matter if you read garbage values as long as the results computed from them are eventually discarded
<muurkha>
dh`: right, the equivalent in my environment is that you read or write the wrong object, or possibly unmapped memory space
ivii has quit [Remote host closed the connection]
<muurkha>
by "pessimistic check" do you mean something equivalent to "only one transaction is committing at a time"?
<muurkha>
I think I can avoid reading a partially overwritten OOP by not overwriting existing objects
<muurkha>
reading or writing some random object would be catastrophic for me because it would amount to a way to forge capabilities, which is far worse than crashing
<muurkha>
my current thinking on freeing objects is to have a systemwide persistent garbage collector, and this is one of the things I'm most doubtful about because I've never seen a working persistent cyclic garbage collector
<muurkha>
LOOM claimed to have one but I don't think LOOM ever really worked, it was just a prototype?